Remove --enable-brov6 flag, IPv6 now supported by default.

Internally, all BROv6 preprocessor switches were removed and addr/subnet representations wrapped in the new IPAddr/IPPrefix classes. Some script-layer changes of note: - dns_AAAA_reply event signature changed: the string representation of an IPv6 addr is easily derived from the addr value, it doesn't need to be another parameter. This event also now generated directly by the DNS analyzer instead of being "faked" into a dns_A_reply event. - removed addr_to_count BIF. It used to return the host-order count representation of IPv4 addresses only. To make it more generic, we might later add a BIF to return a vector of counts in order to support IPv6. - changed the result of enclosing addr variables in vertical pipes (e.g. |my_addr|) to return the bit-width of the address type which is 128 for IPv6 and 32 for IPv4. It used to function the same way as addr_to_count mentioned above. - remove bro_has_ipv6 BIF
2025-10-02 14:48:21 +00:00 · 2012-02-03 16:20:15 -06:00 · 2012-02-03 16:20:15 -06:00 · b3f1f45082
commit b3f1f45082
parent 2c439fd0a2
85 changed files with 1428 additions and 1684 deletions
--- a/config.h.in
+++ b/config.h.in
@ -1,6 +1,3 @@
 /* enable IPV6 processing */
 #cmakedefine BROv6
 /* Old libpcap versions (< 0.6.1) need defining pcap_freecode and
   pcap_compile_nopcap */
 #cmakedefine DONT_HAVE_LIBPCAP_PCAP_FREECODE
--- a/4
+++ b/4
@ -92,7 +92,6 @@ append_cache_entry BRO_ROOT_DIR         PATH   /usr/local/bro
 append_cache_entry PY_MOD_INSTALL_DIR   PATH   /usr/local/bro/lib/broctl
 append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING /usr/local/bro/share/bro
 append_cache_entry ENABLE_DEBUG         BOOL   false
 append_cache_entry BROv6                BOOL   false
 append_cache_entry ENABLE_PERFTOOLS     BOOL   false
 append_cache_entry BinPAC_SKIP_INSTALL  BOOL   true
 append_cache_entry BUILD_SHARED_LIBS    BOOL   true
@ -134,9 +133,6 @@ while [ $# -ne 0 ]; do
        --enable-debug)
            append_cache_entry ENABLE_DEBUG         BOOL   true
            ;;
        --enable-brov6)
            append_cache_entry BROv6                BOOL   true
            ;;
        --enable-perftools)
            append_cache_entry ENABLE_PERFTOOLS     BOOL   true
            ;;
--- a/scripts/base/frameworks/packet-filter/main.bro
+++ b/scripts/base/frameworks/packet-filter/main.bro
@ -85,13 +85,8 @@ function build_default_filter(): string
 		return cmd_line_bpf_filter;
 	if ( all_packets )
 		{
 		# Return an "always true" filter.
 		if ( bro_has_ipv6() )
 		return "ip or not ip";
 		else
 			return "not ip6";
 		}
 	# Build filter dynamically.
@ -110,10 +105,6 @@ function build_default_filter(): string
 	if ( unrestricted_filter != "" )
 		filter = combine_filters(unrestricted_filter, filter, "or");
 	# Exclude IPv6 if we don't support it.
 	if ( ! bro_has_ipv6() )
 		filter = combine_filters(filter, "not ip6", "and");
 	return filter;
 	}
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@ -261,10 +261,13 @@ event dns_TXT_reply(c: connection, msg: dns_msg, ans: dns_answer, str: string) &
 	event DNS::do_reply(c, msg, ans, str);
 	}
-event dns_AAAA_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr,
+event dns_AAAA_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priority=5
-                     astr: string) &priority=5
+	{
 	event DNS::do_reply(c, msg, ans, fmt("%s", a));
 	}
 event dns_A6_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priority=5
 	{
 	# TODO: What should we do with astr?
 	event DNS::do_reply(c, msg, ans, fmt("%s", a));
 	}
--- a/src/Anon.cc
+++ b/src/Anon.cc
@ -153,7 +153,9 @@ void AnonymizeIPAddr_A50::init()
 int AnonymizeIPAddr_A50::PreservePrefix(ipaddr32_t input, int num_bits)
 	{
-	DEBUG_MSG("%s/%d\n", dotted_addr(input), num_bits);
+	DEBUG_MSG("%s/%d\n",
 			string(IPAddr(IPAddr::IPv4, &input, IPAddr::Network)).c_str(),
 			num_bits);
 	if ( ! before_anonymization )
 		{
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -330,6 +330,7 @@ set(bro_SRCS
    IntSet.cc
    InterConn.cc
    IOSource.cc
    IPAddr.cc
    IRC.cc
    List.cc
    Reporter.cc
--- a/src/CompHash.cc
+++ b/src/CompHash.cc
@ -110,37 +110,27 @@ char* CompositeHash::SingleValHash(int type_check, char* kp0,
 		// Use uint32 instead of int, because 'int' is not
 		// guaranteed to be 32-bit.
 		uint32* kp = AlignAndPadType<uint32>(kp0);
-#ifdef BROv6
+		uint32 bytes[4];
-		const addr_type av = v->AsAddr();
+		v->AsAddr()->CopyIPv6(bytes);
-		kp[0] = av[0];
+		kp[0] = bytes[0];
-		kp[1] = av[1];
+		kp[1] = bytes[1];
-		kp[2] = av[2];
+		kp[2] = bytes[2];
-		kp[3] = av[3];
+		kp[3] = bytes[3];
 		kp1 = reinterpret_cast<char*>(kp+4);
 #else
 		*kp = v->AsAddr();
 		kp1 = reinterpret_cast<char*>(kp+1);
 #endif
 		}
 		break;
 	case TYPE_INTERNAL_SUBNET:
 		{
 		uint32* kp = AlignAndPadType<uint32>(kp0);
-#ifdef BROv6
+		uint32 bytes[4];
-		const subnet_type* sv = v->AsSubNet();
+		v->AsSubNet()->Prefix().CopyIPv6(bytes);
-		kp[0] = sv->net[0];
+		kp[0] = bytes[0];
-		kp[1] = sv->net[1];
+		kp[1] = bytes[1];
-		kp[2] = sv->net[2];
+		kp[2] = bytes[2];
-		kp[3] = sv->net[3];
+		kp[3] = bytes[3];
-		kp[4] = sv->width;
+		kp[4] = v->AsSubNet()->Length();
 		kp1 = reinterpret_cast<char*>(kp+5);
 #else
 		const subnet_type* sv = v->AsSubNet();
 		kp[0] = sv->net;
 		kp[1] = sv->width;
 		kp1 = reinterpret_cast<char*>(kp+2);
 #endif
 		}
 		break;
@ -283,26 +273,25 @@ HashKey* CompositeHash::ComputeSingletonHash(const Val* v, int type_check) const
 	if ( type_check && v->Type()->InternalType() != singleton_tag )
 		return 0;
 	uint32 tmp_addr;
 	switch ( singleton_tag ) {
 	case TYPE_INTERNAL_INT:
 	case TYPE_INTERNAL_UNSIGNED:
 		return new HashKey(v->ForceAsInt());
 	case TYPE_INTERNAL_ADDR:
-#ifdef BROv6
+		{
-		return new HashKey(v->AsAddr(), 4);
+		uint32 bytes[4];
-#else
+		v->AsAddr()->CopyIPv6(bytes);
-		return new HashKey(v->AsAddr());
+		return new HashKey((void*)bytes, 4 * sizeof(uint32));
-#endif
+		}
 	case TYPE_INTERNAL_SUBNET:
-#ifdef BROv6
+		{
-		return new HashKey((const uint32*) v->AsSubNet(), 5);
+		uint32 bytes[5];
-#else
+		v->AsSubNet()->Prefix().CopyIPv6(bytes);
-		return new HashKey((const uint32*) v->AsSubNet(), 2);
+		bytes[4] = v->AsSubNet()->Length();
-
+		return new HashKey((void*)bytes, 5 * sizeof(uint32));
-#endif
+		}
 	case TYPE_INTERNAL_DOUBLE:
 		return new HashKey(v->InternalDouble());
@ -350,22 +339,13 @@ int CompositeHash::SingleTypeKeySize(BroType* bt, const Val* v,
 		break;
 	case TYPE_INTERNAL_ADDR:
 #ifdef BROv6
 		sz = SizeAlign(sz, sizeof(uint32));
 		sz += sizeof(uint32) * 3;	// to make a total of 4 words
 #else
 		sz = SizeAlign(sz, sizeof(uint32));
 #endif
 		break;
 	case TYPE_INTERNAL_SUBNET:
 #ifdef BROv6
 		sz = SizeAlign(sz, sizeof(uint32));
 		sz += sizeof(uint32) * 4;	// to make a total of 5 words
 #else
 		sz = SizeAlign(sz, sizeof(uint32));
 		sz += sizeof(uint32);	// make room for width
 #endif
 		break;
 	case TYPE_INTERNAL_DOUBLE:
@ -602,16 +582,11 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
 	case TYPE_INTERNAL_ADDR:
 		{
 		const uint32* const kp = AlignType<uint32>(kp0);
 #ifdef BROv6
 		const_addr_type addr_val = kp;
 		kp1 = reinterpret_cast<const char*>(kp+4);
-#else
+		IPAddr addr(IPAddr::IPv6, kp, IPAddr::Network);
 		const_addr_type addr_val = *kp;
 		kp1 = reinterpret_cast<const char*>(kp+1);
 #endif
 		switch ( tag ) {
 		case TYPE_ADDR:
-			pval = new AddrVal(addr_val);
+			pval = new AddrVal(addr);
 			break;
 		default:
@ -624,12 +599,9 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
 	case TYPE_INTERNAL_SUBNET:
 		{
-		const subnet_type* const kp =
+		const uint32* const kp = AlignType<uint32>(kp0);
-			reinterpret_cast<const subnet_type*>(
+		kp1 = reinterpret_cast<const char*>(kp+5);
-				AlignType<uint32>(kp0));
+		pval = new SubNetVal(kp, kp[4]);
 		kp1 = reinterpret_cast<const char*>(kp+1);
 		pval = new SubNetVal(kp->net, kp->width);
 		}
 		break;
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -24,15 +24,15 @@ HashKey* ConnID::BuildConnKey() const
 	if ( is_one_way ||
 	     addr_port_canon_lt(src_addr, src_port, dst_addr, dst_port) )
 		{
-		copy_addr(src_addr, key.ip1);
+		key.ip1 = src_addr;
-		copy_addr(dst_addr, key.ip2);
+		key.ip2 = dst_addr;
 		key.port1 = src_port;
 		key.port2 = dst_port;
 		}
 	else
 		{
-		copy_addr(dst_addr, key.ip1);
+		key.ip1 = dst_addr;
-		copy_addr(src_addr, key.ip2);
+		key.ip2 = src_addr;
 		key.port1 = dst_port;
 		key.port2 = src_port;
 		}
@ -143,8 +143,8 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id)
 	key = k;
 	start_time = last_time = t;
-	copy_addr(id->src_addr, orig_addr);
+	orig_addr = id->src_addr;
-	copy_addr(id->dst_addr, resp_addr);
+	resp_addr = id->dst_addr;
 	orig_port = id->src_port;
 	resp_port = id->dst_port;
 	proto = TRANSPORT_UNKNOWN;
@ -521,7 +521,7 @@ Val* Connection::BuildVersionVal(const char* s, int len)
 	return sw;
 	}
-int Connection::VersionFoundEvent(const uint32* addr, const char* s, int len,
+int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len,
 					Analyzer* analyzer)
 	{
 	if ( ! software_version_found && ! software_parse_error )
@ -559,7 +559,7 @@ int Connection::VersionFoundEvent(const uint32* addr, const char* s, int len,
 	return 1;
 	}
-int Connection::UnparsedVersionFoundEvent(const uint32* addr,
+int Connection::UnparsedVersionFoundEvent(const IPAddr& addr,
 					const char* full, int len, Analyzer* analyzer)
 	{
 	// Skip leading white space.
@ -693,10 +693,9 @@ TimerMgr* Connection::GetTimerMgr() const
 void Connection::FlipRoles()
 	{
-	uint32 tmp_addr[NUM_ADDR_WORDS];
+	IPAddr tmp_addr = resp_addr;
-	copy_addr(resp_addr, tmp_addr);
+	orig_addr = resp_addr;
-	copy_addr(orig_addr, resp_addr);
+	resp_addr = tmp_addr;
 	copy_addr(tmp_addr, orig_addr);
 	uint32 tmp_port = resp_port;
 	resp_port = orig_port;
@ -752,14 +751,14 @@ void Connection::Describe(ODesc* d) const
 		}
 	d->SP();
-	d->Add(dotted_addr(orig_addr));
+	d->Add(string(orig_addr).c_str());
 	d->Add(":");
 	d->Add(ntohs(orig_port));
 	d->SP();
 	d->AddSP("->");
-	d->Add(dotted_addr(resp_addr));
+	d->Add(string(resp_addr).c_str());
 	d->Add(":");
 	d->Add(ntohs(resp_port));
@ -782,8 +781,12 @@ bool Connection::DoSerialize(SerialInfo* info) const
 	// First we write the members which are needed to
 	// create the HashKey.
-	for ( int j = 0; j < NUM_ADDR_WORDS; ++j )
+	uint32 orig_a[4];
-		if ( ! SERIALIZE(orig_addr[j]) || ! SERIALIZE(resp_addr[j]) )
+	uint32 resp_a[4];
 	orig_addr.CopyIPv6(orig_a);
 	resp_addr.CopyIPv6(resp_a);
 	for ( int j = 0; j < 4; ++j )
 		if ( ! SERIALIZE(orig_a[j]) || ! SERIALIZE(resp_a[j]) )
 			return false;
 	if ( ! SERIALIZE(orig_port) || ! SERIALIZE(resp_port) )
@ -830,14 +833,19 @@ bool Connection::DoUnserialize(UnserialInfo* info)
 	// Build the hash key first. Some of the recursive *::Unserialize()
 	// functions may need it.
-	for ( int i = 0; i < NUM_ADDR_WORDS; ++i )
+	ConnID id;
-		if ( ! UNSERIALIZE(&orig_addr[i]) || ! UNSERIALIZE(&resp_addr[i]) )
+	uint32 orig_a[4];
 	uint32 resp_a[4];
 	for ( int i = 0; i < 4; ++i )
 		if ( ! UNSERIALIZE(&orig_a[i]) || ! UNSERIALIZE(&resp_a[i]) )
 			goto error;
 	orig_addr = IPAddr(IPAddr::IPv6, orig_a, IPAddr::Network);
 	resp_addr = IPAddr(IPAddr::IPv6, resp_a, IPAddr::Network);
 	if ( ! UNSERIALIZE(&orig_port) || ! UNSERIALIZE(&resp_port) )
 		goto error;
 	ConnID id;
 	id.src_addr = orig_addr;
 	id.dst_addr = resp_addr;
 	// This doesn't work for ICMP. But I guess this is not really important.
--- a/src/Conn.h
+++ b/src/Conn.h
@ -12,6 +12,7 @@
 #include "PersistenceSerializer.h"
 #include "RuleMatcher.h"
 #include "AnalyzerTags.h"
 #include "IPAddr.h"
 class Connection;
 class ConnectionTimer;
@ -32,8 +33,8 @@ typedef enum {
 typedef void (Connection::*timer_func)(double t);
 struct ConnID {
-	const uint32* src_addr;
+	IPAddr src_addr;
-	const uint32* dst_addr;
+	IPAddr dst_addr;
 	uint32 src_port;
 	uint32 dst_port;
 	bool is_one_way;	// if true, don't canonicalize
@ -49,17 +50,20 @@ struct ConnID {
 	// The structure used internally for hashing.
 	struct Key {
-		uint32 ip1[NUM_ADDR_WORDS];
+		IPAddr ip1;
-		uint32 ip2[NUM_ADDR_WORDS];
+		IPAddr ip2;
 		uint16 port1;
 		uint16 port2;
 	};
 };
-static inline int addr_port_canon_lt(const uint32* a1, uint32 p1,
+static inline int addr_port_canon_lt(const IPAddr& addr1, uint32 p1,
-					const uint32* a2, uint32 p2)
+					const IPAddr& addr2, uint32 p2)
 	{
-#ifdef BROv6
+	uint32 a1[4];
 	uint32 a2[4];
 	addr1.CopyIPv6(a1);
 	addr2.CopyIPv6(a2);
 	// Because it's a canonical ordering, not a strict ordering,
 	// we can choose to give more weight to the least significant
 	// word than to the most significant word.  This matters
@ -75,9 +79,6 @@ static inline int addr_port_canon_lt(const uint32* a1, uint32 p1,
 		     (a1[0] < a2[0] ||
 		      (a1[0] == a2[0] &&
 		       p1 < p2)))))));
 #else
 	return *a1 < *a2 || (*a1 == *a2 && p1 < p2);
 #endif
 	}
 class Analyzer;
@ -119,8 +120,8 @@ public:
 	double LastTime() const			{ return last_time; }
 	void SetLastTime(double t) 		{ last_time = t; }
-	const uint32* OrigAddr() const		{ return orig_addr; }
+	const IPAddr& OrigAddr() const		{ return orig_addr; }
-	const uint32* RespAddr() const		{ return resp_addr; }
+	const IPAddr& RespAddr() const		{ return resp_addr; }
 	uint32 OrigPort() const			{ return orig_port; }
 	uint32 RespPort() const			{ return resp_port; }
@ -185,11 +186,11 @@ public:
 	// Raises a software_version_found event based on the
 	// given string (returns false if it's not parseable).
-	int VersionFoundEvent(const uint32* addr, const char* s, int len,
+	int VersionFoundEvent(const IPAddr& addr, const char* s, int len,
 				Analyzer* analyzer = 0);
 	// Raises a software_unparsed_version_found event.
-	int UnparsedVersionFoundEvent(const uint32* addr,
+	int UnparsedVersionFoundEvent(const IPAddr& addr,
 			const char* full_descr, int len, Analyzer* analyzer);
 	void Event(EventHandlerPtr f, Analyzer* analyzer, const char* name = 0);
@ -325,8 +326,8 @@ protected:
 	TimerMgr::Tag* conn_timer_mgr;
 	timer_list timers;
-	uint32 orig_addr[NUM_ADDR_WORDS];	// in network order
+	IPAddr orig_addr;
-	uint32 resp_addr[NUM_ADDR_WORDS];	// in network order
+	IPAddr resp_addr;
 	uint32 orig_port, resp_port;	// in network order
 	TransportProto proto;
 	double start_time, last_time;
--- a/src/ConnCompressor.cc
+++ b/src/ConnCompressor.cc
@ -235,7 +235,7 @@ Connection* ConnCompressor::NextPacket(double t, HashKey* key, const IP_Hdr* ip,
 			tc = FirstFromOrig(t, key, ip, tp);
 		}
-	else if ( addr_eq(ip->SrcAddr(), SrcAddr(pending)) &&
+	else if ( ip->SrcAddr() == SrcAddr(pending) &&
 		  tp->th_sport == SrcPort(pending) )
 		// Another packet from originator.
 		tc = NextFromOrig(pending, t, key, ip, tp);
@ -541,7 +541,7 @@ Connection* ConnCompressor::Instantiate(HashKey* key, PendingConn* pending)
 				sessions->BuildHeader(faked_pkt->IP4_Hdr()));
 	// NewConn() may have swapped originator and responder.
-	int is_orig = addr_eq(conn_id.src_addr, new_conn->OrigAddr()) &&
+	int is_orig = conn_id.src_addr == new_conn->OrigAddr() &&
 			conn_id.src_port == new_conn->OrigPort();
 	// Pass the faked packet to the connection.
@ -607,7 +607,7 @@ void ConnCompressor::PktHdrToPendingConn(double time, const HashKey* key,
 	memcpy(&c->key, key->Key(), key->Size());
 	c->hash = key->Hash();
-	c->ip1_is_src = addr_eq(c->key.ip1, ip->SrcAddr()) &&
+	c->ip1_is_src = c->key.ip1 == ip->SrcAddr() &&
 			c->key.port1 == tp->th_sport;
 	c->time = time;
 	c->window = tp->th_win;
@ -659,14 +659,26 @@ const IP_Hdr* ConnCompressor::PendingConnToPacket(const PendingConn* c)
 	// Note, do *not* use copy_addr() here.  This is because we're
 	// copying to an IPv4 header, which has room for exactly and
 	// only an IPv4 address.
-#ifdef BROv6
+	if ( c->key.ip1.family() == IPAddr::IPv6 ||
-	if ( ! is_v4_addr(c->key.ip1) || ! is_v4_addr(c->key.ip2) )
+	     c->key.ip2.family() == IPAddr::IPv6 )
 		reporter->InternalError("IPv6 snuck into connection compressor");
-#endif
+	else
-	*(uint32*) &ip->ip_src =
+		{
-			to_v4_addr(c->ip1_is_src ? c->key.ip1 : c->key.ip2);
+		const uint32* src_bytes;
-	*(uint32*) &ip->ip_dst =
+		const uint32* dst_bytes;
-			to_v4_addr(c->ip1_is_src ? c->key.ip2 : c->key.ip1);
+		if ( c->ip1_is_src )
 			{
 			c->key.ip1.GetBytes(&src_bytes);
 			c->key.ip2.GetBytes(&dst_bytes);
 			}
 		else
 			{
 			c->key.ip2.GetBytes(&src_bytes);
 			c->key.ip1.GetBytes(&dst_bytes);
 			}
 		memcpy(&ip->ip_src, src_bytes, sizeof(ip->ip_src));
 		memcpy(&ip->ip_dst, dst_bytes, sizeof(ip->ip_dst));
 		}
 	if ( c->ip1_is_src )
 		{
--- a/src/ConnCompressor.h
+++ b/src/ConnCompressor.h
@ -105,9 +105,9 @@ public:
 private:
 	// Helpers to extract addrs/ports from PendingConn.
-	const uint32* SrcAddr(const PendingConn* c)
+	const IPAddr& SrcAddr(const PendingConn* c)
 		{ return c->ip1_is_src ? c->key.ip1 : c->key.ip2; }
-	const uint32* DstAddr(const PendingConn* c)
+	const IPAddr& DstAddr(const PendingConn* c)
 		{ return c->ip1_is_src ? c->key.ip2 : c->key.ip1; }
 	uint16 SrcPort(const PendingConn* c)
--- a/src/DCE_RPC.cc
+++ b/src/DCE_RPC.cc
@ -137,12 +137,10 @@ static bool is_mapped_dce_rpc_endpoint(const dce_rpc_endpoint_addr& addr)
 bool is_mapped_dce_rpc_endpoint(const ConnID* id, TransportProto proto)
 	{
-#ifdef BROv6
+	if ( id->dst_addr.family() == IPAddr::IPv6 )
 	if ( ! is_v4_addr(id->dst_addr) )
 		return false;
 #endif
 	dce_rpc_endpoint_addr addr;
-	addr.addr = ntohl(to_v4_addr(id->dst_addr));
+	addr.addr = id->dst_addr;
 	addr.port = ntohs(id->dst_port);
 	addr.proto = proto;
@ -160,12 +158,7 @@ static void add_dce_rpc_endpoint(const dce_rpc_endpoint_addr& addr,
 	// of the dce_rpc_endpoints table.
 	// FIXME: Don't hard-code the timeout.
-	// Convert the address to a v4/v6 address (depending on how
+	dpm->ExpectConnection(IPAddr(), addr.addr, addr.port, addr.proto,
 	// Bro was configured).  This is all based on the address currently
 	// being a 32-bit host-order v4 address.
 	AddrVal a(htonl(addr.addr));
 	const addr_type at = a.AsAddr();
 	dpm->ExpectConnection(0, at, addr.port, addr.proto,
 				AnalyzerTag::DCE_RPC, 5 * 60, 0);
 	}
@ -418,8 +411,8 @@ void DCE_RPC_Session::DeliverEpmapperMapResponse(
 					break;
 				case binpac::DCE_RPC_Simple::EPM_PROTOCOL_IP:
-					mapped.addr.addr =
+					uint32 hostip = floor->rhs()->data()->ip();
-						floor->rhs()->data()->ip();
+					mapped.addr.addr = IPAddr(IPAddr::IPv4, &hostip, IPAddr::Host);
 					break;
 				}
 				}
@ -433,7 +426,7 @@ void DCE_RPC_Session::DeliverEpmapperMapResponse(
 				vl->append(analyzer->BuildConnVal());
 				vl->append(new StringVal(mapped.uuid.to_string()));
 				vl->append(new PortVal(mapped.addr.port, mapped.addr.proto));
-				vl->append(new AddrVal(htonl(mapped.addr.addr)));
+				vl->append(new AddrVal(mapped.addr.addr));
 				analyzer->ConnectionEvent(epm_map_response, vl);
 				}
--- a/src/DCE_RPC.h
+++ b/src/DCE_RPC.h
@ -8,6 +8,7 @@
 #include "NetVar.h"
 #include "TCP.h"
 #include "IPAddr.h"
 #include "dce_rpc_simple_pac.h"
@ -33,20 +34,20 @@ protected:
 const char* uuid_to_string(const u_char* uuid_data);
 struct dce_rpc_endpoint_addr {
-	// All fields are in host byteorder.
+	// All fields except addr are in host byteorder.
-	uint32 addr;
+	IPAddr addr;
 	u_short port;
 	TransportProto proto;
 	dce_rpc_endpoint_addr()
 		{
-		addr = 0;
+		addr = IPAddr();
 		port = 0;
 		proto = TRANSPORT_UNKNOWN;
 		}
 	bool is_valid_addr() const
-		{ return addr != 0 && port != 0 && proto != TRANSPORT_UNKNOWN; }
+		{ return addr != IPAddr() && port != 0 && proto != TRANSPORT_UNKNOWN; }
 	bool operator<(dce_rpc_endpoint_addr const &e) const
 		{
@ -64,7 +65,7 @@ struct dce_rpc_endpoint_addr {
 		{
 		static char buf[128];
 		snprintf(buf, sizeof(buf), "%s/%d/%s",
-			dotted_addr(htonl(addr)), port,
+			string(addr).c_str(), port,
 			proto == TRANSPORT_TCP ? "tcp" :
 			(proto == TRANSPORT_UDP ? "udp" : "?"));
--- a/src/DNS.cc
+++ b/src/DNS.cc
@ -758,17 +758,11 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg,
 int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg,
 				const u_char*& data, int& len, int rdlength)
 	{
 	// We need to parse an IPv6 address, high-order byte first.
 	// ### Currently, we fake an A reply rather than an AAAA reply,
 	// since for the latter we won't be able to express the full
 	// address (unless Bro was compiled for IPv6 addresses).  We do
 	// this fake by using just the bottom 4 bytes of the IPv6 address.
 	uint32 addr[4];
 	int i;
-	for ( i = 0; i < 4; ++i )
+	for ( int i = 0; i < 4; ++i )
 		{
-		addr[i] = ntohl(ExtractLong(data, len));
+		addr[i] = htonl(ExtractLong(data, len));
 		if ( len < 0 )
 			{
@ -777,23 +771,6 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg,
 			}
 		}
 	// Currently, dns_AAAA_reply is treated like dns_A_reply, since
 	// IPv6 addresses are not generally processed.  This needs to be
 	// fixed. ###
 	if ( dns_A_reply && ! msg->skip_event )
 		{
 		val_list* vl = new val_list;
 		vl->append(analyzer->BuildConnVal());
 		vl->append(msg->BuildHdrVal());
 		vl->append(msg->BuildAnswerVal());
 		vl->append(new AddrVal(htonl(addr[3])));
 		analyzer->ConnectionEvent(dns_A_reply, vl);
 		}
 #if 0
 alternative AAAA code from Chris
 	if ( dns_AAAA_reply && ! msg->skip_event )
 		{
 		val_list* vl = new val_list;
@ -801,19 +778,9 @@ alternative AAAA code from Chris
 		vl->append(analyzer->BuildConnVal());
 		vl->append(msg->BuildHdrVal());
 		vl->append(msg->BuildAnswerVal());
 #ifdef BROv6
 		// FIXME: might need to htonl the addr first
 		vl->append(new AddrVal(addr));
 #else
 		vl->append(new AddrVal((uint32)0x0000));
 #endif
 		char addrstr[INET6_ADDRSTRLEN];
 		inet_ntop(AF_INET6, addr, addrstr, INET6_ADDRSTRLEN);
 		vl->append(new StringVal(addrstr));
 		analyzer->ConnectionEvent(dns_AAAA_reply, vl);
 		}
 #endif
 	return 1;
 	}
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@ -95,7 +95,10 @@ public:
 	const char* ReqHost() const	{ return req_host; }
 	uint32 ReqAddr() const		{ return req_addr; }
 	const char* ReqStr() const
-		{ return req_host ? req_host : dotted_addr(ReqAddr());  }
+		{
 		return req_host ? req_host :
 		    string(IPAddr(IPAddr::IPv4, &req_addr, IPAddr::Network)).c_str();
 		}
 	ListVal* Addrs();
 	TableVal* AddrsSet();	// addresses returned as a set
@ -195,7 +198,13 @@ DNS_Mapping::DNS_Mapping(FILE* f)
 	if ( is_req_host )
 		req_host = copy_string(req_buf);
 	else
-		req_addr = dotted_to_addr(req_buf);
+		{
 		string s(req_buf);
 		IPAddr addr(s);
 		const uint32* bytes;
 		addr.GetBytes(&bytes);
 		req_addr = *bytes; //FIXME: IPv6 support
 		}
 	num_names = 1;
 	names = new char*[num_names];
@ -217,7 +226,11 @@ DNS_Mapping::DNS_Mapping(FILE* f)
 			if ( newline )
 				*newline = '\0';
-			addrs[i] = dotted_to_addr(buf);
+			string s(buf);
 			IPAddr addr(s);
 			const uint32* bytes;
 			addr.GetBytes(&bytes);
 			addrs[i] = *bytes; //FIXME IPv6 support
 			}
 		}
 	else
@ -336,12 +349,14 @@ void DNS_Mapping::Clear()
 void DNS_Mapping::Save(FILE* f) const
 	{
 	fprintf(f, "%.0f %d %s %d %s %d\n", creation_time, req_host != 0,
-		req_host ? req_host : dotted_addr(req_addr),
+		req_host ? req_host :
 			string(IPAddr(IPAddr::IPv4, &req_addr, IPAddr::Network)).c_str(),
 		failed, (names && names[0]) ? names[0] : "*",
 		num_addrs);
 	for ( int i = 0; i < num_addrs; ++i )
-		fprintf(f, "%s\n", dotted_addr(addrs[i]));
+		fprintf(f, "%s\n",
 		    string(IPAddr(IPAddr::IPv4, &addrs[i], IPAddr::Network)).c_str());
 	}
@ -491,8 +506,9 @@ Val* DNS_Mgr::LookupAddr(uint32 addr)
 				return d->Host();
 			else
 				{
-				reporter->Warning("can't resolve IP address: %s", dotted_addr(addr));
+				string s = IPAddr(IPAddr::IPv4, &addr, IPAddr::Network);
-				return new StringVal(dotted_addr(addr));
+				reporter->Warning("can't resolve IP address: %s", s.c_str());
 				return new StringVal(s.c_str());
 				}
 			}
 		}
@ -505,7 +521,7 @@ Val* DNS_Mgr::LookupAddr(uint32 addr)
 	case DNS_FORCE:
 		reporter->FatalError("can't find DNS entry for %s in cache",
-				dotted_addr(addr));
+		    string(IPAddr(IPAddr::IPv4, &addr, IPAddr::Network)).c_str());
 		return 0;
 	case DNS_DEFAULT:
@ -774,17 +790,13 @@ ListVal* DNS_Mgr::AddrListDelta(ListVal* al1, ListVal* al2)
 	for ( int i = 0; i < al1->Length(); ++i )
 		{
-		addr_type al1_i = al1->Index(i)->AsAddr();
+		const IPAddr* al1_i = al1->Index(i)->AsAddr();
 		int j;
 		for ( j = 0; j < al2->Length(); ++j )
 			{
-			addr_type al2_j = al2->Index(j)->AsAddr();
+			const IPAddr* al2_j = al2->Index(j)->AsAddr();
-#ifdef BROv6
+			if ( *al1_i == *al2_j )
 			if ( addr_eq(al1_i, al2_j) )
 #else
 			if ( al1_i == al2_j )
 #endif
 				break;
 			}
@ -800,8 +812,8 @@ void DNS_Mgr::DumpAddrList(FILE* f, ListVal* al)
 	{
 	for ( int i = 0; i < al->Length(); ++i )
 		{
-		addr_type al_i = al->Index(i)->AsAddr();
+		const IPAddr* al_i = al->Index(i)->AsAddr();
-		fprintf(f, "%s%s", i > 0 ? "," : "", dotted_addr(al_i));
+		fprintf(f, "%s%s", i > 0 ? "," : "", string(*al_i).c_str());
 		}
 	}
--- a/src/DNS_Mgr.h
+++ b/src/DNS_Mgr.h
@ -12,6 +12,7 @@
 #include "Dict.h"
 #include "EventHandler.h"
 #include "IOSource.h"
 #include "IPAddr.h"
 class Val;
 class ListVal;
--- a/src/DPM.cc
+++ b/src/DPM.cc
@ -11,48 +11,24 @@
 #include "ConnSizeAnalyzer.h"
-ExpectedConn::ExpectedConn(const uint32* _orig, const uint32* _resp,
+ExpectedConn::ExpectedConn(const IPAddr& _orig, const IPAddr& _resp,
 				uint16 _resp_p, uint16 _proto)
 	{
-	if ( orig )
+	if ( _orig == IPAddr(string("0.0.0.0")) )
-		copy_addr(_orig, orig);
+		// don't use the IPv4 mapping, use the literal unspecified address
 		// to indicate a wildcard
 		orig[0] = orig[1] = orig[2] = orig[3] = 0;
 	else
-		{
+		_orig.CopyIPv6(orig);
-		for ( int i = 0; i < NUM_ADDR_WORDS; ++i )
+	_resp.CopyIPv6(resp);
 			orig[i] = 0;
 		}
 	copy_addr(_resp, resp);
 	resp_p = _resp_p;
 	proto = _proto;
 	}
 ExpectedConn::ExpectedConn(uint32 _orig, uint32 _resp,
 				uint16 _resp_p, uint16 _proto)
 	{
 #ifdef BROv6
 	// Use the IPv4-within-IPv6 convention, as this is what's
 	// needed when we mix uint32's (like in this construction)
 	// with addr_type's (for example, when looking up expected
 	// connections).
 	orig[0] = orig[1] = orig[2] = 0;
 	resp[0] = resp[1] = resp[2] = 0;
 	orig[3] = _orig;
 	resp[3] = _resp;
 #else
 	orig[0] = _orig;
 	resp[0] = _resp;
 #endif
 	resp_p = _resp_p;
 	proto = _proto;
 	}
 ExpectedConn::ExpectedConn(const ExpectedConn& c)
 	{
-	copy_addr(c.orig, orig);
+	memcpy(orig, c.orig, sizeof(orig));
-	copy_addr(c.resp, resp);
+	memcpy(resp, c.resp, sizeof(resp));
 	resp_p = c.resp_p;
 	proto = c.proto;
 	}
@ -168,7 +144,7 @@ AnalyzerTag::Tag DPM::GetExpected(int proto, const Connection* conn)
 	if ( ! a )
 		{
 		// Wildcard for originator.
-		for ( int i = 0; i < NUM_ADDR_WORDS; ++i )
+		for ( int i = 0; i < 4; ++i )
 			c.orig[i] = 0;
 		HashKey key(&c, sizeof(c.orig) + sizeof(c.resp) +
@ -404,7 +380,8 @@ bool DPM::BuildInitialAnalyzerTree(TransportProto proto, Connection* conn,
 	return true;
 	}
-void DPM::ExpectConnection(addr_type orig, addr_type resp, uint16 resp_p,
+void DPM::ExpectConnection(const IPAddr& orig, const IPAddr& resp,
 			uint16 resp_p,
 			TransportProto proto, AnalyzerTag::Tag analyzer,
 			double timeout, void* cookie)
 	{
--- a/src/DPM.h
+++ b/src/DPM.h
@ -27,19 +27,13 @@
 // Map to assign expected connections to analyzers.
 class ExpectedConn {
 public:
-	// This form can be used for IPv6 as well as IPv4.
+	ExpectedConn(const IPAddr& _orig, const IPAddr& _resp,
 	ExpectedConn(const uint32* _orig, const uint32* _resp,
 			uint16 _resp_p, uint16 _proto);
 	// This form only works for expecting an IPv4 connection.  Note
 	// that we do the right thing whether we're built IPv4-only or
 	// BROv6.
 	ExpectedConn(uint32 _orig, uint32 _resp, uint16 _resp_p, uint16 _proto);
 	ExpectedConn(const ExpectedConn& c);
-	uint32 orig[NUM_ADDR_WORDS];
+	uint32 orig[4];
-	uint32 resp[NUM_ADDR_WORDS];
+	uint32 resp[4];
 	uint16 resp_p;
 	uint16 proto;
 };
@ -90,7 +84,7 @@ public:
 	// Schedules a particular analyzer for an upcoming connection.
 	// 0 acts as a wildcard for orig.  (Cookie is currently unused.
 	// Eventually, we may pass it on to the analyzer).
-	void ExpectConnection(addr_type orig, addr_type resp, uint16 resp_p,
+	void ExpectConnection(const IPAddr& orig, const IPAddr& resp, uint16 resp_p,
 				TransportProto proto, AnalyzerTag::Tag analyzer,
 				double timeout, void* cookie);
--- a/src/Expr.cc
+++ b/src/Expr.cc
@ -14,6 +14,7 @@
 #include "Net.h"
 #include "Traverse.h"
 #include "Trigger.h"
 #include "IPAddr.h"
 const char* expr_name(BroExprTag t)
 	{
@ -834,23 +835,15 @@ Val* BinaryExpr::StringFold(Val* v1, Val* v2) const
 Val* BinaryExpr::AddrFold(Val* v1, Val* v2) const
 	{
-	addr_type a1 = v1->AsAddr();
+	uint32 a1[4];
-	addr_type a2 = v2->AsAddr();
+	uint32 a2[4];
 	v1->AsAddr()->CopyIPv6(a1);
 	v2->AsAddr()->CopyIPv6(a2);
 	int result = 0;
 	switch ( tag ) {
 #undef DO_FOLD
 #ifdef BROv6
 #define DO_FOLD(sense) { result = memcmp(a1, a2, 16) sense 0; break; }
 #else
 #define DO_FOLD(sense)	\
 	{ \
 	a1 = ntohl(a1); \
 	a2 = ntohl(a2); \
 	result = (a1 < a2 ? -1 : (a1 == a2 ? 0 : 1)) sense 0; \
 	break; \
 	}
 #endif
 	case EXPR_LT:		DO_FOLD(<)
 	case EXPR_LE:		DO_FOLD(<=)
@ -868,20 +861,13 @@ Val* BinaryExpr::AddrFold(Val* v1, Val* v2) const
 Val* BinaryExpr::SubNetFold(Val* v1, Val* v2) const
 	{
-	subnet_type* n1 = v1->AsSubNet();
+	const IPPrefix* n1 = v1->AsSubNet();
-	subnet_type* n2 = v2->AsSubNet();
+	const IPPrefix* n2 = v2->AsSubNet();
 	if ( n1->width != n2->width )
 		return new Val(0, TYPE_BOOL);
 #ifdef BROv6
 	if ( memcmp(n1->net, n2->net, 16) )
 #else
 	if ( n1->net != n2->net )
 #endif
 		return new Val(0, TYPE_BOOL);
 	if ( *n1 == *n2 )
 		return new Val(1, TYPE_BOOL);
 	else
 		return new Val(0, TYPE_BOOL);
 	}
 void BinaryExpr::SwapOps()
@ -1681,15 +1667,13 @@ DivideExpr::DivideExpr(Expr* arg_op1, Expr* arg_op2)
 Val* DivideExpr::AddrFold(Val* v1, Val* v2) const
 	{
 	addr_type a1 = v1->AsAddr();
 	uint32 mask;
 	if ( v2->Type()->Tag() == TYPE_COUNT )
 		mask = static_cast<uint32>(v2->InternalUnsigned());
 	else
 		mask = static_cast<uint32>(v2->InternalInt());
-	return new SubNetVal(a1, mask);
+	return new SubNetVal(*v1->AsAddr(), mask);
 	}
 Expr* DivideExpr::DoSimplify()
@ -4494,7 +4478,7 @@ Val* InExpr::Fold(Val* v1, Val* v2) const
 	if ( v1->Type()->Tag() == TYPE_ADDR &&
 	     v2->Type()->Tag() == TYPE_SUBNET )
-		return new Val(v2->AsSubNetVal()->Contains(v1->AsAddr()), TYPE_BOOL);
+		return new Val(v2->AsSubNetVal()->Contains(*v1->AsAddr()), TYPE_BOOL);
 	TableVal* vt = v2->AsTableVal();
 	if ( vt->Lookup(v1, false) )
--- a/src/HTTP.cc
+++ b/src/HTTP.cc
@ -1543,7 +1543,7 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, MIME_Header* h)
 		}
 	}
-void HTTP_Analyzer::ParseVersion(data_chunk_t ver, const uint32* host,
+void HTTP_Analyzer::ParseVersion(data_chunk_t ver, const IPAddr& host,
 				bool user_agent)
 	{
 	int len = ver.length;
--- a/src/HTTP.h
+++ b/src/HTTP.h
@ -8,6 +8,7 @@
 #include "MIME.h"
 #include "binpac_bro.h"
 #include "ZIP.h"
 #include "IPAddr.h"
 enum CHUNKED_TRANSFER_STATE {
 	NON_CHUNKED_TRANSFER,
@ -212,7 +213,7 @@ protected:
 	const BroString* UnansweredRequestMethod();
-	void ParseVersion(data_chunk_t ver, const uint32* host, bool user_agent);
+	void ParseVersion(data_chunk_t ver, const IPAddr& host, bool user_agent);
 	int HTTP_ReplyCode(const char* code_str);
 	int ExpectReplyMessageBody();
--- a/src/ICMP.cc
+++ b/src/ICMP.cc
@ -243,7 +243,7 @@ void ICMP_Analyzer::Describe(ODesc* d) const
 	d->Add(Conn()->LastTime());
 	d->AddSP(")");
-	d->Add(dotted_addr(Conn()->OrigAddr()));
+	d->Add(string(Conn()->OrigAddr()).c_str());
 	d->Add(".");
 	d->Add(type);
 	d->Add(".");
@ -252,7 +252,7 @@ void ICMP_Analyzer::Describe(ODesc* d) const
 	d->SP();
 	d->AddSP("->");
-	d->Add(dotted_addr(Conn()->RespAddr()));
+	d->Add(string(Conn()->RespAddr()).c_str());
 	}
 void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val)
--- a/src/IP.h
+++ b/src/IP.h
@ -4,63 +4,33 @@
 #define ip_h
 #include "config.h"
-
+#include "IPAddr.h"
 #include <net_util.h>
 class IP_Hdr {
 public:
 	IP_Hdr(struct ip* arg_ip4)
 		: ip4(arg_ip4), ip6(0),
 		  src_addr(arg_ip4->ip_src), dst_addr(arg_ip4->ip_dst), del(1)
 		{
 		ip4 = arg_ip4;
 		ip6 = 0;
 		del = 1;
 #ifdef BROv6
 		src_addr[0] = src_addr[1] = src_addr[2] = 0;
 		dst_addr[0] = dst_addr[1] = dst_addr[2] = 0;
 		src_addr[3] = ip4->ip_src.s_addr;
 		dst_addr[3] = ip4->ip_dst.s_addr;
 #endif
 		}
 	IP_Hdr(const struct ip* arg_ip4)
 		: ip4(arg_ip4), ip6(0),
 		  src_addr(arg_ip4->ip_src), dst_addr(arg_ip4->ip_dst), del(0)
 		{
 		ip4 = arg_ip4;
 		ip6 = 0;
 		del = 0;
 #ifdef BROv6
 		src_addr[0] = src_addr[1] = src_addr[2] = 0;
 		dst_addr[0] = dst_addr[1] = dst_addr[2] = 0;
 		src_addr[3] = ip4->ip_src.s_addr;
 		dst_addr[3] = ip4->ip_dst.s_addr;
 #endif
 		}
 	IP_Hdr(struct ip6_hdr* arg_ip6)
 		: ip4(0), ip6(arg_ip6),
 		  src_addr(arg_ip6->ip6_src), dst_addr(arg_ip6->ip6_dst), del(1)
 		{
 		ip4 = 0;
 		ip6 = arg_ip6;
 		del = 1;
 #ifdef BROv6
 		memcpy(src_addr, ip6->ip6_src.s6_addr, 16);
 		memcpy(dst_addr, ip6->ip6_dst.s6_addr, 16);
 #endif
 		}
 	IP_Hdr(const struct ip6_hdr* arg_ip6)
 		: ip4(0), ip6(arg_ip6),
 		  src_addr(arg_ip6->ip6_src), dst_addr(arg_ip6->ip6_dst), del(0)
 		{
 		ip4 = 0;
 		ip6 = arg_ip6;
 		del = 0;
 #ifdef BROv6
 		memcpy(src_addr, ip6->ip6_src.s6_addr, 16);
 		memcpy(dst_addr, ip6->ip6_dst.s6_addr, 16);
 #endif
 		}
 	~IP_Hdr()
@ -77,19 +47,10 @@ public:
 	const struct ip* IP4_Hdr() const	{ return ip4; }
 	const struct ip6_hdr* IP6_Hdr() const	{ return ip6; }
-#ifdef BROv6
+	const IPAddr& SrcAddr() const	{ return src_addr; }
-	const uint32* SrcAddr() const	{ return src_addr; }
+	const IPAddr& DstAddr() const	{ return dst_addr; }
 	const uint32* DstAddr() const	{ return dst_addr; }
 #else
 	const uint32* SrcAddr() const
 		{ return ip4 ? &(ip4->ip_src.s_addr) : 0; }
 	const uint32* DstAddr() const
 		{ return ip4 ? &(ip4->ip_dst.s_addr) : 0; }
 #endif
 	uint32 SrcAddr4() const	{ return ip4->ip_src.s_addr; }
 	uint32 DstAddr4() const	{ return ip4->ip_dst.s_addr; }
 	//TODO: needs adapting/replacement for IPv6 support
 	uint16 ID4() const	{ return ip4 ? ip4->ip_id : 0; }
 	const u_char* Payload() const
@ -131,10 +92,8 @@ public:
 private:
 	const struct ip* ip4;
 	const struct ip6_hdr* ip6;
-#ifdef BROv6
+	IPAddr src_addr;
-	uint32 src_addr[NUM_ADDR_WORDS];
+	IPAddr dst_addr;
 	uint32 dst_addr[NUM_ADDR_WORDS];
 #endif
 	int del;
 };
--- a/src/IPAddr.cc
+++ b/src/IPAddr.cc
@ -0,0 +1,364 @@
 #include "IPAddr.h"
 #include "Reporter.h"
 #include "modp_numtoa.h"
 #include <arpa/inet.h>
 const uint8_t IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0,
                                               0, 0, 0, 0,
                                               0, 0, 0xff, 0xff };
 IPAddr::IPAddr()
 	{
 	memset(in6.s6_addr, 0, sizeof(in6.s6_addr));
 	}
 IPAddr::IPAddr(const in4_addr& in4)
 	{
 	memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix));
 	memcpy(&in6.s6_addr[12], &in4.s_addr, sizeof(in4.s_addr));
 	}
 IPAddr::IPAddr(const in6_addr& arg_in6)
 	: in6(arg_in6)
 	{
 	}
 void IPAddr::Init(const std::string& s)
 	{
 	if ( s.find(':') == std::string::npos ) //IPv4
 		{
 		memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix));
 		if ( inet_pton(AF_INET, s.c_str(), &in6.s6_addr[12]) <=0 )
 			{
 			reporter->Error("Bad IP address: %s", s.c_str());
 			memset(in6.s6_addr, 0, sizeof(in6.s6_addr));
 			}
 		}
 	else
 		{
 		if ( inet_pton(AF_INET6, s.c_str(), in6.s6_addr) <=0 )
 			{
 			reporter->Error("Bad IP address: %s", s.c_str());
 			memset(in6.s6_addr, 0, sizeof(in6.s6_addr));
 			}
 		}
 	}
 IPAddr::IPAddr(const std::string& s)
 	{
 	Init(s);
 	}
 IPAddr::IPAddr(const BroString& s)
 	{
 	Init(s.CheckString());
 	}
 IPAddr::IPAddr(Family family, const uint32_t* bytes, ByteOrder order)
 	{
 	if ( family == IPv4 )
 		{
 		memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix));
 		memcpy(&in6.s6_addr[12], bytes, sizeof(uint32_t));
 		if ( order == Host )
 			{
 			uint32_t* p = (uint32_t*) &in6.s6_addr[12];
 			*p = htonl(*p);
 			}
 		}
 	else
 		{
 		memcpy(in6.s6_addr, bytes, sizeof(in6.s6_addr));
 		if ( order == Host )
 			{
 			for ( unsigned int i = 0; i < 4; ++ i)
 				{
 				uint32_t* p = (uint32_t*) &in6.s6_addr[i*4];
 				*p = htonl(*p);
 				}
 			}
 		}
 	}
 IPAddr::IPAddr(const IPAddr& other)
 	{
 	in6 = other.in6;
 	}
 IPAddr::~IPAddr()
 	{
 	}
 IPAddr::Family IPAddr::family() const
 	{
 	if ( memcmp(in6.s6_addr, v4_mapped_prefix, 12) == 0 )
 		return IPv4;
 	else
 		return IPv6;
 	}
 bool IPAddr::IsLoopback() const
 	{
 	if ( family() == IPv4 )
 		return in6.s6_addr[12] == 127;
 	else
 		return ((in6.s6_addr[0] == 0) && (in6.s6_addr[1] == 0)
 		     && (in6.s6_addr[2] == 0) && (in6.s6_addr[3] == 0)
 		     && (in6.s6_addr[4] == 0) && (in6.s6_addr[5] == 0)
 		     && (in6.s6_addr[6] == 0) && (in6.s6_addr[7] == 0)
 		     && (in6.s6_addr[8] == 0) && (in6.s6_addr[9] == 0)
 		     && (in6.s6_addr[10] == 0) && (in6.s6_addr[11] == 0)
 		     && (in6.s6_addr[12] == 0) && (in6.s6_addr[13] == 0)
 		     && (in6.s6_addr[14] == 0) && (in6.s6_addr[15] == 1));
 	}
 bool IPAddr::IsMulticast() const
 	{
 	if ( family() == IPv4 )
 		return in6.s6_addr[12] == 224;
 	else
 		return in6.s6_addr[0] == 0xff;
 	}
 bool IPAddr::IsBroadcast() const
 	{
 	if ( family() == IPv4 )
 		return ((in6.s6_addr[12] == 0xff) && (in6.s6_addr[13] == 0xff)
 		     && (in6.s6_addr[14] == 0xff) && (in6.s6_addr[15] == 0xff));
 	else
 		return false;
 	}
 int IPAddr::GetBytes(uint32_t** bytes)
 	{
 	if ( family() == IPv4 )
 		{
 		*bytes = (uint32_t*) &in6.s6_addr[12];
 		return 1;
 		}
 	else
 		{
 		*bytes = (uint32_t*) in6.s6_addr;
 		return 4;
 		}
 	}
 int IPAddr::GetBytes(const uint32_t** bytes) const
 	{
 	if ( family() == IPv4 )
 		{
 		*bytes = (uint32_t*) &in6.s6_addr[12];
 		return 1;
 		}
 	else
 		{
 		*bytes = (uint32_t*) in6.s6_addr;
 		return 4;
 		}
 	}
 void IPAddr::CopyIPv6(uint32_t* bytes) const
 	{
 	memcpy(bytes, in6.s6_addr, sizeof(in6.s6_addr));
 	}
 void IPAddr::Mask(int top_bits_to_keep)
 	{
 	if ( top_bits_to_keep <=0 || top_bits_to_keep > 128 )
 		{
 		reporter->Error("Bad IPAddr::Mask value %d", top_bits_to_keep);
 		return;
 		}
 	uint32_t tmp[4];
 	memcpy(tmp, in6.s6_addr, sizeof(in6.s6_addr));
 	int word = 3;
 	int bits_to_chop = 128 - top_bits_to_keep;
 	while ( bits_to_chop >= 32 )
 		{
 		tmp[word] = 0;
 		--word;
 		bits_to_chop -= 32;
 		}
 	uint32_t w = ntohl(tmp[word]);
 	w >>= bits_to_chop;
 	w <<= bits_to_chop;
 	tmp[word] = htonl(w);
 	memcpy(in6.s6_addr, tmp, sizeof(in6.s6_addr));
 	}
 void IPAddr::ReverseMask(int top_bits_to_chop)
 	{
 	if ( top_bits_to_chop <=0 || top_bits_to_chop > 128 )
 		{
 		reporter->Error("Bad IPAddr::ReverseMask value %d", top_bits_to_chop);
 		return;
 		}
 	uint32_t tmp[4];
 	memcpy(tmp, in6.s6_addr, sizeof(in6.s6_addr));
 	int word = 0;
 	int bits_to_chop = top_bits_to_chop;
 	while ( bits_to_chop >= 32 )
 		{
 		tmp[word] = 0;
 		++word;
 		bits_to_chop -= 32;
 		}
 	uint32_t w = ntohl(tmp[word]);
 	w <<= bits_to_chop;
 	w >>= bits_to_chop;
 	tmp[word] = htonl(w);
 	memcpy(in6.s6_addr, tmp, sizeof(in6.s6_addr));
 	}
 IPAddr& IPAddr::operator =(const IPAddr& other)
 	{
 	// No self-assignment check here because it's correct without it and
 	// makes the common case faster.
 	in6 = other.in6;
 	return *this;
 	}
 IPAddr::operator std::string() const
 	{
 	if ( family() == IPv4 )
 		{
 		char s[INET_ADDRSTRLEN];
 		if ( inet_ntop(AF_INET, &in6.s6_addr[12], s, INET_ADDRSTRLEN) == NULL )
 			return "<bad IPv4 address conversion";
 		else
 			return s;
 		}
 	else
 		{
 		char s[INET6_ADDRSTRLEN];
 		if ( inet_ntop(AF_INET6, in6.s6_addr, s, INET6_ADDRSTRLEN) == NULL )
 			return "<bad IPv64 address conversion";
 		else
 			return s;
 		}
 	}
 bool operator ==(const IPAddr& addr1, const IPAddr& addr2)
 	{
 	return memcmp(&addr1.in6, &addr2.in6, sizeof(in6_addr)) == 0;
 	}
 bool operator !=(const IPAddr& addr1, const IPAddr& addr2)
 	{
 	return ! (addr1 == addr2);
 	}
 bool operator <(const IPAddr& addr1, const IPAddr& addr2)
 	{
 	return memcmp(&addr1.in6, &addr2.in6, sizeof(in6_addr)) < 0;
 	}
 IPPrefix::IPPrefix(const in4_addr& in4, uint8_t length)
 	: prefix(in4), length(96 + length)
 	{
 	if ( length > 32 )
 		reporter->InternalError("Bad in4_addr IPPrefix length : %d", length);
 	prefix.Mask(this->length);
 	}
 IPPrefix::IPPrefix(const in6_addr& in6, uint8_t length)
 	: prefix(in6), length(length)
 	{
 	if ( length > 128 )
 		reporter->InternalError("Bad in6_addr IPPrefix length : %d", length);
 	prefix.Mask(this->length);
 	}
 IPPrefix::IPPrefix(const IPAddr& addr, uint8_t length)
 	: prefix(addr)
 	{
 	if ( prefix.family() == IPAddr::IPv4 )
 		{
 		if ( length > 32 )
 			reporter->InternalError("Bad IPAddr(v4) IPPrefix length : %d",
 			                        length);
 		this->length = length + 96;
 		}
 	else
 		{
 		if ( length > 128 )
 			reporter->InternalError("Bad IPAddr(v6) IPPrefix length : %d",
 			                        length);
 		this->length = length;
 		}
 	prefix.Mask(this->length);
 	}
 IPPrefix::IPPrefix(const std::string& s, uint8_t length)
 	: prefix(s), length(length)
 	{
 	if ( prefix.family() == IPAddr::IPv4 && length > 32 )
 		reporter->InternalError("Bad string IPPrefix length : %d", length);
 	else if ( prefix.family() == IPAddr::IPv6 && length > 128 )
 		reporter->InternalError("Bad string IPPrefix length : %d", length);
 	prefix.Mask(this->length);
 	}
 IPPrefix::IPPrefix(const IPPrefix& other)
 	: prefix(other.prefix), length(other.length)
 	{
 	}
 IPPrefix::~IPPrefix()
 	{
 	}
 const IPAddr& IPPrefix::Prefix() const
 	{
 	return prefix;
 	}
 uint8_t IPPrefix::Length() const
 	{
 	return prefix.family() == IPAddr::IPv4 ? length - 96 : length;
 	}
 uint8_t IPPrefix::LengthIPv6() const
 	{
 	return length;
 	}
 IPPrefix& IPPrefix::operator =(const IPPrefix& other)
 	{
 	// No self-assignment check here because it's correct without it and
 	// makes the common case faster.
 	prefix = other.Prefix();
 	length = other.Length();
 	return *this;
 	}
 IPPrefix::operator std::string() const
 	{
 	char l[16];
 	if ( prefix.family() == IPAddr::IPv4 )
 		modp_uitoa10(length - 96, l);
 	else
 		modp_uitoa10(length, l);
 	return std::string(prefix).append("/").append(l);
 	}
 bool operator ==(const IPPrefix& net1, const IPPrefix& net2)
 	{
 	return net1.Prefix() == net2.Prefix() && net1.Length() == net2.Length();
 	}
 bool operator <(const IPPrefix& net1, const IPPrefix& net2)
 	{
 	if ( net1.Prefix() < net2.Prefix() )
 		return true;
 	else if ( net1.Prefix() == net2.Prefix() )
 		return net1.Length() < net2.Length();
 	else
 		return false;
 	}
--- a/src/IPAddr.h
+++ b/src/IPAddr.h
@ -2,6 +2,14 @@
 #ifndef IPADDR_H
 #define IPADDR_H
 #include <netinet/in.h>
 #include <string>
 #include "BroString.h"
 #include "util.h"
 typedef in_addr in4_addr;
 /// Class storing both IPv4 and IPv6 addresses.
 class IPAddr
 {
@ -12,6 +20,9 @@ public:
 	/// Byte order.
 	enum ByteOrder { Host, Network };
 	/// Constructs the unspecified IPv6 address (all 128 bits zeroed).
 	IPAddr();
 	/// Constructs an address instance from an IPv4 address.
 	///
 	/// @param in6 The IPv6 address.
@ -26,7 +37,7 @@ public:
 	///
 	/// @param s String containing an IP address as either a dotted IPv4
 	/// address or a hex IPv6 address.
-	IPAddr(const string& s);
+	IPAddr(const std::string& s);
 	/// Constructs an address instance from a string representation.
 	///
@ -43,8 +54,8 @@ public:
 	/// IPv6.
 	///
 	/// @param order Indicates whether the raw representation pointed to
-	/// be \a bytes is stored in network or host order.
+	/// by \a bytes is stored in network or host order.
-	IPAddr(Family family, const u_char* bytes, ByteOrder order);
+	IPAddr(Family family, const uint32_t* bytes, ByteOrder order);
 	/// Copy constructor.
 	IPAddr(const IPAddr& other);
@ -61,19 +72,29 @@ public:
 	/// Returns true if the address represents a multicast address.
 	bool IsMulticast() const;
-	/// Returs true if the address represents a broadcast address.
+	/// Returns true if the address represents a broadcast address.
 	bool IsBroadcast() const;
 	/// Retrieves the raw byte representation of the address.
 	///
 	/// @param bytes The pointer to which \a bytes points will be set to
-	/// the address of the raw representation. The return value indicates
+	/// the address of the raw representation in network-byte order.
-	/// how many bytes are valid starting at that address. The pointer
+	/// The return value indicates how many 32-bit words are valid starting at
-	/// will be valid as long as the address instance exists.
+	/// that address. The pointer will be valid as long as the address instance
 	/// exists.
 	///
-	/// @return The number of bytes the raw representation uses. This
+	/// @return The number of 32-bit words the raw representation uses. This
-	/// will be 4 for an IPv4 address and 32 for an IPv6 address. 
+	/// will be 1 for an IPv4 address and 4 for an IPv6 address.
-	int GetBytes(unsigned u_char** bytes); // Returns network-byte order.
+	int GetBytes(uint32_t** bytes);
 	int GetBytes(const uint32_t** bytes) const;
 	/// Retrieves a copy of the IPv6 raw byte representation of the address.
 	/// If the internal address is IPv4, then the copied bytes use the
 	/// IPv4 to IPv6 address mapping to return a full 16 bytes.
 	///
 	/// @param bytes The pointer to a memory location in which the
 	/// raw bytes of the address are to be copied in network byte-order.
 	void CopyIPv6(uint32_t* bytes) const;
 	/// Masks out lower bits of the address.
 	///
@ -85,45 +106,80 @@ public:
 	/// 0 to 128.
 	void Mask(int top_bits_to_keep);
 	/// Masks out top bits of the address.
 	///
 	/// @param top_bits_to_chop The number of bits to mask out, counting
 	/// from the highest order bit.  The value is always interpreted relative
 	/// to the IPv6 bit width, even if the address is IPv4.  So to mask out
 	/// the first 16 bits of an IPv4 address, pass in 112 (i.e., 96 + 16).
 	/// The value must be in the range from 0 to 128.
 	void ReverseMask(int top_bits_to_chop);
 	/// Assignment operator.
-	const IPAddr& operator=(const IPAddr& other);
+	IPAddr& operator=(const IPAddr& other);
 	/// Returns a string representation of the address. IPv4 addresses
 	/// will be returned in dotted representation, IPv6 addresses in
 	/// compressed hex.
-	operator string() const;
+	operator std::string() const;
 	/// Comparison operator for IP address.
 	friend bool operator==(const IPAddr& addr1, const IPAddr& addr2);
 	friend bool operator!=(const IPAddr& addr1, const IPAddr& addr2);
 	/// Comparison operator IP addresses. This defines a well-defined order for
 	/// IP addresses. However, the order does not necessarily correspond to
 	/// their numerical values.
 	friend bool operator<(const IPAddr& addr1, const IPAddr& addr2);
 	unsigned int MemoryAllocation() const { return padded_sizeof(*this); }
 private:
-	struct in6_addr in6; // This stored IPv6 addresses via the standard v4-to-v6 mapping.
+	in6_addr in6; // IPv6 or v4-to-v6-mapped address
 	static const uint8_t v4_mapped_prefix[12]; // top 96 bits of v4-mapped-addr
 	/// Initializes an address instance from a string representation.
 	///
 	/// @param s String containing an IP address as either a dotted IPv4
 	/// address or a hex IPv6 address.
 	void Init(const std::string& s);
 };
-/// Comparision operator for IP addresss.
+/// Class storing both IPv4 and IPv6 prefixes
-extern bool operator==(const IPAddr& addr1, const IPAddr& addr2) const;
+/// (i.e., \c 192.168.1.1/16 and \c FD00::/8.
 /// Comparision operator IP addresses. This defines a well-defined order for
 /// IP addresses. However, the order does not necessarily correspond to their
 /// numerical values.
 extern bool operator<(const IPAddr& addr1, const IPAddr& addr2) const;
 /// Class storing both IPv4 and IPv6 prefixes (i.e., \c 192.168.1.1/16 and \c FD00::/8.
 class IPPrefix
 {
 public:
 	/// Constructs a prefix instance from an IPv4 address and a prefix
 	/// length.
 	///
-	/// @param addr The IPv4 address.
+	/// @param in4 The IPv4 address.
 	///
 	/// @param length The prefix length in the range from 0 to 32.
-	IPPrefix(const in4_addr& in4, uint16_t length);
+	IPPrefix(const in4_addr& in4, uint8_t length);
 	/// Constructs a prefix instance from an IPv6 address and a prefix
 	/// length.
 	///
-	/// @param addr The IPv6 address.
+	/// @param in6 The IPv6 address.
 	///
 	/// @param length The prefix length in the range from 0 to 128.
-	IPPrefix(const in6_addr& in6, uint16_t length);
+	IPPrefix(const in6_addr& in6, uint8_t length);
 	/// Constructs a prefix instance from an IPAddr object and prefix length.
 	///
 	/// @param addr The IP address.
 	///
 	/// @param length The prefix length in the range from 0 to 128
 	IPPrefix(const IPAddr& addr, uint8_t length);
 	/// Constructs a prefix instance from IP string representation and length.
 	///
 	/// @param s String containing an IP address as either a dotted IPv4
 	/// address or a hex IPv6 address.
 	///
 	/// @param length The prefix length in the range from 0 to 128
 	IPPrefix(const std::string& s, uint8_t length);
 	/// Copy constructor.
 	IPPrefix(const IPPrefix& other);
@ -135,28 +191,35 @@ public:
 	/// have all bits not part of the prefixed set to zero.
 	const IPAddr& Prefix() const;
-	/// Returns the bit length of the prefix.
+	/// Returns the bit length of the prefix, relative to the 32 bits
-	uint16_t Length() const;
+	/// of an IPv4 prefix or relative to the 128 bits of an IPv6 prefix.
 	uint8_t Length() const;
 	/// Returns the bit length of the prefix always relative to a full
 	/// 128 bits of an IPv6 prefix (or IPv4 mapped to IPv6).
 	uint8_t LengthIPv6() const;
 	/// Assignment operator.
-	const IPPrefix& operator=(const IPPrefix& other);
+	IPPrefix& operator=(const IPPrefix& other);
 	/// Returns a string representation of the prefix. IPv4 addresses
 	/// will be returned in dotted representation, IPv6 addresses in
 	/// compressed hex.
-	operator string() const;
+	operator std::string() const;
 	unsigned int MemoryAllocation() const { return padded_sizeof(*this); }
 private:
 	IPAddr prefix;	// We store it as an address with the non-prefix bits masked out via Mask().
-	uint16_t mask;	// The bit length.        
+	uint8_t length;	// The bit length of the prefix relative to full IPv6 addr.
 };
-/// Comparision operator for IP prefix.
+/// Comparison operator for IP prefix.
-extern bool operator==(const IPPrefix& net1, const IPPrefix& net2) const;
+extern bool operator==(const IPPrefix& net1, const IPPrefix& net2);
-/// Comparision operator IP prefixes. This defines a well-defined order for
+/// Comparison operator IP prefixes. This defines a well-defined order for
 /// IP prefix. However, the order does not necessarily corresponding to their
 /// numerical values.
-extern bool operator<(const IPPrefix& net1, const IPPrefix& net2) const;
+extern bool operator<(const IPPrefix& net1, const IPPrefix& net2);
 #endif
--- a/src/LogMgr.cc
+++ b/src/LogMgr.cc
@ -101,6 +101,12 @@ LogVal::~LogVal()
 	     && present )
 		delete val.string_val;
 	if ( type == TYPE_ADDR && present )
 		delete val.addr_val;
 	if ( type == TYPE_SUBNET && present )
 		delete val.subnet_val;
 	if ( type == TYPE_TABLE && present )
 		{
 		for ( int i = 0; i < val.set_val.size; i++ )
@ -193,22 +199,15 @@ bool LogVal::Read(SerializationFormat* fmt)
 	case TYPE_SUBNET:
 		{
-		uint32 net[4];
+		uint32 net[5];
 		if ( ! (fmt->Read(&net[0], "net0") &&
 			fmt->Read(&net[1], "net1") &&
 			fmt->Read(&net[2], "net2") &&
 			fmt->Read(&net[3], "net3") &&
-			fmt->Read(&val.subnet_val.width, "width")) )
+			fmt->Read(&net[4], "width")) )
 			return false;
-
+		val.subnet_val = new IPPrefix(IPAddr(IPAddr::IPv6, net,
-#ifdef BROv6
+		                              IPAddr::Network), net[4]);
 		val.subnet_val.net[0] = net[0];
 		val.subnet_val.net[1] = net[1];
 		val.subnet_val.net[2] = net[2];
 		val.subnet_val.net[3] = net[3];
 #else
 		val.subnet_val.net = net[0];
 #endif
 		return true;
 		}
@ -221,12 +220,7 @@ bool LogVal::Read(SerializationFormat* fmt)
 			fmt->Read(&addr[3], "addr3")) )
 			return false;
-		val.addr_val[0] = addr[0];
+		val.addr_val = new IPAddr(IPAddr::IPv6, addr, IPAddr::Network);
 #ifdef BROv6
 		val.addr_val[1] = addr[1];
 		val.addr_val[2] = addr[2];
 		val.addr_val[3] = addr[3];
 #endif
 		return true;
 		}
@ -309,33 +303,18 @@ bool LogVal::Write(SerializationFormat* fmt) const
 	case TYPE_SUBNET:
 		{
 		uint32 net[4];
-#ifdef BROv6
+		val.subnet_val->Prefix().CopyIPv6(net);
 		net[0] = val.subnet_val.net[0];
 		net[1] = val.subnet_val.net[1];
 		net[2] = val.subnet_val.net[2];
 		net[3] = val.subnet_val.net[3];
 #else
 		net[0] = val.subnet_val.net;
 		net[1] = net[2] = net[3] = 0;
 #endif
 		return fmt->Write(net[0], "net0") &&
 			fmt->Write(net[1], "net1") &&
 			fmt->Write(net[2], "net2") &&
 			fmt->Write(net[3], "net3") &&
-			fmt->Write(val.subnet_val.width, "width");
+			fmt->Write((uint32)val.subnet_val->Length(), "width");
 		}
 	case TYPE_ADDR:
 		{
 		uint32 addr[4];
-		addr[0] = val.addr_val[0];
+		val.addr_val->CopyIPv6(addr);
 #ifdef BROv6
 		addr[1] = val.addr_val[1];
 		addr[2] = val.addr_val[2];
 		addr[3] = val.addr_val[3];
 #else
 		addr[1] = addr[2] = addr[3] = 0;
 #endif
 		return fmt->Write(addr[0], "addr0") &&
 			fmt->Write(addr[1], "addr1") &&
 			fmt->Write(addr[2], "addr2") &&
@ -1107,17 +1086,12 @@ LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty)
 		break;
 	case TYPE_SUBNET:
-		lval->val.subnet_val = *val->AsSubNet();
+		lval->val.subnet_val = new IPPrefix(*val->AsSubNet());
 		break;
 	case TYPE_ADDR:
 		{
-		addr_type t = val->AsAddr();
+		lval->val.addr_val = new IPAddr(*val->AsAddr());
 #ifdef BROv6
 		copy_addr(t, lval->val.addr_val);
 #else
 		copy_addr(&t, lval->val.addr_val);
 #endif
 		break;
 		}
--- a/src/LogMgr.h
+++ b/src/LogMgr.h
@ -8,6 +8,7 @@
 #include "Val.h"
 #include "EventHandler.h"
 #include "RemoteSerializer.h"
 #include "IPAddr.h"
 class SerializationFormat;
@ -40,8 +41,8 @@ struct LogVal {
 	union _val {
 		bro_int_t int_val;
 		bro_uint_t uint_val;
-		uint32 addr_val[NUM_ADDR_WORDS];
+		IPAddr* addr_val;
-		subnet_type subnet_val;
+		IPPrefix* subnet_val;
 		double double_val;
 		string* string_val;
 		set_t set_val;
--- a/src/LogWriterAscii.cc
+++ b/src/LogWriterAscii.cc
@ -166,13 +166,11 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)
 		break;
 	case TYPE_SUBNET:
-		desc->Add(dotted_addr(val->val.subnet_val.net));
+		desc->Add(string(*val->val.subnet_val).c_str());
 		desc->Add("/");
 		desc->Add(val->val.subnet_val.width);
 		break;
 	case TYPE_ADDR:
-		desc->Add(dotted_addr(val->val.addr_val));
+		desc->Add(string(*val->val.addr_val).c_str());
 		break;
 	case TYPE_TIME:
--- a/src/OSFinger.cc
+++ b/src/OSFinger.cc
@ -63,9 +63,11 @@ OSFingerprint::OSFingerprint(FingerprintMode arg_mode)
    }
 }
-bool OSFingerprint::CacheMatch(uint32 addr, int id)
+bool OSFingerprint::CacheMatch(const IPAddr& addr, int id)
  {
-  HashKey key = HashKey(&addr, 1);
+  uint32 bytes[4];
  addr.CopyIPv6(bytes);
  HashKey key = HashKey(bytes, 4);
  int* pid = new int;
  *pid=id;
  int* prev = os_matches.Insert(&key, pid);
--- a/src/OSFinger.h
+++ b/src/OSFinger.h
@ -14,6 +14,7 @@
 #include "util.h"
 #include "Dict.h"
 #include "Reporter.h"
 #include "IPAddr.h"
 // Size limit for size wildcards.
 #define PACKET_BIG 100
@ -88,7 +89,7 @@ public:
 	int FindMatch(struct os_type* retval, uint16 tot, uint8 DF_flag,
 		uint8 TTL, uint16 WSS, uint8 ocnt, uint8* op, uint16 MSS,
 		uint8 win_scale, uint32 tstamp, uint32 quirks, uint8 ECN) const;
-	bool CacheMatch(uint32 addr, int id);
+	bool CacheMatch(const IPAddr& addr, int id);
 	int Get_OS_From_SYN(struct os_type* retval,
 			uint16 tot, uint8 DF_flag, uint8 TTL, uint16 WSS,
--- a/src/PIA.cc
+++ b/src/PIA.cc
@ -199,17 +199,21 @@ void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip)
 			ip4_hdr = new IP_Hdr((const struct ip*) ip4);
 			}
 		const uint32* obytes;
 		const uint32* rbytes;
 		Conn()->OrigAddr().GetBytes(&obytes);
 		Conn()->RespAddr().GetBytes(&rbytes);
 		if ( is_orig )
 			{
-			copy_addr(Conn()->OrigAddr(), &ip4->ip_src.s_addr);
+			memcpy(&ip4->ip_src.s_addr, obytes, sizeof(uint32));
-			copy_addr(Conn()->RespAddr(), &ip4->ip_dst.s_addr);
+			memcpy(&ip4->ip_dst.s_addr, rbytes, sizeof(uint32));
 			tcp4->th_sport = htons(Conn()->OrigPort());
 			tcp4->th_dport = htons(Conn()->RespPort());
 			}
 		else
 			{
-			copy_addr(Conn()->RespAddr(), &ip4->ip_src.s_addr);
+			memcpy(&ip4->ip_src.s_addr, rbytes, sizeof(uint32));
-			copy_addr(Conn()->OrigAddr(), &ip4->ip_dst.s_addr);
+			memcpy(&ip4->ip_dst.s_addr, obytes, sizeof(uint32));
 			tcp4->th_sport = htons(Conn()->RespPort());
 			tcp4->th_dport = htons(Conn()->OrigPort());
 			}
--- a/src/PacketFilter.cc
+++ b/src/PacketFilter.cc
@ -1,11 +1,11 @@
 #include "PacketFilter.h"
-void PacketFilter::AddSrc(addr_type src, uint32 tcp_flags, double probability)
+void PacketFilter::AddSrc(const IPAddr& src, uint32 tcp_flags, double probability)
 	{
 	Filter* f = new Filter;
 	f->tcp_flags = tcp_flags;
 	f->probability = uint32(probability * RAND_MAX);
-	src_filter.Insert(src, NUM_ADDR_WORDS * 32, f);
+	src_filter.Insert(src, 128, f);
 	}
 void PacketFilter::AddSrc(Val* src, uint32 tcp_flags, double probability)
@ -16,12 +16,12 @@ void PacketFilter::AddSrc(Val* src, uint32 tcp_flags, double probability)
 	src_filter.Insert(src, f);
 	}
-void PacketFilter::AddDst(addr_type dst, uint32 tcp_flags, double probability)
+void PacketFilter::AddDst(const IPAddr& dst, uint32 tcp_flags, double probability)
 	{
 	Filter* f = new Filter;
 	f->tcp_flags = tcp_flags;
 	f->probability = uint32(probability * RAND_MAX);
-	dst_filter.Insert(dst, NUM_ADDR_WORDS * 32, f);
+	dst_filter.Insert(dst, 128, f);
 	}
 void PacketFilter::AddDst(Val* dst, uint32 tcp_flags, double probability)
@ -32,9 +32,9 @@ void PacketFilter::AddDst(Val* dst, uint32 tcp_flags, double probability)
 	dst_filter.Insert(dst, f);
 	}
-bool PacketFilter::RemoveSrc(addr_type src)
+bool PacketFilter::RemoveSrc(const IPAddr& src)
 	{
-	return src_filter.Remove(src, NUM_ADDR_WORDS * 32) != 0;
+	return src_filter.Remove(src, 128) != 0;
 	}
 bool PacketFilter::RemoveSrc(Val* src)
@ -42,9 +42,9 @@ bool PacketFilter::RemoveSrc(Val* src)
 	return src_filter.Remove(src) != NULL;
 	}
-bool PacketFilter::RemoveDst(addr_type dst)
+bool PacketFilter::RemoveDst(const IPAddr& dst)
 	{
-	return dst_filter.Remove(dst, NUM_ADDR_WORDS * 32) != NULL;
+	return dst_filter.Remove(dst, 128) != NULL;
 	}
 bool PacketFilter::RemoveDst(Val* dst)
@ -54,21 +54,11 @@ bool PacketFilter::RemoveDst(Val* dst)
 bool PacketFilter::Match(const IP_Hdr* ip, int len, int caplen)
 	{
-#ifdef BROv6
+	Filter* f = (Filter*) src_filter.Lookup(ip->SrcAddr(), 128);
 	Filter* f = (Filter*) src_filter.Lookup(ip->SrcAddr(),
 						NUM_ADDR_WORDS * 32);
 #else
 	Filter* f = (Filter*) src_filter.Lookup(*ip->SrcAddr(),
 						NUM_ADDR_WORDS * 32);
 #endif
 	if ( f )
 		return MatchFilter(*f, *ip, len, caplen);
-#ifdef BROv6
+	f = (Filter*) dst_filter.Lookup(ip->DstAddr(), 128);
 	f = (Filter*) dst_filter.Lookup(ip->DstAddr(), NUM_ADDR_WORDS * 32);
 #else
 	f = (Filter*) dst_filter.Lookup(*ip->DstAddr(), NUM_ADDR_WORDS * 32);
 #endif
 	if ( f )
 		return MatchFilter(*f, *ip, len, caplen);
--- a/src/PacketFilter.h
+++ b/src/PacketFilter.h
@ -14,16 +14,16 @@ public:
 	// Drops all packets from a particular source (which may be given
 	// as an AddrVal or a SubnetVal) which hasn't any of TCP flags set
 	// (TH_*) with the given probability (from 0..MAX_PROB).
-	void AddSrc(addr_type src, uint32 tcp_flags, double probability);
+	void AddSrc(const IPAddr& src, uint32 tcp_flags, double probability);
 	void AddSrc(Val* src, uint32 tcp_flags, double probability);
-	void AddDst(addr_type src, uint32 tcp_flags, double probability);
+	void AddDst(const IPAddr& src, uint32 tcp_flags, double probability);
 	void AddDst(Val* src, uint32 tcp_flags, double probability);
 	// Removes the filter entry for the given src/dst
 	// Returns false if filter doesn not exist.
-	bool RemoveSrc(addr_type src);
+	bool RemoveSrc(const IPAddr& src);
 	bool RemoveSrc(Val* dst);
-	bool RemoveDst(addr_type dst);
+	bool RemoveDst(const IPAddr& dst);
 	bool RemoveDst(Val* dst);
 	// Returns true if packet matches a drop filter
--- a/src/PrefixTable.cc
+++ b/src/PrefixTable.cc
@ -1,34 +1,21 @@
 #include "PrefixTable.h"
 #include "Reporter.h"
-// IPv4 version.
+inline static prefix_t* make_prefix(const IPAddr& addr, int width)
 inline static prefix_t* make_prefix(const uint32 addr, int width)
 	{
 	prefix_t* prefix = (prefix_t*) safe_malloc(sizeof(prefix_t));
-	memcpy(&prefix->add.sin, &addr, sizeof(prefix->add.sin)) ;
+	uint32 bytes[4];
-	prefix->family = AF_INET;
+	addr.CopyIPv6(bytes);
-	prefix->bitlen = width;
+	memcpy(&prefix->add.sin6, bytes, 4 * sizeof(uint32));
 	prefix->ref_count = 1;
 	return prefix;
 	}
 #ifdef BROv6
 inline static prefix_t* make_prefix(const uint32* addr, int width)
 	{
 	prefix_t* prefix = (prefix_t*) safe_malloc(sizeof(prefix_t));
 	memcpy(&prefix->add.sin6, addr, 4 * sizeof(uint32));
 	prefix->family = AF_INET6;
 	prefix->bitlen = width;
 	prefix->ref_count = 1;
 	return prefix;
 	}
 #endif
-void* PrefixTable::Insert(const_addr_type addr, int width, void* data)
+void* PrefixTable::Insert(const IPAddr& addr, int width, void* data)
 	{
 	prefix_t* prefix = make_prefix(addr, width);
 	patricia_node_t* node = patricia_lookup(tree, prefix);
@ -55,12 +42,12 @@ void* PrefixTable::Insert(const Val* value, void* data)
 	switch ( value->Type()->Tag() ) {
 	case TYPE_ADDR:
-		return Insert(value->AsAddr(), NUM_ADDR_WORDS * 32, data);
+		return Insert(*value->AsAddr(), 128, data);
 		break;
 	case TYPE_SUBNET:
-		return Insert(value->AsSubNet()->net,
+		return Insert(value->AsSubNet()->Prefix(),
-				value->AsSubNet()->width, data);
+				value->AsSubNet()->LengthIPv6(), data);
 		break;
 	default:
@ -69,7 +56,7 @@ void* PrefixTable::Insert(const Val* value, void* data)
 	}
 	}
-void* PrefixTable::Lookup(const_addr_type addr, int width, bool exact) const
+void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const
 	{
 	prefix_t* prefix = make_prefix(addr, width);
 	patricia_node_t* node =
@ -89,12 +76,12 @@ void* PrefixTable::Lookup(const Val* value, bool exact) const
 	switch ( value->Type()->Tag() ) {
 	case TYPE_ADDR:
-		return Lookup(value->AsAddr(), NUM_ADDR_WORDS * 32, exact);
+		return Lookup(*value->AsAddr(), 128, exact);
 		break;
 	case TYPE_SUBNET:
-		return Lookup(value->AsSubNet()->net,
+		return Lookup(value->AsSubNet()->Prefix(),
-				value->AsSubNet()->width, exact);
+				value->AsSubNet()->LengthIPv6(), exact);
 		break;
 	default:
@ -104,7 +91,7 @@ void* PrefixTable::Lookup(const Val* value, bool exact) const
 	}
 	}
-void* PrefixTable::Remove(const_addr_type addr, int width)
+void* PrefixTable::Remove(const IPAddr& addr, int width)
 	{
 	prefix_t* prefix = make_prefix(addr, width);
 	patricia_node_t* node = patricia_search_exact(tree, prefix);
@ -128,11 +115,12 @@ void* PrefixTable::Remove(const Val* value)
 	switch ( value->Type()->Tag() ) {
 	case TYPE_ADDR:
-		return Remove(value->AsAddr(), NUM_ADDR_WORDS * 32);
+		return Remove(*value->AsAddr(), 128);
 		break;
 	case TYPE_SUBNET:
-		return Remove(value->AsSubNet()->net, value->AsSubNet()->width);
+		return Remove(value->AsSubNet()->Prefix(),
 				value->AsSubNet()->LengthIPv6());
 		break;
 	default:
--- a/src/PrefixTable.h
+++ b/src/PrefixTable.h
@ -3,6 +3,7 @@
 #include "Val.h"
 #include "net_util.h"
 #include "IPAddr.h"
 extern "C" {
 	#include "patricia.h"
@ -24,7 +25,7 @@ public:
 	// Addr in network byte order. If data is zero, acts like a set.
 	// Returns ptr to old data if already existing.
 	// For existing items without data, returns non-nil if found.
-	void* Insert(const_addr_type addr, int width, void* data = 0);
+	void* Insert(const IPAddr& addr, int width, void* data = 0);
 	// Value may be addr or subnet.
 	void* Insert(const Val* value, void* data = 0);
@ -32,11 +33,11 @@ public:
 	// Returns nil if not found, pointer to data otherwise.
 	// For items without data, returns non-nil if found.
 	// If exact is false, performs exact rather than longest-prefix match.
-	void* Lookup(const_addr_type addr, int width, bool exact = false) const;
+	void* Lookup(const IPAddr& addr, int width, bool exact = false) const;
 	void* Lookup(const Val* value, bool exact = false) const;
 	// Returns pointer to data or nil if not found.
-	void* Remove(const_addr_type addr, int width);
+	void* Remove(const IPAddr& addr, int width);
 	void* Remove(const Val* value);
 	void Clear()	{ Clear_Patricia(tree, 0); }
--- a/src/Reassem.cc
+++ b/src/Reassem.cc
@ -43,7 +43,7 @@ DataBlock::DataBlock(const u_char* data, int size, int arg_seq,
 unsigned int Reassembler::total_size = 0;
-Reassembler::Reassembler(int init_seq, const uint32* ip_addr,
+Reassembler::Reassembler(int init_seq, const IPAddr& ip_addr,
 			ReassemblerType arg_type)
 	{
 	blocks = last_block = 0;
--- a/src/Reassem.h
+++ b/src/Reassem.h
@ -4,6 +4,7 @@
 #define reassem_h
 #include "Obj.h"
 #include "IPAddr.h"
 class DataBlock {
 public:
@ -25,7 +26,7 @@ enum ReassemblerType { REASSEM_IP, REASSEM_TCP };
 class Reassembler : public BroObj {
 public:
-	Reassembler(int init_seq, const uint32* ip_addr,
+	Reassembler(int init_seq, const IPAddr& ip_addr,
 			ReassemblerType arg_type);
 	virtual ~Reassembler();
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@ -185,6 +185,7 @@
 #include "Conn.h"
 #include "LogMgr.h"
 #include "Reporter.h"
 #include "IPAddr.h"
 extern "C" {
 #include "setsignal.h"
@ -670,8 +671,8 @@ void RemoteSerializer::Fork()
 		}
 	}
-RemoteSerializer::PeerID RemoteSerializer::Connect(addr_type ip, uint16 port,
+RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip,
-			const char* our_class, double retry, bool use_ssl)
+			uint16 port, const char* our_class, double retry, bool use_ssl)
 	{
 	if ( ! using_communication )
 		return true;
@ -679,16 +680,12 @@ RemoteSerializer::PeerID RemoteSerializer::Connect(addr_type ip, uint16 port,
 	if ( ! initialized )
 		reporter->InternalError("remote serializer not initialized");
-#ifdef BROv6
+	if ( ip.family() == IPAddr::IPv6 )
 	if ( ! is_v4_addr(ip) )
 		Error("inter-Bro communication not supported over IPv6");
-	uint32 ip4 = to_v4_addr(ip);
+	const uint32* bytes;
-#else
+	ip.GetBytes(&bytes);
-	uint32 ip4 = ip;
+	uint32 ip4 = ntohl(*bytes);
 #endif
 	ip4 = ntohl(ip4);
 	if ( ! child_pid )
 		Fork();
@ -1232,7 +1229,7 @@ bool RemoteSerializer::SendCapabilities(Peer* peer)
 	return caps ? SendToChild(MSG_CAPS, peer, 3, caps, 0, 0) : true;
 	}
-bool RemoteSerializer::Listen(addr_type ip, uint16 port, bool expect_ssl)
+bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl)
 	{
 	if ( ! using_communication )
 		return true;
@ -1240,16 +1237,12 @@ bool RemoteSerializer::Listen(addr_type ip, uint16 port, bool expect_ssl)
 	if ( ! initialized )
 		reporter->InternalError("remote serializer not initialized");
-#ifdef BROv6
+	if ( ip.family() == IPAddr::IPv6 )
 	if ( ! is_v4_addr(ip) )
 		Error("inter-Bro communication not supported over IPv6");
-	uint32 ip4 = to_v4_addr(ip);
+	const uint32* bytes;
-#else
+	ip.GetBytes(&bytes);
-	uint32 ip4 = ip;
+	uint32 ip4 = ntohl(*bytes);
 #endif
 	ip4 = ntohl(ip4);
 	if ( ! SendToChild(MSG_LISTEN, 0, 3, ip4, port, expect_ssl) )
 		return false;
--- a/src/RemoteSerializer.h
+++ b/src/RemoteSerializer.h
@ -32,7 +32,7 @@ public:
 	static const PeerID PEER_NONE = SOURCE_LOCAL;
 	// Connect to host (returns PEER_NONE on error).
-	PeerID Connect(addr_type ip, uint16 port, const char* our_class, double retry, bool use_ssl);
+	PeerID Connect(const IPAddr& ip, uint16 port, const char* our_class, double retry, bool use_ssl);
 	// Close connection to host.
 	bool CloseConnection(PeerID peer);
@ -60,7 +60,7 @@ public:
 	bool CompleteHandshake(PeerID peer);
 	// Start to listen.
-	bool Listen(addr_type ip, uint16 port, bool expect_ssl);
+	bool Listen(const IPAddr& ip, uint16 port, bool expect_ssl);
 	// Stop it.
 	bool StopListening();
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@ -169,6 +169,20 @@ void Reporter::WeirdFlowHelper(const uint32* orig, const uint32* resp, const cha
 	delete vl;
 	}
 void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...)
 	{
 	val_list* vl = new val_list(2);
 	vl->append(new AddrVal(orig));
 	vl->append(new AddrVal(resp));
 	va_list ap;
 	va_start(ap, fmt_name);
 	DoLog("weird", flow_weird, stderr, 0, vl, false, false, 0, fmt_name, ap);
 	va_end(ap);
 	delete vl;
 	}
 void Reporter::Weird(const char* name)
 	{
 	WeirdHelper(net_weird, 0, 0, name);
@ -189,6 +203,11 @@ void Reporter::Weird(const uint32* orig, const uint32* resp, const char* name)
 	WeirdFlowHelper(orig, resp, "%s", name);
 	}
 void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name)
 	{
 	WeirdFlowHelper(orig, resp, "%s", name);
 	}
 void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Connection* conn, val_list* addl, bool location, bool time, const char* postfix, const char* fmt, va_list ap)
 	{
 	static char tmp[512];
--- a/src/Reporter.h
+++ b/src/Reporter.h
@ -11,6 +11,7 @@
 #include "util.h"
 #include "net_util.h"
 #include "EventHandler.h"
 #include "IPAddr.h"
 class Connection;
 class Location;
@ -75,6 +76,7 @@ public:
 	void Weird(Connection* conn, const char* name, const char* addl = "");	// Raises conn_weird().
 	void Weird(Val* conn_val, const char* name, const char* addl = "");	// Raises conn_weird().
 	void Weird(const uint32* orig, const uint32* resp, const char* name);	// Raises flow_weird().
 	void Weird(const IPAddr& orig, const IPAddr& resp, const char* name);	// Raises flow_weird().
 	// Syslog a message. This methods does nothing if we're running
 	// offline from a trace.
@ -122,6 +124,7 @@ private:
 	// contain format specifiers
 	void WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* addl, const char* fmt_name, ...);
 	void WeirdFlowHelper(const uint32* orig, const uint32* resp, const char* fmt_name, ...);
 	void WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...);
 	int errors;
 	bool via_events;
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -1067,16 +1067,20 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to)
 			break;
 		case TYPE_SUBNET:
 #ifdef BROv6
 			{
-			uint32* n = v->AsSubNet()->net;
+			const uint32* n;
-			uint32* m = v->AsSubNetVal()->Mask();
+			uint32 m[4];
 			v->AsSubNet()->Prefix().GetBytes(&n);
 			v->AsSubNetVal()->Mask().CopyIPv6(m);
 			for ( unsigned int i = 0; i < 4; ++i )
 				m[i] = ntohl(m[i]);
 			bool is_v4_mask = m[0] == 0xffffffff &&
 						m[1] == m[0] && m[2] == m[0];
-			if ( is_v4_addr(n) && is_v4_mask )
+			if ( v->AsSubNet()->Prefix().family() == IPAddr::IPv4 &&
 			     is_v4_mask )
 				{
-				mval->val = ntohl(to_v4_addr(n));
+				mval->val = ntohl(*n);
 				mval->mask = m[3];
 				}
@ -1087,10 +1091,6 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to)
 				mval->mask = 0;
 				}
 			}
 #else
 			mval->val = ntohl(v->AsSubNet()->net);
 			mval->mask = v->AsSubNetVal()->Mask();
 #endif
 			break;
 		default:
--- a/src/SSH.cc
+++ b/src/SSH.cc
@ -66,7 +66,7 @@ void SSH_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
 		{
 		if ( length >= i )
 			{
-			const uint32* dst;
+			IPAddr dst;
 			if ( is_orig )
 				dst = TCP()->Orig()->dst_addr;
 			else
--- a/src/Serializer.cc
+++ b/src/Serializer.cc
@ -1103,9 +1103,9 @@ void EventPlayer::Process()
 void Packet::Describe(ODesc* d) const
 	{
 	const IP_Hdr ip = IP();
-	d->Add(dotted_addr(ip.SrcAddr()));
+	d->Add(string(ip.SrcAddr()).c_str());
 	d->Add("->");
-	d->Add(dotted_addr(ip.DstAddr()));
+	d->Add(string(ip.DstAddr()).c_str());
 	}
 bool Packet::Serialize(SerialInfo* info) const
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -284,13 +284,8 @@ void NetSessions::NextPacket(double t, const struct pcap_pkthdr* hdr,
 		else
 			{
 #ifdef BROv6
 			IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt + hdr_size));
 			DoNextPacket(t, hdr, &ip_hdr, pkt, hdr_size);
 #else
 			Weird("non_IPv4_packet", hdr, pkt);
 			return;
 #endif
 			}
 		}
@ -604,7 +599,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	int record_packet = 1;	// whether to record the packet at all
 	int record_content = 1;	// whether to record its data
-	int is_orig = addr_eq(id.src_addr, conn->OrigAddr()) &&
+	int is_orig = id.src_addr == conn->OrigAddr() &&
 			id.src_port == conn->OrigPort();
 	if ( new_packet && ip4 )
@ -731,13 +726,11 @@ Val* NetSessions::BuildHeader(const struct ip* ip)
 FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip,
 					const u_char* pkt, uint32 frag_field)
 	{
 	uint32 src_addr = uint32(ip->SrcAddr4());
 	uint32 dst_addr = uint32(ip->DstAddr4());
 	uint32 frag_id = ntohs(ip->ID4());	// we actually could skip conv.
 	ListVal* key = new ListVal(TYPE_ANY);
-	key->Append(new Val(src_addr, TYPE_COUNT));
+	key->Append(new AddrVal(ip->SrcAddr()));
-	key->Append(new Val(dst_addr, TYPE_COUNT));
+	key->Append(new AddrVal(ip->DstAddr()));
 	key->Append(new Val(frag_id, TYPE_COUNT));
 	HashKey* h = ch->ComputeHash(key, 1);
@ -772,7 +765,7 @@ int NetSessions::Get_OS_From_SYN(struct os_type* retval,
 				quirks, ECN) : 0;
 	}
-bool NetSessions::CompareWithPreviousOSMatch(uint32 addr, int id) const
+bool NetSessions::CompareWithPreviousOSMatch(const IPAddr& addr, int id) const
 	{
 	return SYN_OS_Fingerprinter ?
 		SYN_OS_Fingerprinter->CacheMatch(addr, id) : 0;
@ -813,21 +806,16 @@ Connection* NetSessions::FindConnection(Val* v)
 		// types, too.
 		}
-	addr_type orig_addr = (*vl)[orig_h]->AsAddr();
+	IPAddr* orig_addr = (*vl)[orig_h]->AsAddr();
-	addr_type resp_addr = (*vl)[resp_h]->AsAddr();
+	IPAddr* resp_addr = (*vl)[resp_h]->AsAddr();
 	PortVal* orig_portv = (*vl)[orig_p]->AsPortVal();
 	PortVal* resp_portv = (*vl)[resp_p]->AsPortVal();
 	ConnID id;
-#ifdef BROv6
+	id.src_addr = *orig_addr;
-	id.src_addr = orig_addr;
+	id.dst_addr = *resp_addr;
 	id.dst_addr = resp_addr;
 #else
 	id.src_addr = &orig_addr;
 	id.dst_addr = &resp_addr;
 #endif
 	id.src_port = htons((unsigned short) orig_portv->Port());
 	id.dst_port = htons((unsigned short) resp_portv->Port());
@ -1092,7 +1080,7 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id,
 		// an analyzable connection.
 		ConnID flip_id = *id;
-		const uint32* ta = flip_id.src_addr;
+		const IPAddr ta = flip_id.src_addr;
 		flip_id.src_addr = flip_id.dst_addr;
 		flip_id.dst_addr = ta;
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -87,7 +87,7 @@ public:
 			uint32 tstamp, /* uint8 TOS, */ uint32 quirks,
 			uint8 ECN) const;
-	bool CompareWithPreviousOSMatch(uint32 addr, int id) const;
+	bool CompareWithPreviousOSMatch(const IPAddr& addr, int id) const;
 	// Looks up the connection referred to by the given Val,
 	// which should be a conn_id record.  Returns nil if there's
--- a/src/TCP.cc
+++ b/src/TCP.cc
@ -276,7 +276,7 @@ void TCP_Analyzer::ProcessSYN(const IP_Hdr* ip, const struct tcphdr* tp,
 				uint32 tcp_hdr_len, int& seq_len,
 				TCP_Endpoint* endpoint, TCP_Endpoint* peer,
 				uint32 base_seq, uint32 ack_seq,
-				const uint32* orig_addr,
+				const IPAddr& orig_addr,
 				int is_orig, TCP_Flags flags)
 	{
 	int len = seq_len;
@ -346,7 +346,7 @@ void TCP_Analyzer::ProcessSYN(const IP_Hdr* ip, const struct tcphdr* tp,
 	// is_orig will be removed once we can do SYN-ACK fingerprinting.
 	if ( OS_version_found && is_orig )
 		{
-		Val src_addr_val(orig_addr, TYPE_ADDR);
+		AddrVal src_addr_val(orig_addr);
 		if ( generate_OS_version_event->Size() == 0 ||
 		     generate_OS_version_event->Lookup(&src_addr_val) )
 			{
@ -414,7 +414,7 @@ int TCP_Analyzer::ProcessFlags(double t,
 				uint32 tcp_hdr_len, int len, int& seq_len,
 				TCP_Endpoint* endpoint, TCP_Endpoint* peer,
 				uint32 base_seq, uint32 ack_seq,
-				const uint32* orig_addr,
+				const IPAddr& orig_addr,
 				int is_orig, TCP_Flags flags)
 	{
 	if ( flags.SYN() )
@ -989,8 +989,8 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 	if ( ! orig->did_close || ! resp->did_close )
 		Conn()->SetLastTime(t);
-	const uint32* orig_addr = Conn()->OrigAddr();
+	const IPAddr orig_addr = Conn()->OrigAddr();
-	const uint32* resp_addr = Conn()->RespAddr();
+	const IPAddr resp_addr = Conn()->RespAddr();
 	uint32 tcp_hdr_len = data - (const u_char*) tp;
@ -1331,7 +1331,7 @@ RecordVal* TCP_Analyzer::BuildOSVal(int is_orig, const IP_Hdr* ip,
 			tstamp, quirks,
 			uint8(tcp->th_flags & (TH_ECE|TH_CWR)));
-	if ( sessions->CompareWithPreviousOSMatch(ip->SrcAddr4(), id) )
+	if ( sessions->CompareWithPreviousOSMatch(ip->SrcAddr(), id) )
 		{
 		RecordVal* os = new RecordVal(OS_version);
--- a/src/TCP.h
+++ b/src/TCP.h
@ -6,6 +6,7 @@
 #include "Analyzer.h"
 #include "TCP.h"
 #include "PacketDumper.h"
 #include "IPAddr.h"
 // We define two classes here:
 // - TCP_Analyzer is the analyzer for the TCP protocol itself.
@ -128,7 +129,7 @@ protected:
 			uint32 tcp_hdr_len, int& seq_len,
 			TCP_Endpoint* endpoint, TCP_Endpoint* peer,
 			uint32 base_seq, uint32 ack_seq,
-			const uint32* orig_addr,
+			const IPAddr& orig_addr,
 			int is_orig, TCP_Flags flags);
 	void ProcessFIN(double t, TCP_Endpoint* endpoint, int& seq_len,
@ -144,7 +145,7 @@ protected:
 			uint32 tcp_hdr_len, int len, int& seq_len,
 			TCP_Endpoint* endpoint, TCP_Endpoint* peer,
 			uint32 base_seq, uint32 ack_seq,
-			const uint32* orig_addr,
+			const IPAddr& orig_addr,
 			int is_orig, TCP_Flags flags);
 	void TransitionFromInactive(double t, TCP_Endpoint* endpoint,
--- a/src/TCP_Endpoint.cc
+++ b/src/TCP_Endpoint.cc
@ -32,13 +32,12 @@ TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, int arg_is_orig)
 	dst_addr = is_orig ? tcp_analyzer->Conn()->OrigAddr() :
 				tcp_analyzer->Conn()->RespAddr();
-#ifdef BROv6
+	const uint32* src_bytes;
-	checksum_base = ones_complement_checksum((void*) src_addr, 16, 0);
+	const uint32* dst_bytes;
-	checksum_base = ones_complement_checksum((void*) dst_addr, 16, checksum_base);
+	int n = src_addr.GetBytes(&src_bytes);
-#else
+	dst_addr.GetBytes(&dst_bytes);
-	checksum_base = ones_complement_checksum((void*) src_addr, 4, 0);
+	checksum_base = ones_complement_checksum((void*) src_bytes, n*4, 0);
-	checksum_base = ones_complement_checksum((void*) dst_addr, 4, checksum_base);
+	checksum_base = ones_complement_checksum((void*) dst_bytes, n*4, checksum_base);
 #endif
 	// Note, for IPv6, strictly speaking this field is 32 bits
 	// rather than 16 bits.  But because the upper bits are all zero,
 	// we get the same checksum either way.  The same applies to
--- a/src/TCP_Endpoint.h
+++ b/src/TCP_Endpoint.h
@ -3,6 +3,8 @@
 #ifndef tcpendpoint_h
 #define tcpendpoint_h
 #include "IPAddr.h"
 typedef enum {
 	TCP_ENDPOINT_INACTIVE,	// no SYN (or other packets) seen for this side
 	TCP_ENDPOINT_SYN_SENT,	// SYN seen, but no ack
@ -128,8 +130,8 @@ public:
 	uint32 checksum_base;
 	double start_time, last_time;
-	const uint32* src_addr; // the other endpoint
+	IPAddr src_addr; // the other endpoint
-	const uint32* dst_addr; // this endpoint
+	IPAddr dst_addr; // this endpoint
 	uint32 window; // current congestion window (*scaled*, not pre-scaling)
 	int window_scale;  // from the TCP option
 	uint32 window_ack_seq; // at which ack_seq number did we record 'window'
--- a/src/UDP.cc
+++ b/src/UDP.cc
@ -61,11 +61,9 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		     udp_checksum(ip->IP4_Hdr(), up, len) != 0xffff )
 			bad = true;
 #ifdef BROv6
 		if ( ip->IP6_Hdr() && /* checksum is not optional for IPv6 */
 		     udp6_checksum(ip->IP6_Hdr(), up, len) != 0xffff )
 			bad = true;
 #endif
 		if ( bad )
 			{
--- a/src/Val.cc
+++ b/src/Val.cc
@ -25,7 +25,7 @@
 #include "PrefixTable.h"
 #include "Conn.h"
 #include "Reporter.h"
-
+#include "IPAddr.h"
 Val::Val(Func* f)
 	{
@ -205,29 +205,31 @@ bool Val::DoSerialize(SerialInfo* info) const
 				val.string_val->Len());
 	case TYPE_INTERNAL_ADDR:
-		return SERIALIZE(NUM_ADDR_WORDS)
+		{
-#ifdef BROv6
+		const uint32* addrp;
-			&& SERIALIZE(uint32(ntohl(val.addr_val[0])))
+		int words = val.addr_val->GetBytes(&addrp);
-			&& SERIALIZE(uint32(ntohl(val.addr_val[1])))
+		if ( ! SERIALIZE(words) )
-			&& SERIALIZE(uint32(ntohl(val.addr_val[2])))
+			return false;
-			&& SERIALIZE(uint32(ntohl(val.addr_val[3])));
+		for ( int i = 0; i < words; ++i )
-#else
+			if ( ! SERIALIZE(ntohl(addrp[i])) )
-			&& SERIALIZE(uint32(ntohl(val.addr_val)));
+				return false;
-#endif
+		return true;
 		}
 	case TYPE_INTERNAL_SUBNET:
-		return info->s->WriteOpenTag("subnet")
+		{
-			&& SERIALIZE(NUM_ADDR_WORDS)
+		const uint32* addrp;
-#ifdef BROv6
+		int words = val.subnet_val->Prefix().GetBytes(&addrp);
-			&& SERIALIZE(uint32(ntohl(val.subnet_val.net[0])))
+		if ( ! (info->s->WriteOpenTag("subnet") && SERIALIZE(words)) )
-			&& SERIALIZE(uint32(ntohl(val.subnet_val.net[1])))
+			return false;
-			&& SERIALIZE(uint32(ntohl(val.subnet_val.net[2])))
+		for ( int i = 0; i < words; ++i )
-			&& SERIALIZE(uint32(ntohl(val.subnet_val.net[3])))
+			if ( ! SERIALIZE(ntohl(addrp[i])) )
-#else
+				return false;
-			&& SERIALIZE(uint32(ntohl(val.subnet_val.net)))
+		if ( ! (SERIALIZE(val.subnet_val->Length()) &&
-#endif
+				info->s->WriteCloseTag("subnet")) )
-			&& SERIALIZE(val.subnet_val.width)
+			return false;
-			&& info->s->WriteCloseTag("subnet");
+		return true;
 		}
 	case TYPE_INTERNAL_OTHER:
 		// Derived classes are responsible for this.
@ -314,21 +316,10 @@ bool Val::DoUnserialize(UnserialInfo* info)
 			a[i] = htonl(a[i]);
 			}
 #ifndef BROv6
 		if ( num_words == 4 )
 			{
 			if ( a[0] || a[1] || a[2] )
 				info->s->Warning("received IPv6 address, ignoring");
 			((AddrVal*) this)->Init(a[3]);
 			}
 		else
 			((AddrVal*) this)->Init(a[0]);
 #else
 		if ( num_words == 1)
-			((AddrVal*) this)->Init(a[0]);
+			val.addr_val = new IPAddr(IPAddr::IPv4, a, IPAddr::Network);
 		else
-			((AddrVal*) this)->Init(a);
+			val.addr_val = new IPAddr(IPAddr::IPv6, a, IPAddr::Network);
 #endif
 		}
 		return true;
@ -358,28 +349,16 @@ bool Val::DoUnserialize(UnserialInfo* info)
 		if ( ! UNSERIALIZE(&width) )
 			return false;
 #ifdef BROv6
 		if ( num_words == 1 )
 			{
-			a[3] = a[0];
+			IPAddr tmp(IPAddr::IPv4, a, IPAddr::Network);
-			a[0] = a[1] = a[2] = 0;
+			val.subnet_val = new IPPrefix(tmp, width);
 			}
-
+		else
 		((SubNetVal*) this)->Init(a, width);
 #else
 		if ( num_words == 4 )
 			{
-			if ( a[0] || a[1] || a[2] )
+			IPAddr tmp(IPAddr::IPv6, a, IPAddr::Network);
-				info->s->Warning("received IPv6 subnet, ignoring");
+			val.subnet_val = new IPPrefix(tmp, width);
 			a[0] = a[3];
 			if ( width > 32 )
 				width -= 96;
 			}
 		((SubNetVal*) this)->Init(a[0], width);
 #endif
 		}
 		return true;
@ -590,12 +569,10 @@ void Val::ValDescribe(ODesc* d) const
 	case TYPE_INTERNAL_UNSIGNED:	d->Add(val.uint_val); break;
 	case TYPE_INTERNAL_DOUBLE:	d->Add(val.double_val); break;
 	case TYPE_INTERNAL_STRING:	d->AddBytes(val.string_val); break;
-	case TYPE_INTERNAL_ADDR:	d->Add(dotted_addr(val.addr_val)); break;
+	case TYPE_INTERNAL_ADDR:	d->Add(string(*val.addr_val).c_str()); break;
 	case TYPE_INTERNAL_SUBNET:
-		d->Add(dotted_addr(val.subnet_val.net));
+		d->Add(string(*val.subnet_val).c_str());
 		d->Add("/");
 		d->Add(val.subnet_val.width);
 		break;
 	case TYPE_INTERNAL_ERROR:	d->AddCS("error"); break;
@ -706,7 +683,8 @@ ID* MutableVal::Bind() const
 			ip = htonl(0x7f000001);	// 127.0.0.1
 		safe_snprintf(name, MAX_NAME_SIZE, "#%s#%d#",
-			      dotted_addr(ip), getpid());
+		          string(IPAddr(IPAddr::IPv4, &ip, IPAddr::Network)).c_str(),
 			      getpid());
 #else
 		safe_snprintf(name, MAX_NAME_SIZE, "#%s#%d#", host, getpid());
 #endif
@ -957,92 +935,41 @@ bool PortVal::DoUnserialize(UnserialInfo* info)
 AddrVal::AddrVal(const char* text) : Val(TYPE_ADDR)
 	{
-	const char* colon = strchr(text, ':');
+	val.addr_val = new IPAddr(string(text));
 	if ( colon )
 		{
 #ifdef BROv6
 		Init(dotted_to_addr6(text));
 #else
 		reporter->Error("bro wasn't compiled with IPv6 support");
 		Init(uint32(0));
 #endif
 		}
 	else
 		Init(dotted_to_addr(text));
 	}
 AddrVal::AddrVal(uint32 addr) : Val(TYPE_ADDR)
 	{
 	// ### perhaps do gethostbyaddr here?
-	Init(addr);
+	val.addr_val = new IPAddr(IPAddr::IPv4, &addr, IPAddr::Network);
 	}
 AddrVal::AddrVal(const uint32* addr) : Val(TYPE_ADDR)
 	{
-	Init(addr);
+	val.addr_val = new IPAddr(IPAddr::IPv6, addr, IPAddr::Network);
 	}
 AddrVal::AddrVal(const IPAddr& addr) : Val(TYPE_ADDR)
 	{
 	val.addr_val = new IPAddr(addr);
 	}
 AddrVal::~AddrVal()
 	{
-#ifdef BROv6
+	delete val.addr_val;
 	delete [] val.addr_val;
 #endif
 	}
 Val* AddrVal::SizeVal() const
 	{
 	uint32 addr;
 #ifdef BROv6
 	if ( ! is_v4_addr(val.addr_val) )
 		{
 		Error("|addr| for IPv6 addresses not supported");
 		return new Val(0, TYPE_COUNT);
 		}
 	addr = to_v4_addr(val.addr_val);
 #else
 	addr = val.addr_val;
 #endif
 	addr = ntohl(addr);
 	return new Val(addr, TYPE_COUNT);
 	}
 void AddrVal::Init(uint32 addr)
 	{
 #ifdef BROv6
 	val.addr_val = new uint32[4];
 	val.addr_val[0] = val.addr_val[1] = val.addr_val[2] = 0;
 	val.addr_val[3] = addr;
 #else
 	val.addr_val = addr;
 #endif
 	}
 void AddrVal::Init(const uint32* addr)
 	{
 #ifdef BROv6
 	val.addr_val = new uint32[4];
 	val.addr_val[0] = addr[0];
 	val.addr_val[1] = addr[1];
 	val.addr_val[2] = addr[2];
 	val.addr_val[3] = addr[3];
 #else
 	val.addr_val = addr[0];
 #endif
 	}
 unsigned int AddrVal::MemoryAllocation() const
 	{
-#ifdef BROv6
+	return padded_sizeof(*this) + val.addr_val->MemoryAllocation();
-		return padded_sizeof(*this) + pad_size(4 * sizeof(uint32));
+	}
-#else
+
-		return padded_sizeof(*this);
+Val* AddrVal::SizeVal() const
-#endif
+	{
 	if ( val.addr_val->family() == IPAddr::IPv4 )
 		return new Val(32, TYPE_COUNT);
 	else
 		return new Val(128, TYPE_COUNT);
 	}
 IMPLEMENT_SERIAL(AddrVal, SER_ADDR_VAL);
@ -1059,164 +986,75 @@ bool AddrVal::DoUnserialize(UnserialInfo* info)
 	return true;
 	}
 static uint32 parse_dotted(const char* text, int& dots)
 	{
 	int addr[4];
 	uint32 a = 0;
 	dots = 0;
 	if ( sscanf(text, "%d.%d.%d.%d", addr+0, addr+1, addr+2, addr+3) == 4 )
 		{
 		a = (addr[0] << 24) | (addr[1] << 16) |
 			(addr[2] << 8) | addr[3];
 		dots = 3;
 		}
 	else if ( sscanf(text, "%d.%d.%d", addr+0, addr+1, addr+2) == 3 )
 		{
 		a = (addr[0] << 24) | (addr[1] << 16) | (addr[2] << 8);
 		dots = 2;
 		}
 	else if ( sscanf(text, "%d.%d", addr+0, addr+1) == 2 )
 		{
 		a = (addr[0] << 24) | (addr[1] << 16);
 		dots = 1;
 		}
 	else
 		reporter->InternalError("scanf failed in parse_dotted()");
 	for ( int i = 0; i <= dots; ++i )
 		{
 		if ( addr[i] < 0 || addr[i] > 255 )
 			{
 			reporter->Error("bad dotted address %s", text);
 			break;
 			}
 		}
 	return a;
 	}
 SubNetVal::SubNetVal(const char* text) : Val(TYPE_SUBNET)
 	{
 	const char* sep = strchr(text, '/');
 	if ( ! sep )
 		Internal("separator missing in SubNetVal::SubNetVal");
-
+	val.subnet_val = new IPPrefix(text, atoi(sep+1));
 	Init(text, atoi(sep+1));
 	}
 SubNetVal::SubNetVal(const char* text, int width) : Val(TYPE_SUBNET)
 	{
-	Init(text, width);
+	val.subnet_val = new IPPrefix(text, width);
 	}
 SubNetVal::SubNetVal(uint32 addr, int width) : Val(TYPE_SUBNET)
 	{
-	Init(addr, width);
+	IPAddr a(IPAddr::IPv4, &addr, IPAddr::Network);
 	val.subnet_val = new IPPrefix(a, width);
 	}
 #ifdef BROv6
 SubNetVal::SubNetVal(const uint32* addr, int width) : Val(TYPE_SUBNET)
 	{
-	Init(addr, width);
+	IPAddr a(IPAddr::IPv6, addr, IPAddr::Network);
-	}
+	val.subnet_val = new IPPrefix(a, width);
 #endif
 void SubNetVal::Init(const char* text, int width)
 	{
 #ifdef BROv6
 	if ( width <= 0 || width > 128 )
 #else
 	if ( width <= 0 || width > 32 )
 #endif
 		Error("bad subnet width");
 	int dots;
 	uint32 a = parse_dotted(text, dots);
 	Init(uint32(htonl(a)), width);
 	}
-
+SubNetVal::SubNetVal(const IPAddr& addr, int width) : Val(TYPE_SUBNET)
 void SubNetVal::Init(uint32 addr, int width)
 	{
-#ifdef BROv6
+	val.subnet_val = new IPPrefix(addr, width);
 	Internal("SubNetVal::Init called on 4-byte address w/ BROv6");
 #else
 	val.subnet_val.net = mask_addr(addr, uint32(width));
 	val.subnet_val.width = width;
 #endif
 	}
-void SubNetVal::Init(const uint32* addr, int width)
+SubNetVal::~SubNetVal()
 	{
-#ifdef BROv6
+	delete val.subnet_val;
-	const uint32* a = mask_addr(addr, uint32(width));
+	}
-	val.subnet_val.net[0] = a[0];
+unsigned int SubNetVal::MemoryAllocation() const
-	val.subnet_val.net[1] = a[1];
+	{
-	val.subnet_val.net[2] = a[2];
+	return padded_sizeof(*this) + val.subnet_val->MemoryAllocation();
 	val.subnet_val.net[3] = a[3];
 	if ( is_v4_addr(addr) && width <= 32 )
 		val.subnet_val.width = width + 96;
 	else
 		val.subnet_val.width = width;
 #else
 	Internal("SubNetVal::Init called on 16-byte address w/o BROv6");
 #endif
 	}
 Val* SubNetVal::SizeVal() const
 	{
-	int retained;
+	int retained = 128 - val.subnet_val->LengthIPv6();
 #ifdef BROv6
 	retained = 128 - Width();
 #else
 	retained = 32 - Width();
 #endif
 	return new Val(pow(2.0, double(retained)), TYPE_DOUBLE);
 	}
 void SubNetVal::ValDescribe(ODesc* d) const
 	{
-	d->Add(dotted_addr(val.subnet_val.net, d->Style() == ALTERNATIVE_STYLE));
+	d->Add(string(*val.subnet_val).c_str());
 	d->Add("/");
 #ifdef BROv6
 	if ( is_v4_addr(val.subnet_val.net) )
 		d->Add(val.subnet_val.width - 96);
 	else
 #endif
 	d->Add(val.subnet_val.width);
 	}
-addr_type SubNetVal::Mask() const
+IPAddr SubNetVal::Mask() const
 	{
-	if ( val.subnet_val.width == 0 )
+	if ( val.subnet_val->Length() == 0 )
 		{
 		// We need to special-case a mask width of zero, since
 		// the compiler doesn't guarantee that 1 << 32 yields 0.
-#ifdef BROv6
+		uint32 m[4];
-		uint32* m = new uint32[4];
+		for ( unsigned int i = 0; i < 4; ++i )
 		for ( int i = 0; i < 4; ++i )
 			m[i] = 0;
-
+		IPAddr rval(IPAddr::IPv6, m, IPAddr::Host);
-		return m;
+		return rval;
 #else
 		return 0;
 #endif
 		}
-#ifdef BROv6
+	uint32 m[4];
 	uint32* m = new uint32[4];
 	uint32* mp = m;
 	uint32 w;
-	for ( w = val.subnet_val.width; w >= 32; w -= 32 )
+	for ( w = val.subnet_val->Length(); w >= 32; w -= 32 )
 		   *(mp++) = 0xffffffff;
 	*mp = ~((1 << (32 - w)) - 1);
@ -1224,44 +1062,29 @@ addr_type SubNetVal::Mask() const
 	while ( ++mp < m + 4 )
 		   *mp = 0;
-	return m;
+	IPAddr rval(IPAddr::IPv6, m, IPAddr::Host);
-
+	return rval;
 #else
 	return ~((1 << (32 - val.subnet_val.width)) - 1);
 #endif
 	}
 bool SubNetVal::Contains(const uint32 addr) const
 	{
-#ifdef BROv6
+	IPAddr a(IPAddr::IPv4, &addr, IPAddr::Network);
-	Internal("SubNetVal::Contains called on 4-byte address w/ BROv6");
+	a.Mask(val.subnet_val->Length());
-	return false;
+	return a == val.subnet_val->Prefix();
 #else
 	return ntohl(val.subnet_val.net) == (ntohl(addr) & Mask());
 #endif
 	}
 bool SubNetVal::Contains(const uint32* addr) const
 	{
-#ifdef BROv6
+	IPAddr a(IPAddr::IPv6, addr, IPAddr::Network);
-	const uint32* net = val.subnet_val.net;
+	a.Mask(val.subnet_val->Length());
-	const uint32* a = addr;
+	return a == val.subnet_val->Prefix();
 	uint32 m;
 	for ( m = val.subnet_val.width; m > 32; m -= 32 )
 		{
 		if ( *net != *a )
 			return false;
 		++net;
 		++a;
 	}
-	uint32 mask = ~((1 << (32 - m)) - 1);
+bool SubNetVal::Contains(const IPAddr& addr) const
-	return ntohl(*net) == (ntohl(*a) & mask);
+	{
-#else
+	IPAddr a(addr);
-	return Contains(addr[3]);
+	a.Mask(val.subnet_val->Length());
-#endif
+	return a == val.subnet_val->Prefix();
 	}
 IMPLEMENT_SERIAL(SubNetVal, SER_SUBNET_VAL);
@ -3476,20 +3299,10 @@ int same_atomic_val(const Val* v1, const Val* v2)
 		return v1->InternalDouble() == v2->InternalDouble();
 	case TYPE_INTERNAL_STRING:
 		return Bstr_eq(v1->AsString(), v2->AsString());
 	case TYPE_INTERNAL_ADDR:
-		{
+		return *v1->AsAddr() == *v2->AsAddr();
 		const addr_type& a1 = v1->AsAddr();
 		const addr_type& a2 = v2->AsAddr();
 #ifdef BROv6
 		return addr_eq(a1, a2);
 #else
 		return addr_eq(&a1, &a2);
 #endif
 		}
 	case TYPE_INTERNAL_SUBNET:
-		return subnet_eq(v1->AsSubNet(), v2->AsSubNet());
+		return *v1->AsSubNet() == *v2->AsSubNet();
 	default:
 		reporter->InternalError("same_atomic_val called for non-atomic value");
--- a/src/Val.h
+++ b/src/Val.h
@ -18,6 +18,7 @@
 #include "ID.h"
 #include "Scope.h"
 #include "StateAccess.h"
 #include "IPAddr.h"
 class Val;
 class Func;
@ -53,11 +54,11 @@ typedef union {
 	// Used for count, counter, port, subnet.
 	bro_uint_t uint_val;
-	// Used for addr, net
+	// Used for addr
-	addr_type addr_val;
+	IPAddr* addr_val;
 	// Used for subnet
-	subnet_type subnet_val;
+	IPPrefix* subnet_val;
 	// Used for double, time, interval.
 	double double_val;
@ -226,10 +227,10 @@ public:
 	CONST_ACCESSOR(TYPE_PATTERN, RE_Matcher*, re_val, AsPattern)
 	CONST_ACCESSOR(TYPE_VECTOR, vector<Val*>*, vector_val, AsVector)
-	const subnet_type* AsSubNet() const
+	const IPPrefix* AsSubNet() const
 		{
 		CHECK_TAG(type->Tag(), TYPE_SUBNET, "Val::SubNet", type_name)
-		return &val.subnet_val;
+		return val.subnet_val;
 		}
 	BroType* AsType() const
@ -238,8 +239,7 @@ public:
 		return type;
 		}
-	// ... in network byte order
+	const IPAddr* AsAddr() const
 	const addr_type AsAddr() const
 		{
 		if ( type->Tag() != TYPE_ADDR )
 			BadTag("Val::AsAddr", type_name(type->Tag()));
@ -261,10 +261,17 @@ public:
 	ACCESSOR(TYPE_PATTERN, RE_Matcher*, re_val, AsPattern)
 	ACCESSOR(TYPE_VECTOR, vector<Val*>*, vector_val, AsVector)
-	subnet_type* AsSubNet()
+	IPPrefix* AsSubNet()
 		{
 		CHECK_TAG(type->Tag(), TYPE_SUBNET, "Val::SubNet", type_name)
-		return &val.subnet_val;
+		return val.subnet_val;
 		}
 	IPAddr* AsAddr()
 		{
 		if ( type->Tag() != TYPE_ADDR )
 			BadTag("Val::AsAddr", type_name(type->Tag()));
 		return val.addr_val;
 		}
 	// Gives fast access to the bits of something that is one of
@ -282,6 +289,7 @@ public:
 	CONVERTER(TYPE_PATTERN, PatternVal*, AsPatternVal)
 	CONVERTER(TYPE_PORT, PortVal*, AsPortVal)
 	CONVERTER(TYPE_SUBNET, SubNetVal*, AsSubNetVal)
 	CONVERTER(TYPE_ADDR, AddrVal*, AsAddrVal)
 	CONVERTER(TYPE_TABLE, TableVal*, AsTableVal)
 	CONVERTER(TYPE_RECORD, RecordVal*, AsRecordVal)
 	CONVERTER(TYPE_LIST, ListVal*, AsListVal)
@ -299,6 +307,7 @@ public:
 	CONST_CONVERTER(TYPE_PATTERN, PatternVal*, AsPatternVal)
 	CONST_CONVERTER(TYPE_PORT, PortVal*, AsPortVal)
 	CONST_CONVERTER(TYPE_SUBNET, SubNetVal*, AsSubNetVal)
 	CONST_CONVERTER(TYPE_ADDR, AddrVal*, AsAddrVal)
 	CONST_CONVERTER(TYPE_TABLE, TableVal*, AsTableVal)
 	CONST_CONVERTER(TYPE_RECORD, RecordVal*, AsRecordVal)
 	CONST_CONVERTER(TYPE_LIST, ListVal*, AsListVal)
@ -555,6 +564,7 @@ public:
 	// Constructor for address already in network order.
 	AddrVal(uint32 addr);
 	AddrVal(const uint32* addr);
 	AddrVal(const IPAddr& addr);
 	unsigned int MemoryAllocation() const;
@ -564,9 +574,6 @@ protected:
 	AddrVal(TypeTag t) : Val(t)	{ }
 	AddrVal(BroType* t) : Val(t)	{ }
 	void Init(uint32 addr);
 	void Init(const uint32* addr);
 	DECLARE_SERIAL(AddrVal);
 };
@ -574,30 +581,27 @@ class SubNetVal : public Val {
 public:
 	SubNetVal(const char* text);
 	SubNetVal(const char* text, int width);
-	SubNetVal(uint32 addr, int width);	// for address already massaged
+	SubNetVal(uint32 addr, int width);
-	SubNetVal(const uint32* addr, int width);	// ditto
+	SubNetVal(const uint32* addr, int width);
 	SubNetVal(const IPAddr& addr, int width);
 	~SubNetVal();
 	Val* SizeVal() const;
-	int Width() const	{ return val.subnet_val.width; }
+	const IPAddr& Prefix() const { return val.subnet_val->Prefix(); }
-	addr_type Mask() const; // returns host byte order
+	int Width() const	{ return val.subnet_val->Length(); }
 	IPAddr Mask() const;
 	bool Contains(const uint32 addr) const;
 	bool Contains(const uint32* addr) const;
 	bool Contains(const IPAddr& addr) const;
-	unsigned int MemoryAllocation() const
+	unsigned int MemoryAllocation() const;
 		{
 		return Val::MemoryAllocation() + padded_sizeof(*this) - padded_sizeof(Val);
 		}
 protected:
 	friend class Val;
 	SubNetVal()	{}
 	void Init(const char* text, int width);
 	void Init(uint32 addr, int width);
 	void Init(const uint32 *addr, int width);
 	void ValDescribe(ODesc* d) const;
 	DECLARE_SERIAL(SubNetVal);
--- a/src/bif_type.def
+++ b/src/bif_type.def
@ -1,6 +1,6 @@
 // DEFINE_BIF_TYPE(id, bif_type, bro_type, c_type, accessor, constructor)
-DEFINE_BIF_TYPE(TYPE_ADDR, 	"addr", "addr", "addr_type", 		"%s->AsAddr()", 	"new AddrVal(%s)")
+DEFINE_BIF_TYPE(TYPE_ADDR, 	"addr", "addr", "AddrVal*", 		"%s->AsAddrVal()", 	"%s")
 DEFINE_BIF_TYPE(TYPE_ANY, 	"any", "any", "Val*", 			"%s", 			"%s")
 DEFINE_BIF_TYPE(TYPE_BOOL, 	"bool", "bool", "int", 			"%s->AsBool()", 	"new Val(%s, TYPE_BOOL)")
 DEFINE_BIF_TYPE(TYPE_CONN_ID, 	"conn_id", "conn_id", "Val*", 		"%s", 			"%s")
--- a/src/bro.bif
+++ b/src/bro.bif
@ -14,6 +14,7 @@
 #include <cstdio>
 #include "Reporter.h"
 #include "IPAddr.h"
 using namespace std;
@ -178,8 +179,11 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d)
 			// This makes only a very slight difference, so not
 			// clear it would e worth the hassle.
-			addr_type u = v->AsAddr();
+			const IPAddr* u = v->AsAddr();
-#ifdef BROv6
+			const uint32* net_order_u;
 			int len = u->GetBytes(&net_order_u);
 			if ( len == 4 )
 				{
 				// We explicitly convert the address to host order
 				// in a copy, because if we just call ntohl() for
 				// our invocation on snprintf() below, on some systems
@ -191,22 +195,21 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d)
 				//
 				// Also note that we don't change u in-place because
 				// that would alter the byte order of the underlying
-			// value.  (Speaking of which, I'm not clear on why
+				// value.
 			// we're allowed to assign a const addr_type to an
 			// addr_type above, both g++ allows it.)
 				uint32 host_order_u[4];
-			host_order_u[0] = ntohl(u[0]);
+				host_order_u[0] = ntohl(net_order_u[0]);
-			host_order_u[1] = ntohl(u[1]);
+				host_order_u[1] = ntohl(net_order_u[1]);
-			host_order_u[2] = ntohl(u[2]);
+				host_order_u[2] = ntohl(net_order_u[2]);
-			host_order_u[3] = ntohl(u[3]);
+				host_order_u[3] = ntohl(net_order_u[3]);
 				snprintf(out_buf, sizeof(out_buf), "%08x%08x%08x%08x",
 						host_order_u[0], host_order_u[1],
 						host_order_u[2], host_order_u[3]);
-#else
+				}
-			u = ntohl(u);
+			else
-			snprintf(out_buf, sizeof(out_buf), "%08x", u);
+				{
-#endif
+				snprintf(out_buf, sizeof(out_buf), "%08x", ntohl(net_order_u[0]));
 				}
 			}
 		else if ( ! check_fmt_type(t, ok_d_fmt) )
@ -1957,43 +1960,32 @@ function do_profiling%(%) : bool
 ## Returns: True if *ip* belongs to a local interface.
 function is_local_interface%(ip: addr%) : bool
 	%{
-	static uint32* addrs;
+	if ( ip->AsAddr()->IsLoopback() )
-	static int len = -1;
+		return new Val(1, TYPE_BOOL);
 	list<IPAddr> addrs;
 	if ( len < 0 )
 		{
 	char host[MAXHOSTNAMELEN];
 	strcpy(host, "localhost");
 	gethostname(host, MAXHOSTNAMELEN);
 	host[MAXHOSTNAMELEN-1] = '\0';
-		struct hostent* ent = gethostbyname(host);
+	struct hostent* ent = gethostbyname2(host, AF_INET);
 	if ( ent )
 		for ( unsigned int len = 0; ent->h_addr_list[len]; ++len )
 			addrs.push_back(IPAddr(IPAddr::IPv4, (uint32*)ent->h_addr_list[len],
 			                       IPAddr::Network));
-		for ( len = 0; ent->h_addr_list[len]; ++len )
+	ent = gethostbyname2(host, AF_INET6);
-			;
+	if ( ent )
 		for ( unsigned int len = 0; ent->h_addr_list[len]; ++len )
 			addrs.push_back(IPAddr(IPAddr::IPv6, (uint32*)ent->h_addr_list[len],
 			                       IPAddr::Network));
-		addrs = new uint32[len + 1];
+	list<IPAddr>::const_iterator it;
-		for ( int i = 0; i < len; i++ )
+	for ( it = addrs.begin(); it != addrs.end(); ++it )
-			addrs[i] = *(uint32*) ent->h_addr_list[i];
+		if ( *it == *ip->AsAddr() )
 		addrs[len++] = 0x0100007f; // 127.0.0.1
 		}
 #ifdef BROv6
 	if ( ! is_v4_addr(ip) )
 		{
 		builtin_error("is_local_interface() only supports IPv4 addresses");
 		return new Val(0, TYPE_BOOL);
 		}
 	uint32 ip4 = to_v4_addr(ip);
 #else
 	uint32 ip4 = ip;
 #endif
 	for ( int i = 0; i < len; i++ )
 		if ( addrs[i] == ip4 )
 			return new Val(1, TYPE_BOOL);
 	return new Val(0, TYPE_BOOL);
@ -2044,6 +2036,32 @@ function gethostname%(%) : string
 	return new StringVal(buffer);
 	%}
 ## Returns whether an address is IPv4 or not.
 ##
 ## a: the address to check.
 ##
 ## Returns: true if *a* is an IPv4 address, else false.
 function is_v4_addr%(a: addr%): bool
 	%{
 	if ( a->AsAddr()->family() == IPAddr::IPv4 )
 		return new Val(1, TYPE_BOOL);
 	else
 		return new Val(0, TYPE_BOOL);
 	%}
 ## Returns whether an address is IPv6 or not.
 ##
 ## a: the address to check.
 ##
 ## Returns: true if *a* is an IPv6 address, else false.
 function is_v6_addr%(a: addr%): bool
 	%{
 	if ( a->AsAddr()->family() == IPAddr::IPv6 )
 		return new Val(1, TYPE_BOOL);
 	else
 		return new Val(0, TYPE_BOOL);
 	%}
 # ===========================================================================
 #
 #                                 Conversion
@ -2178,29 +2196,6 @@ function double_to_interval%(d: double%): interval
 	return new Val(d, TYPE_INTERVAL);
 	%}
 ## Converts a :bro:type:`addr` to a :bro:type:`count`.
 ##
 ## a: The :bro:type:`addr` to convert.
 ##
 ## Returns: The :bro:type:`addr` *a* as :bro:type:`count`.
 ##
 ## .. bro:see:: addr_to_ptr_name
 function addr_to_count%(a: addr%): count
 	%{
 #ifdef BROv6
 	if ( ! is_v4_addr(a) )
 		{
 		builtin_error("conversion of non-IPv4 address to count", @ARG@[0]);
 		return new Val(0, TYPE_COUNT);
 		}
 	uint32 addr = to_v4_addr(a);
 #else
 	uint32 addr = a;
 #endif
 	return new Val(ntohl(addr), TYPE_COUNT);
 	%}
 ## Converts a :bro:type:`port` to a :bro:type:`count`.
 ##
 ## p: The :bro:type:`port` to convert.
@ -2331,34 +2326,38 @@ function ptr_name_to_addr%(s: string%): addr
 ##
 ## Returns: The reverse pointer representation of *a*.
 ##
-## .. bro:see:: addr_to_count ptr_name_to_addr parse_dotted_addr
+## .. bro:see:: ptr_name_to_addr parse_dotted_addr
 function addr_to_ptr_name%(a: addr%): string
 	%{
-	// ## Question:
+	const uint32* addr;
-	// uint32 addr = ntohl((*args)[0]->InternalUnsigned());
+	int len = a->AsAddr()->GetBytes(&addr);
-	uint32 addr;
+
-#ifdef BROv6
+	if ( len == 1 )
-	if ( is_v4_addr(a) )
+		{
-		addr = a[3];
+		char buf[256];
 		uint32 a = ntohl(addr[0]);
 		uint32 a3 = (a >> 24) & 0xff;
 		uint32 a2 = (a >> 16) & 0xff;
 		uint32 a1 = (a >> 8) & 0xff;
 		uint32 a0 = a & 0xff;
 		sprintf(buf, "%u.%u.%u.%u.in-addr.arpa", a0, a1, a2, a3);
 		return new StringVal(buf);
 		}
 	else
 		{
-		builtin_error("conversion of non-IPv4 address to net", @ARG@[0]);
+		static const char hex_digit[] = "0123456789abcdef";
-		addr = 0;
+		string ptr_name("ip6.arpa");
 		for ( unsigned int i = 0; i < 4; ++i )
 			{
 			uint32 a = ntohl(addr[i]);
 			for ( unsigned int j = 1; j <=8; ++j )
 				{
 				ptr_name.insert(0, 1, '.');
 				ptr_name.insert(0, 1, hex_digit[(a >> (32-j*4)) & 0x0f]);
 				}
 			}
 		return new StringVal(ptr_name.c_str());
 		}
 #else
 	addr = a;
 #endif
 	addr = ntohl(addr);
 	uint32 a3 = (addr >> 24) & 0xff;
 	uint32 a2 = (addr >> 16) & 0xff;
 	uint32 a1 = (addr >> 8) & 0xff;
 	uint32 a0 = addr & 0xff;
 	char buf[256];
 	sprintf(buf, "%u.%u.%u.%u.in-addr.arpa", a0, a1, a2, a3);
 	return new StringVal(buf);
 	%}
 # Transforms n0.n1.n2.n3 -> addr.
@ -2370,10 +2369,11 @@ function addr_to_ptr_name%(a: addr%): string
 ##
 ## Returns: The IP address as type :bro:type:`addr`.
 ##
-## .. bro:see:: addr_to_ptr_name parse_dotted_addr addr_to_count
+## .. bro:see:: addr_to_ptr_name parse_dotted_addr
 function parse_dotted_addr%(s: string%): addr
 	%{
-	return new AddrVal(dotted_to_addr(s->CheckString()));
+	IPAddr a(string(s->CheckString()));
 	return new AddrVal(a);
 	%}
 %%{
@ -2446,7 +2446,11 @@ static Val* parse_eftp(const char* line)
 		line = next_delim + 1;
 		if ( *line != delimiter )	// default of 0 is ok
 			{
-			addr = dotted_to_addr(line);
+			string s(line);
 			IPAddr tmp(s);
 			uint32* bytes;
 			tmp.GetBytes(&bytes);
 			addr = *bytes;
 			if ( addr == 0 )
 				good = 0;
 			}
@ -2551,20 +2555,23 @@ function parse_ftp_epsv%(str: string%): ftp_port
 ## .. bro:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv parse_ftp_epsv
 function fmt_ftp_port%(a: addr, p: port%): string
 	%{
-#ifdef BROv6
+	const uint32* addr;
-	if ( ! is_v4_addr(a) )
+	int len = a->AsAddr()->GetBytes(&addr);
-		builtin_error("conversion of non-IPv4 address to net", @ARG@[0]);
+	if ( len == 1 )
-
+		{
-	uint32 addr = to_v4_addr(a);
+		uint32 a = ntohl(addr[0]);
 #else
 	uint32 addr = a;
 #endif
 	addr = ntohl(addr);
 		uint32 pn = p->Port();
 		return new StringVal(fmt("%d,%d,%d,%d,%d,%d",
-					addr >> 24, (addr >> 16) & 0xff,
+						a >> 24, (a >> 16) & 0xff,
-					(addr >> 8) & 0xff, addr & 0xff,
+						(a >> 8) & 0xff, a & 0xff,
 						pn >> 8, pn & 0xff));
 		}
 	else
 		{
 		builtin_error("conversion of non-IPv4 address in fmt_ftp_port",
 		              @ARG@[0]);
 		return new StringVal("");
 		}
 	%}
 ## Decode a NetBIOS name.  See http://support.microsoft.com/kb/194203.
@ -2877,7 +2884,7 @@ function strftime%(fmt: string, d: time%) : string
 ## .. bro:see:: remask_addr
 function mask_addr%(a: addr, top_bits_to_keep: count%): subnet
 	%{
-	return new SubNetVal(mask_addr(a, top_bits_to_keep), top_bits_to_keep);
+	return new SubNetVal(*a->AsAddr(), top_bits_to_keep);
 	%}
 ## Takes some top bits (e.g., subnet address) from one address and the other
@ -2890,29 +2897,26 @@ function mask_addr%(a: addr, top_bits_to_keep: count%): subnet
 ## a2: The address to take the remaining bits from.
 ##
 ## top_bits_from_a1: The number of top bits to keep in *a1*; must be greater
-##                   than 0 and less than 33.
+##                   than 0 and less than 129.  This value is always interpreted
 ##                   relative to the IPv6 bit width (v4-mapped addresses start
 ##                   at bit number 96).
 ##
 ## Returns: The address *a* masked down to *top_bits_to_keep* bits.
 ##
 ## .. bro:see:: mask_addr
 function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr
 	%{
-#ifdef BROv6
+	IPAddr addr1(*a1->AsAddr());
-	if ( ! is_v4_addr(a1) || ! is_v4_addr(a2) )
+	addr1.Mask(top_bits_from_a1);
-		{
+	IPAddr addr2(*a2->AsAddr());
-		builtin_error("cannot use remask_addr on IPv6 addresses");
+	addr1.ReverseMask(top_bits_from_a1);
-		return new AddrVal(a1);
+	uint32 x1[4];
-		}
+	uint32 x2[4];
-
+	addr1.CopyIPv6(x1);
-	uint32 x1 = to_v4_addr(a1);
+	addr2.CopyIPv6(x2);
-	uint32 x2 = to_v4_addr(a2);
+	for ( unsigned int i = 0; i < 4; ++i )
-#else
+		x1[i] = x1[i] | x2[i];
-	uint32 x1 = a1;
+	return new AddrVal(x1);
 	uint32 x2 = a2;
 #endif
 	return new AddrVal(
 		mask_addr(x1, top_bits_from_a1) |
 		(x2 ^ mask_addr(x2, top_bits_from_a1)) );
 	%}
 ## Checks whether a given :bro:type:`port` has TCP as transport protocol.
@ -3085,12 +3089,13 @@ const char* conn_id_string(Val* c)
 	Val* id = (*(c->AsRecord()))[0];
 	const val_list* vl = id->AsRecord();
-	addr_type orig_h = (*vl)[0]->AsAddr();
+	const IPAddr* orig_h = (*vl)[0]->AsAddr();
 	uint32 orig_p = (*vl)[1]->AsPortVal()->Port();
-	addr_type resp_h = (*vl)[2]->AsAddr();
+	const IPAddr* resp_h = (*vl)[2]->AsAddr();
 	uint32 resp_p = (*vl)[3]->AsPortVal()->Port();
-	return fmt("%s/%u -> %s/%u\n", dotted_addr(orig_h), orig_p, dotted_addr(resp_h), resp_p);
+	return fmt("%s/%u -> %s/%u\n", string(*orig_h).c_str(), orig_p,
 	                               string(*resp_h).c_str(), resp_p);
 	}
 %%}
@ -3320,8 +3325,7 @@ function lookup_addr%(host: addr%) : string
 	frame->SetDelayed();
 	trigger->Hold();
-#ifdef BROv6
+	if ( host->AsAddr()->family() != IPAddr::IPv4 )
 	if ( ! is_v4_addr(host) )
 		{
 		// FIXME: This is a temporary work-around until we get this
 		// fixed. We warn the user once, and always trigger a timeout.
@ -3337,12 +3341,10 @@ function lookup_addr%(host: addr%) : string
 		return 0;
 		}
-	dns_mgr->AsyncLookupAddr(to_v4_addr(host),
+	const uint32* bytes;
 	host->AsAddr()->GetBytes(&bytes);
 	dns_mgr->AsyncLookupAddr(*bytes,
 			new LookupHostCallback(trigger, frame->GetCall(), true));
 #else
 	dns_mgr->AsyncLookupAddr(host,
 			new LookupHostCallback(trigger, frame->GetCall(), true));
 #endif
 	return 0;
 	%}
@ -3434,8 +3436,6 @@ function lookup_location%(a: addr%) : geo_location
 		else
 			have_city_db = true;
 #ifdef BROv6
 #ifdef HAVE_GEOIP_CITY_EDITION_REV0_V6
 		geoip_v6 = open_geoip_db(GEOIP_CITY_EDITION_REV0_V6);
 		if ( geoip_v6 )
@ -3448,16 +3448,15 @@ function lookup_location%(a: addr%) : geo_location
 #endif
 		if ( ! geoip_v6 )
 			builtin_error("Can't initialize GeoIPv6 City/Country database");
 #endif
 		}
 #ifdef BROv6
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
-	if ( geoip_v6 && ! is_v4_addr(a) )
+	if ( geoip_v6 && a->AsAddr()->family() == IPAddr::IPv6 )
 		{
 		const uint32* bytes;
 		a->AsAddr()->GetBytes(&bytes);
 		geoipv6_t ga;
-		memcpy(&ga, a, 16);
+		memcpy(&ga, bytes, 16);
 		if ( have_cityv6_db )
 			gir = GeoIP_record_by_ipnum_v6(geoip_v6, ga);
 		else
@ -3466,25 +3465,16 @@ function lookup_location%(a: addr%) : geo_location
 	else
 #endif
-	if ( geoip && is_v4_addr(a) )
+	if ( geoip && a->AsAddr()->family() == IPAddr::IPv4 )
 		{
-		uint32 addr = to_v4_addr(a);
+		const uint32* bytes;
 		a->AsAddr()->GetBytes(&bytes);
 		if ( have_city_db )
-			gir = GeoIP_record_by_ipnum(geoip, ntohl(addr));
+			gir = GeoIP_record_by_ipnum(geoip, ntohl(*bytes));
 		else
-			cc = GeoIP_country_code_by_ipnum(geoip, ntohl(addr));
+			cc = GeoIP_country_code_by_ipnum(geoip, ntohl(*bytes));
 		}
 #else // not BROv6
 	if ( geoip )
 		{
 		if ( have_city_db )
 			gir = GeoIP_record_by_ipnum(geoip, ntohl(a));
 		else
 			cc = GeoIP_country_code_by_ipnum(geoip, ntohl(a));
 		}
 #endif
 	if ( gir )
 		{
 		if ( gir->country_code )
@ -3556,28 +3546,25 @@ function lookup_asn%(a: addr%) : count
 	if ( geoip_asn )
 		{
 #ifdef BROv6
 // IPv6 support showed up in 1.4.5.
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
-		if ( ! is_v4_addr(a) )
+		if ( a->AsAddr()->family() == IPAddr::IPv6 )
 			{
 			const uint32* bytes;
 			a->AsAddr()->GetBytes(&bytes);
 			geoipv6_t ga;
-			memcpy(&ga, a, 16);
+			memcpy(&ga, bytes, 16);
 			gir = GeoIP_name_by_ipnum_v6(geoip_asn, ga);
 			}
 		else
 #endif
-		if ( is_v4_addr(a) )
+		if ( a->AsAddr()->family() == IPAddr::IPv4 )
 			{
-			uint32 addr = to_v4_addr(a);
+			const uint32* bytes;
-			gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(addr));
+			a->AsAddr()->GetBytes(&bytes);
 			gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(*bytes));
 			}
 #else // not BROv6
 		gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(a));
 #endif
 		}
 	if ( gir )
@ -3859,8 +3846,8 @@ function NFS3::mode2string%(mode: count%): string
 function expect_connection%(orig: addr, resp: addr, resp_p: port,
 				analyzer: count, tout: interval%) : bool
 	%{
-	dpm->ExpectConnection(orig, resp, resp_p->Port(), resp_p->PortType(),
+	dpm->ExpectConnection(*orig->AsAddr(), *resp->AsAddr(), resp_p->Port(),
-				(AnalyzerTag::Tag) analyzer, tout, 0);
+				 resp_p->PortType(), (AnalyzerTag::Tag) analyzer, tout, 0);
 	return new Val(1, TYPE_BOOL);
 	%}
@ -4633,7 +4620,7 @@ function pcap_error%(%): string
 ## .. todo:: The return value should be changed to any.
 function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddSrc(ip, tcp_flags, prob);
+	sessions->GetPacketFilter()->AddSrc(*ip->AsAddr(), tcp_flags, prob);
 	return new Val(1, TYPE_BOOL);
 	%}
@ -4685,7 +4672,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%)
 ##              pcap_error
 function uninstall_src_addr_filter%(ip: addr%) : bool
 	%{
-	return new Val(sessions->GetPacketFilter()->RemoveSrc(ip), TYPE_BOOL);
+	return new Val(sessions->GetPacketFilter()->RemoveSrc(*ip->AsAddr()), TYPE_BOOL);
 	%}
 ## Removes a source subnet filter.
@ -4735,7 +4722,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool
 ## .. todo:: The return value should be changed to any.
 function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddDst(ip, tcp_flags, prob);
+	sessions->GetPacketFilter()->AddDst(*ip->AsAddr(), tcp_flags, prob);
 	return new Val(1, TYPE_BOOL);
 	%}
@ -4787,7 +4774,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%)
 ##              pcap_error
 function uninstall_dst_addr_filter%(ip: addr%) : bool
 	%{
-	return new Val(sessions->GetPacketFilter()->RemoveDst(ip), TYPE_BOOL);
+	return new Val(sessions->GetPacketFilter()->RemoveDst(*ip->AsAddr()), TYPE_BOOL);
 	%}
 ## Removes a destination subnet filter.
@ -4928,7 +4915,7 @@ function capture_state_updates%(filename: string%) : bool
 ##              send_id
 function connect%(ip: addr, p: port, our_class: string, retry: interval, ssl: bool%) : count
 	%{
-	return new Val(uint32(remote_serializer->Connect(ip, p->Port(),
+	return new Val(uint32(remote_serializer->Connect(*ip->AsAddr(), p->Port(),
 				our_class->CheckString(), retry, ssl)),
 			TYPE_COUNT);
 	%}
@ -5043,7 +5030,7 @@ function set_compression_level%(p: event_peer, level: count%) : bool
 ## .. bro:see:: connect disconnect
 function listen%(ip: addr, p: port, ssl: bool %) : bool
 	%{
-	return new Val(remote_serializer->Listen(ip, p->Port(), ssl), TYPE_BOOL);
+	return new Val(remote_serializer->Listen(*ip->AsAddr(), p->Port(), ssl), TYPE_BOOL);
 	%}
 ## Checks whether the last raised event came from a remote peer.
@ -5299,14 +5286,14 @@ function preserve_prefix%(a: addr, width: count%): any
 	AnonymizeIPAddr* ip_anon = ip_anonymizer[PREFIX_PRESERVING_A50];
 	if ( ip_anon )
 		{
-#ifdef BROv6
+		if ( a->AsAddr()->family() == IPAddr::IPv6 )
 		if ( ! is_v4_addr(a) )
 			builtin_error("preserve_prefix() not supported for IPv6 addresses");
 		else
-			ip_anon->PreservePrefix(a[3], width);
+			{
-#else
+			const uint32* bytes;
-		ip_anon->PreservePrefix(a, width);
+			a->AsAddr()->GetBytes(&bytes);
-#endif
+			ip_anon->PreservePrefix(*bytes, width);
 			}
 		}
@ -5324,18 +5311,18 @@ function preserve_prefix%(a: addr, width: count%): any
 ## .. todo:: Currently dysfunctional.
 function preserve_subnet%(a: subnet%): any
 	%{
-	DEBUG_MSG("%s/%d\n", dotted_addr(a->AsAddr()), a->Width());
+	DEBUG_MSG("%s/%d\n", string(a->Prefix()).c_str(), a->Width());
 	AnonymizeIPAddr* ip_anon = ip_anonymizer[PREFIX_PRESERVING_A50];
 	if ( ip_anon )
 		{
-#ifdef BROv6
+		if ( a->AsSubNet()->Prefix().family() == IPAddr::IPv6 )
 		if ( ! is_v4_addr(a->AsAddr()) )
 			builtin_error("preserve_subnet() not supported for IPv6 addresses");
 		else
-			ip_anon->PreservePrefix(a->AsAddr()[3], a->Width());
+			{
-#else
+			const uint32* bytes;
-		ip_anon->PreservePrefix(a->AsAddr(), a->Width());
+			a->AsSubNet()->Prefix().GetBytes(&bytes);
-#endif
+			ip_anon->PreservePrefix(*bytes, a->AsSubNet()->Length());
 			}
 		}
 	return 0;
@ -5364,19 +5351,18 @@ function anonymize_addr%(a: addr, cl: IPAddrAnonymizationClass%): addr
 	if ( anon_class < 0 || anon_class >= NUM_ADDR_ANONYMIZATION_CLASSES )
 		builtin_error("anonymize_addr(): invalid ip addr anonymization class");
-#ifdef BROv6
+	if ( a->AsAddr()->family() == IPAddr::IPv6 )
 	if ( ! is_v4_addr(a) )
 		{
 		builtin_error("anonymize_addr() not supported for IPv6 addresses");
 		return 0;
 		}
 	else
-		return new AddrVal(anonymize_ip(a[3],
+		{
 		const uint32* bytes;
 		a->AsAddr()->GetBytes(&bytes);
 		return new AddrVal(anonymize_ip(*bytes,
 			(enum ip_addr_anonymization_class_t) anon_class));
-#else
+		}
 	return new AddrVal(anonymize_ip(a,
 		(enum ip_addr_anonymization_class_t) anon_class));
 #endif
 	%}
 ## Deprecated. Will be removed.
@ -5448,7 +5434,7 @@ function generate_idmef%(src_ip: addr, src_port: port,
 				newNode(newAddress(
 					newAttribute("category","ipv4-addr"),
 					newSimpleElement("address",
-					copy_string(dotted_addr(src_ip))),
+					copy_string(string(*src_ip->AsAddr()).c_str())),
 					NULL), NULL),
 				newService(
 					newSimpleElement("port",
@ -5458,7 +5444,7 @@ function generate_idmef%(src_ip: addr, src_port: port,
 				newNode(newAddress(
 					newAttribute("category","ipv4-addr"),
 					newSimpleElement("address",
-					copy_string(dotted_addr(dst_ip))),
+					copy_string(string(*dst_ip->AsAddr()).c_str())),
 					NULL), NULL),
 				newService(
 					newSimpleElement("port",
@ -5473,13 +5459,3 @@ function generate_idmef%(src_ip: addr, src_port: port,
 	return new Val(0, TYPE_BOOL);
 #endif
 	%}
 ## Deprecated. Will be removed.
 function bro_has_ipv6%(%) : bool
    %{
 #ifdef BROv6
 	return new Val(1, TYPE_BOOL);
 #else
 	return new Val(0, TYPE_BOOL);
 #endif
    %}
--- a/src/dhcp-analyzer.pac
+++ b/src/dhcp-analyzer.pac
@ -55,33 +55,18 @@ flow DHCP_Flow(is_orig: bool) {
 		vector<DHCP_Option*>::const_iterator ptr;
 		// Requested IP address to the server.
-#ifdef BROv6
+		::uint32 req_addr = 0, serv_addr = 0;
 		::uint32 req_addr[4], serv_addr[4];
 		req_addr[0] = req_addr[1] = req_addr[2] = req_addr[3] = 0;
 		serv_addr[0] = serv_addr[1] = serv_addr[2] = serv_addr[3] = 0;
 #else
 		addr_type req_addr = 0, serv_addr = 0;
 #endif
 		for ( ptr = options->begin();
 		       ptr != options->end() && ! (*ptr)->last(); ++ptr )
 			{
 			switch ( (*ptr)->code() ) {
 			case REQ_IP_OPTION:
 #ifdef BROv6
 				req_addr[3] = htonl((*ptr)->info()->req_addr());
 #else
 				req_addr = htonl((*ptr)->info()->req_addr());
 #endif
 				break;
 			case SERV_ID_OPTION:
 #ifdef BROv6
 				serv_addr[3] = htonl((*ptr)->info()->serv_addr());
 #else
 				serv_addr = htonl((*ptr)->info()->serv_addr());
 #endif
 				break;
 			}
 			}
@ -91,13 +76,14 @@ flow DHCP_Flow(is_orig: bool) {
 		case DHCPDISCOVER:
 			BifEvent::generate_dhcp_discover(connection()->bro_analyzer(),
 					connection()->bro_analyzer()->Conn(),
-					dhcp_msg_val_->Ref(), req_addr);
+					dhcp_msg_val_->Ref(), new AddrVal(req_addr));
 			break;
 		case DHCPREQUEST:
 			BifEvent::generate_dhcp_request(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
-				dhcp_msg_val_->Ref(), req_addr, serv_addr);
+				dhcp_msg_val_->Ref(), new AddrVal(req_addr),
 				new AddrVal(serv_addr));
 			break;
 		case DHCPDECLINE:
@ -129,15 +115,7 @@ flow DHCP_Flow(is_orig: bool) {
 		// RFC 1533 allows a list of router addresses.
 		TableVal* router_list = 0;
-#ifdef BROv6
+		::uint32 subnet_mask = 0, serv_addr = 0;
 		::uint32 subnet_mask[4], serv_addr[4];
 		subnet_mask[0] = subnet_mask[1] =
 			subnet_mask[2] = subnet_mask[3] = 0;
 		serv_addr[0] = serv_addr[1] = serv_addr[2] = serv_addr[3] = 0;
 #else
 		addr_type subnet_mask = 0, serv_addr = 0;
 #endif
 		uint32 lease = 0;
@ -146,13 +124,7 @@ flow DHCP_Flow(is_orig: bool) {
 			{
 			switch ( (*ptr)->code() ) {
 			case  SUBNET_OPTION:
 #ifdef BROv6
 				subnet_mask[0] =
 					subnet_mask[1] = subnet_mask[2] = 0;
 				subnet_mask[3] = htonl((*ptr)->info()->mask());
 #else
 				subnet_mask = htonl((*ptr)->info()->mask());
 #endif
 				break;
 			case  ROUTER_OPTION:
@ -170,14 +142,8 @@ flow DHCP_Flow(is_orig: bool) {
 					vector<uint32>* rlist =
 						(*ptr)->info()->router_list();
 					uint32 raddr = (*rlist)[i];
 #ifdef BROv6
 					::uint32 tmp_addr[4];
 					tmp_addr[0] = tmp_addr[1] = tmp_addr[2] = 0;
 					tmp_addr[3] = htonl(raddr);
 #else
 					::uint32 tmp_addr;
 					tmp_addr = htonl(raddr);
 #endif
 					// index starting from 1
 					Val* index = new Val(i + 1, TYPE_COUNT);
 					router_list->Assign(index, new AddrVal(tmp_addr));
@ -191,11 +157,7 @@ flow DHCP_Flow(is_orig: bool) {
 				break;
 			case  SERV_ID_OPTION:
 #ifdef BROv6
 				serv_addr[3] = htonl((*ptr)->info()->serv_addr());
 #else
 				serv_addr = htonl((*ptr)->info()->serv_addr());
 #endif
 				break;
 			}
 			}
@ -204,15 +166,15 @@ flow DHCP_Flow(is_orig: bool) {
 		case DHCPOFFER:
 			BifEvent::generate_dhcp_offer(connection()->bro_analyzer(),
 					connection()->bro_analyzer()->Conn(),
-					dhcp_msg_val_->Ref(), subnet_mask,
+					dhcp_msg_val_->Ref(), new AddrVal(subnet_mask),
-					router_list, lease, serv_addr);
+					router_list, lease, new AddrVal(serv_addr));
 			break;
 		case DHCPACK:
 			BifEvent::generate_dhcp_ack(connection()->bro_analyzer(),
 					connection()->bro_analyzer()->Conn(),
-					dhcp_msg_val_->Ref(), subnet_mask,
+					dhcp_msg_val_->Ref(), new AddrVal(subnet_mask),
-					router_list, lease, serv_addr);
+					router_list, lease, new AddrVal(serv_addr));
 			break;
 		case DHCPNAK:
--- a/src/dns-analyzer.pac
+++ b/src/dns-analyzer.pac
@ -216,44 +216,42 @@ flow DNS_Flow
 		switch ( rr->rr_type() ) {
 		case TYPE_A:
-		case TYPE_A6:
+			if ( dns_A_reply )
 		case TYPE_AAAA:
 			if ( ! dns_A_reply )
 				break;
 #ifdef BROv6
 			::uint32 addr[4];
 #else
 			addr_type addr;
 #endif
 			if ( rr->rr_type() == TYPE_A )
 				{
-#ifdef BROv6
+				::uint32 addr = rd->type_a();
 				addr[0] = addr[1] = addr[2] = 0;
 				addr[3] = htonl(rd->type_a());
 #else
 				addr = htonl(rd->type_a());
 #endif
 				}
 			else
 				{
 #ifdef BROv6
 				for ( int i = 0; i < 4; ++i )
 					addr[i] = htonl((*rd->type_aaaa())[i]);
 #else
 				addr = htonl((*rd->type_aaaa())[3]);
 #endif
 				}
 			// For now, we treat A6 and AAAA as A's.  Given the
 			// above fixes for BROv6, we can probably now introduce
 			// their own events.  (It's not clear A6 is needed -
 			// do we actually encounter it in practice?)
 				BifEvent::generate_dns_A_reply(connection()->bro_analyzer(),
 					connection()->bro_analyzer()->Conn(),
-				dns_msg_val_->Ref(), build_dns_answer(rr), addr);
+					dns_msg_val_->Ref(), build_dns_answer(rr),
 					new AddrVal(htonl(addr)));
 				}
 			break;
 		case TYPE_A6:
 			if ( dns_A6_reply )
 				{
 				::uint32 addr[4];
 				for ( unsigned int i = 0; i < 4; ++i )
 					addr[i] = htonl((*rd->type_aaaa())[i]);
 				BifEvent::generate_dns_A6_reply(connection()->bro_analyzer(),
 					connection()->bro_analyzer()->Conn(),
 					dns_msg_val_->Ref(), build_dns_answer(rr),
 					new AddrVal(addr));
 				}
 			break;
 		case TYPE_AAAA:
 			if ( dns_AAAA_reply )
 				{
 				::uint32 addr[4];
 				for ( unsigned int i = 0; i < 4; ++i )
 					addr[i] = htonl((*rd->type_aaaa())[i]);
 				BifEvent::generate_dns_AAAA_reply(connection()->bro_analyzer(),
 					connection()->bro_analyzer()->Conn(),
 					dns_msg_val_->Ref(), build_dns_answer(rr),
 					new AddrVal(addr));
 				}
 			break;
 		case TYPE_NS:
--- a/src/event.bif
+++ b/src/event.bif
@ -3732,19 +3732,13 @@ event non_dns_request%(c: connection, msg: string%) &group="dns";
 ##
 ## a: The address returned by the reply.
 ##
-## .. bro:see:: dns_AAAA_reply  dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply
+## .. bro:see:: dns_AAAA_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply
 ##    dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply
 ##    dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request
 ##    dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name
 ##    dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply
 ##    dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout
 ##    dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth
 ##
 ## .. note: This event is currently also raised for ``AAAA`` records. In that
 ##    case, the address *a* will correspond to the lower-order 4 bytes of the
 ##    IPv6 address. This will go away once IPv6 support is improved.
 ##
 ## .. todo: IPv6 handling is obviously very broken here ...
 event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &group="dns";
 ## Generated for DNS replies of type *AAAA*. For replies with multiple answers, an
@ -3762,18 +3756,38 @@ event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &grou
 ##
 ## a: The address returned by the reply.
 ##
-## .. bro:see::  dns_A_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply
+## .. bro:see::  dns_A_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply
 ##    dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl
 ##    dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered
 ##    dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified
 ##    dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request
 ##    non_dns_request dns_max_queries dns_session_timeout dns_skip_addl
 ##    dns_skip_all_addl dns_skip_all_auth dns_skip_auth
 event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &group="dns";
 ## Generated for DNS replies of type *A6*. For replies with multiple answers, an
 ## individual event of the corresponding type is raised for each.
 ##
-## .. todo: Raising this event is not implemented currently, not even when
+## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
-##    Bro's compiled IPv6 support. ``AAAA`` are currently always turned into
+## information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
-##    :bro:id:`dns_A_reply` events.
+##
-event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr, astr: string%) &group="dns";
+## c: The connection, which may be UDP or TCP depending on the type of the
 ##    transport-layer session being analyzed.
 ##
 ## msg: The parsed DNS message header.
 ##
 ## ans: The type-independent part of the parsed answer record.
 ##
 ## a: The address returned by the reply.
 ##
 ## .. bro:see::  dns_A_reply dns_AAAA_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply
 ##    dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl
 ##    dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered
 ##    dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified
 ##    dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request
 ##    non_dns_request dns_max_queries dns_session_timeout dns_skip_addl
 ##    dns_skip_all_addl dns_skip_all_auth dns_skip_auth
 event dns_A6_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &group="dns";
 ## Generated for DNS replies of type *NS*. For replies with multiple answers, an
 ## individual event of the corresponding type is raised for each.
--- a/src/net_util.cc
+++ b/src/net_util.cc
@ -2,17 +2,16 @@
 #include "config.h"
 #ifdef BROv6
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #endif
 #include "Reporter.h"
 #include "net_util.h"
 #include "IPAddr.h"
 // - adapted from tcpdump
 // Returns the ones-complement checksum of a chunk of b short-aligned bytes.
@ -81,7 +80,6 @@ int udp_checksum(const struct ip* ip, const struct udphdr* up, int len)
 	return sum;
 	}
 #ifdef BROv6
 int udp6_checksum(const struct ip6_hdr* ip6, const struct udphdr* up, int len)
 	{
 	uint32 sum;
@ -104,7 +102,6 @@ int udp6_checksum(const struct ip6_hdr* ip6, const struct udphdr* up, int len)
 	return sum;
 	}
 #endif
 int icmp_checksum(const struct icmp* icmpp, int len)
 	{
@ -143,225 +140,27 @@ char addr_to_class(uint32 addr)
 		return 'A';
 	}
-uint32 addr_to_net(uint32 addr)
+const char* fmt_conn_id(const IPAddr& src_addr, uint32 src_port,
 			const IPAddr& dst_addr, uint32 dst_port)
 	{
-	if ( CHECK_CLASS(addr, CLASS_D) )
+	static char buffer[512];
 		; // class D's are left alone ###
 	else if ( CHECK_CLASS(addr, CLASS_C) )
 		addr = addr & 0xffffff00;
 	else if ( CHECK_CLASS(addr, CLASS_B) )
 		addr = addr & 0xffff0000;
 	else
 		addr = addr & 0xff000000;
-	return addr;
+	safe_snprintf(buffer, sizeof(buffer), "%s:%d > %s:%d",
-	}
+			string(src_addr).c_str(), src_port,
 			string(dst_addr).c_str(), dst_port);
-const char* dotted_addr(uint32 addr, int alternative)
+	return buffer;
 	{
 	addr = ntohl(addr);
 	const char* fmt = alternative ? "%d,%d.%d.%d" : "%d.%d.%d.%d";
 	static char buf[32];
 	snprintf(buf, sizeof(buf), fmt,
 		addr >> 24, (addr >> 16) & 0xff,
 		(addr >> 8) & 0xff, addr & 0xff);
 	return buf;
 	}
 const char* dotted_addr(const uint32* addr, int alternative)
 	{
 #ifdef BROv6
 	if ( is_v4_addr(addr) )
 		return dotted_addr(addr[3], alternative);
 	static char buf[256];
 	if ( inet_ntop(AF_INET6, addr, buf, sizeof buf) == NULL )
 		return "<bad IPv6 address conversion>";
 	return buf;
 #else
 	return dotted_addr(to_v4_addr(addr), alternative);
 #endif
 	}
 const char* dotted_net(uint32 addr)
 	{
 	addr = ntohl(addr);
 	static char buf[32];
 	if ( CHECK_CLASS(addr, CLASS_D) )
 		sprintf(buf, "%d.%d.%d.%d",
 			addr >> 24, (addr >> 16) & 0xff,
 			(addr >> 8) & 0xff, addr & 0xff);
 	else if ( CHECK_CLASS(addr, CLASS_C) )
 		sprintf(buf, "%d.%d.%d",
 			addr >> 24, (addr >> 16) & 0xff, (addr >> 8) & 0xff);
 	else
 		// Same for class A's and B's.
 		sprintf(buf, "%d.%d", addr >> 24, (addr >> 16) & 0xff);
 	return buf;
 	}
 #ifdef BROv6
 const char* dotted_net6(const uint32* addr)
 	{
 	if ( is_v4_addr(addr) )
 		return dotted_net(to_v4_addr(addr));
 	else
 		// ### this isn't right, but net's should go away eventually ...
 		return dotted_addr(addr);
 	}
 #endif
 uint32 dotted_to_addr(const char* addr_text)
 	{
 	int addr[4];
 	if ( sscanf(addr_text,
 		    "%d.%d.%d.%d", addr+0, addr+1, addr+2, addr+3) != 4 )
 		{
 		reporter->Error("bad dotted address: %s", addr_text );
 		return 0;
 		}
 	if ( addr[0] < 0 || addr[1] < 0 || addr[2] < 0 || addr[3] < 0 ||
 	     addr[0] > 255 || addr[1] > 255 || addr[2] > 255 || addr[3] > 255 )
 		{
 		reporter->Error("bad dotted address: %s", addr_text);
 		return 0;
 		}
 	uint32 a = (addr[0] << 24) | (addr[1] << 16) | (addr[2] << 8) | addr[3];
 	// ### perhaps do gethostbyaddr here?
 	return uint32(htonl(a));
 	}
 #ifdef BROv6
 uint32* dotted_to_addr6(const char* addr_text)
 	{
 	uint32* addr = new uint32[4];
 	if ( inet_pton(AF_INET6, addr_text, addr) <= 0 )
 		{
 		reporter->Error("bad IPv6 address: %s", addr_text );
 		addr[0] = addr[1] = addr[2] = addr[3] = 0;
 		}
 	return addr;
 	}
 #endif
 #ifdef BROv6
 int is_v4_addr(const uint32 addr[4])
 	{
 	return addr[0] == 0 && addr[1] == 0 && addr[2] == 0;
 	}
 #endif
 uint32 to_v4_addr(const uint32* addr)
 	{
 #ifdef BROv6
 	if ( ! is_v4_addr(addr) )
 		reporter->InternalError("conversion of non-IPv4 address to IPv4 address");
 	return addr[3];
 #else
 	return addr[0];
 #endif
 	}
 uint32 mask_addr(uint32 a, uint32 top_bits_to_keep)
 	{
 	if ( top_bits_to_keep > 32 )
 		{
 		reporter->Error("bad address mask value %d", top_bits_to_keep);
 		return a;
 		}
 	if ( top_bits_to_keep == 0 )
 		// The shifts below don't have any effect with 0, i.e.,
 		// 1 << 32 does not yield 0; either due to compiler
 		// misoptimization or language semantics.
 		return 0;
 	uint32 addr = ntohl(a);
 	int shift = 32 - top_bits_to_keep;
 	addr >>= shift;
 	addr <<= shift;
 	return htonl(addr);
 	}
 const uint32* mask_addr(const uint32* a, uint32 top_bits_to_keep)
 	{
 #ifdef BROv6
 	static uint32 addr[4];
 	addr[0] = a[0];
 	addr[1] = a[1];
 	addr[2] = a[2];
 	addr[3] = a[3];
 	// This is a bit dicey: if it's a v4 address, then we interpret
 	// the mask as being with respect to 32 bits total, even though
 	// strictly speaking, the v4 address comprises the least-significant
 	// bits out of 128, rather than the most significant.  However,
 	// we only do this if the mask itself is consistent for a 32-bit
 	// address.
 	uint32 max_bits = (is_v4_addr(a) && top_bits_to_keep <= 32) ? 32 : 128;
 	if ( top_bits_to_keep == 0 || top_bits_to_keep > max_bits )
 		{
 		reporter->Error("bad address mask value %s", top_bits_to_keep);
 		return addr;
 		}
 	int word = 3;	// start zeroing out with word #3
 	int bits_to_chop = max_bits - top_bits_to_keep;	// bits to discard
 	while ( bits_to_chop >= 32 )
 		{ // there's an entire word to discard
 		addr[word] = 0;
 		--word;	// move on to next, more significant word
 		bits_to_chop -= 32;	// we just go rid of 32 bits
 		}
 	// All that's left to work with now is the word pointed to by "word".
 	uint32 addr32 = ntohl(addr[word]);
 	addr32 >>= bits_to_chop;
 	addr32 <<= bits_to_chop;
 	addr[word] = htonl(addr32);
 	return addr;
 #else
 	return a;
 #endif
 	}
 const char* fmt_conn_id(const uint32* src_addr, uint32 src_port,
 			const uint32* dst_addr, uint32 dst_port)
 	{
-	char addr1[128], addr2[128];
+	IPAddr src(IPAddr::IPv6, src_addr, IPAddr::Network);
-	static char buffer[512];
+	IPAddr dst(IPAddr::IPv6, dst_addr, IPAddr::Network);
-
+	return fmt_conn_id(src, src_port, dst, dst_port);
 	strcpy(addr1, dotted_addr(src_addr));
 	strcpy(addr2, dotted_addr(dst_addr));
 	safe_snprintf(buffer, sizeof(buffer), "%s:%d > %s:%d",
 			addr1, src_port, addr2, dst_port);
 	return buffer;
 	}
 uint32 extract_uint32(const u_char* data)
 	{
 	uint32 val;
--- a/src/net_util.h
+++ b/src/net_util.h
@ -21,6 +21,7 @@
 #include <netinet/ip_icmp.h>
 #include "util.h"
 #include "IPAddr.h"
 #ifdef HAVE_NETINET_IP6_H
 #include <netinet/ip6.h>
@ -32,30 +33,6 @@ struct ip6_hdr {
 };
 #endif
 #include "util.h"
 #ifdef BROv6
 typedef uint32* addr_type;	// a pointer to 4 uint32's
 typedef const uint32* const_addr_type;
 #define NUM_ADDR_WORDS 4
 typedef struct {
 	uint32 net[4];
 	uint32 width;
 } subnet_type;
 #else
 typedef uint32 addr_type;
 typedef const uint32 const_addr_type;
 #define NUM_ADDR_WORDS 1
 typedef struct {
 	uint32 net;
 	uint32 width;
 } subnet_type;
 #endif
 // For Solaris.
 #if !defined(TCPOPT_WINDOW) && defined(TCPOPT_WSCALE)
 #define	TCPOPT_WINDOW TCPOPT_WSCALE
@ -86,78 +63,18 @@ extern int ones_complement_checksum(const void* p, int b, uint32 sum);
 extern int tcp_checksum(const struct ip* ip, const struct tcphdr* tp, int len);
 extern int udp_checksum(const struct ip* ip, const struct udphdr* up, int len);
 #ifdef BROv6
 extern int udp6_checksum(const struct ip6_hdr* ip, const struct udphdr* up,
 				int len);
 #endif
 extern int icmp_checksum(const struct icmp* icmpp, int len);
 // Given an address in host order, returns its "classical network prefix",
 // also in host order.
 extern uint32 addr_to_net(uint32 addr);
 // Returns 'A', 'B', 'C' or 'D'
 extern char addr_to_class(uint32 addr);
-// Returns a pointer to static storage giving the ASCII dotted representation
+extern const char* fmt_conn_id(const IPAddr& src_addr, uint32 src_port,
-// of the given address, which should be passed in network order.
+				const IPAddr& dst_addr, uint32 dst_port);
 extern const char* dotted_addr(uint32 addr, int alternative=0);
 extern const char* dotted_addr(const uint32* addr, int alternative=0);
 // Same, but for the network prefix.
 extern const char* dotted_net(uint32 addr);
 extern const char* dotted_net6(const uint32* addr);
 // Given an ASCII dotted representation, returns the corresponding address
 // in network order.
 extern uint32 dotted_to_addr(const char* addr_text);
 extern uint32* dotted_to_addr6(const char* addr_text);
 extern int is_v4_addr(const uint32 addr[4]);
 extern uint32 to_v4_addr(const uint32* addr);
 extern uint32 mask_addr(uint32 a, uint32 top_bits_to_keep);
 extern const uint32* mask_addr(const uint32* a, uint32 top_bits_to_keep);
 extern const char* fmt_conn_id(const uint32* src_addr, uint32 src_port,
 				const uint32* dst_addr, uint32 dst_port);
 inline void copy_addr(const uint32* src_a, uint32* dst_a)
 	{
 #ifdef BROv6
 	dst_a[0] = src_a[0];
 	dst_a[1] = src_a[1];
 	dst_a[2] = src_a[2];
 	dst_a[3] = src_a[3];
 #else
 	dst_a[0] = src_a[0];
 #endif
 	}
 inline int addr_eq(const uint32* a1, const uint32* a2)
 	{
 #ifdef BROv6
 	return a1[0] == a2[0] &&
 		a1[1] == a2[1] &&
 		a1[2] == a2[2] &&
 		a1[3] == a2[3];
 #else
 	return a1[0] == a2[0];
 #endif
 	}
 inline int subnet_eq(const subnet_type* s1, const subnet_type* s2)
 	{
 #ifdef BROv6
 	return s1->net[0] == s2->net[0] &&
 		s1->net[1] == s2->net[1] &&
 		s1->net[2] == s2->net[2] &&
 		s1->net[3] == s2->net[3] &&
 		s1->width == s2->width;
 #else
 	return s1->net == s2->net && s1->width == s2->width;
 #endif
 	}
 // Read 4 bytes from data and return in network order.
 extern uint32 extract_uint32(const u_char* data);
--- a/src/patricia.c
+++ b/src/patricia.c
@ -259,7 +259,7 @@ New_Prefix2 (int family, void *dest, int bitlen, prefix_t *prefix)
    if (family == AF_INET6) {
        default_bitlen = 128;
 	if (prefix == NULL) {
-            prefix = calloc(1, sizeof (prefix6_t));
+            prefix = calloc(1, sizeof (prefix_t));
 	    dynamic_allocated++;
 	}
 	memcpy (&prefix->add.sin6, dest, 16);
--- a/src/patricia.h
+++ b/src/patricia.h
@ -53,11 +53,9 @@
 #include <sys/types.h>
 #ifdef BROv6
 #ifndef HAVE_IPV6
 #define HAVE_IPV6
 #endif
 #endif
 /* typedef unsigned int u_int; */
 typedef void (*void_fn_t)();
--- a/testing/btest/Baseline/bifs.addr_version/out
+++ b/testing/btest/Baseline/bifs.addr_version/out
@ -0,0 +1,4 @@
 T
 F
 F
 T
--- a/testing/btest/Baseline/bifs.net_stats_trace/output
+++ b/testing/btest/Baseline/bifs.net_stats_trace/output
@ -1 +1 @@
-[pkts_recvd=131, pkts_dropped=0, pkts_link=0]
+[pkts_recvd=136, pkts_dropped=0, pkts_link=0]
--- a/testing/btest/Baseline/core.conn-uid/counts
+++ b/testing/btest/Baseline/core.conn-uid/counts
@ -1 +1 @@
-62
+68
--- a/testing/btest/Baseline/core.conn-uid/output
+++ b/testing/btest/Baseline/core.conn-uid/output
@ -1,40 +1,43 @@
 [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
-[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg
+[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], arKYeMETxOg
-[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl
+[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], k6kgXLOoSKl
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c
+[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], nQcgTWjvg4c
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
+[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
-[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
+[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4
+[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], 5OKnoww6xl4
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
+[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
-[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
+[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF
+[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], iE6yhOq3SF
-[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
+[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
-[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
+[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
+[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], h5DsfNtYzi1
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
+[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
-[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
+[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
+[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], GvmoxJFXdTa
-[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
+[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
+[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], UfGkYA2HI2g
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc
+[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], BWaU4aSuwkc
-[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf
+[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 10XodEwRycf
-[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], zno26fFZkrh
-[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l
+[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], v5rgkJBig5l
 [orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], eWZCH7OONC1
 [orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], 0Pwk3ntf8O3
 [orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], 0HKorjr8Zp7
--- a/testing/btest/Baseline/core.conn-uid/output.cc
+++ b/testing/btest/Baseline/core.conn-uid/output.cc
@ -1,40 +1,43 @@
 [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
-[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg
+[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], arKYeMETxOg
-[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl
+[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], k6kgXLOoSKl
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c
+[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], nQcgTWjvg4c
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
+[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
-[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
+[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4
+[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], 5OKnoww6xl4
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
+[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
-[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
+[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF
+[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], iE6yhOq3SF
-[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
+[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
-[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
+[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
+[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], h5DsfNtYzi1
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
+[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
-[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
+[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
+[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], GvmoxJFXdTa
-[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
+[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
+[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], UfGkYA2HI2g
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc
+[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], BWaU4aSuwkc
-[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf
+[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 10XodEwRycf
-[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], zno26fFZkrh
-[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l
+[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], v5rgkJBig5l
 [orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], eWZCH7OONC1
 [orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], 0Pwk3ntf8O3
 [orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], 0HKorjr8Zp7
--- a/testing/btest/Baseline/core.conn-uid/output.cc2
+++ b/testing/btest/Baseline/core.conn-uid/output.cc2
@ -1,40 +1,43 @@
 [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
-[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg
+[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], arKYeMETxOg
-[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl
+[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], k6kgXLOoSKl
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c
+[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], nQcgTWjvg4c
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
+[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
-[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
+[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4
+[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], 5OKnoww6xl4
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
+[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
-[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
+[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF
+[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], iE6yhOq3SF
-[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
+[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
-[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
+[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
+[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], h5DsfNtYzi1
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
+[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
-[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
+[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
+[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], GvmoxJFXdTa
-[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
+[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
+[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], UfGkYA2HI2g
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc
+[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], BWaU4aSuwkc
-[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf
+[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 10XodEwRycf
-[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], zno26fFZkrh
-[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l
+[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], v5rgkJBig5l
 [orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], eWZCH7OONC1
 [orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], 0Pwk3ntf8O3
 [orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], 0HKorjr8Zp7
--- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output
+++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output
@ -1,32 +0,0 @@
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1324314285.981347	-	not ip6	T	T
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1324314286.168294	-	(((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6)	T	T
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1324314286.350780	-	port 42	T	T
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1324314286.530768	-	port 56730	T	T
--- a/testing/btest/Baseline/core.print-bpf-filters-ipv6/conn.log
+++ b/testing/btest/Baseline/core.print-bpf-filters-ipv6/conn.log
@ -1,2 +0,0 @@
 # ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	notice_tags
 1128727435.4509	UWkUyAuUGXf	141.42.64.125	56730	125.190.109.199	80	tcp	-	1.73330307006836	98	9417	SF	-	0	ShADdFaf	-
--- a/testing/btest/Baseline/core.print-bpf-filters-ipv6/output
+++ b/testing/btest/Baseline/core.print-bpf-filters-ipv6/output
@ -1,8 +0,0 @@
 # ts	node	filter	init	success
 1308603220.46822	-	ip or not ip	F	T
 # ts	node	filter	init	success
 1308603220.51607	-	tcp port 22	F	T
 # ts	node	filter	init	success
 1308603220.55432	-	port 42	F	T
 # ts	node	filter	init	success
 1308603220.59452	-	port 56730	T	T
--- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log
+++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log
--- a/testing/btest/Baseline/core.print-bpf-filters/output
+++ b/testing/btest/Baseline/core.print-bpf-filters/output
@ -0,0 +1,32 @@
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1328294052.330721	-	ip or not ip	T	T
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1328294052.542418	-	((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)	T	T
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1328294052.748480	-	port 42	T	T
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
 1328294052.952845	-	port 56730	T	T
--- a/testing/btest/Baseline/language.cross-product-init/output
+++ b/testing/btest/Baseline/language.cross-product-init/output
@ -1,6 +1,6 @@
 {
-[bar, 1.2.0.0/19] ,
+[foo, 1.2.0.0/19] ,
 [foo, 5.6.0.0/21] ,
 [bar, 5.6.0.0/21] ,
-[foo, 1.2.0.0/19] 
+[foo, 5.6.0.0/21] ,
 [bar, 1.2.0.0/19] 
 }
--- a/testing/btest/Baseline/language.sizeof/output
+++ b/testing/btest/Baseline/language.sizeof/output
@ -1,4 +1,5 @@
-Address 1.2.3.4: 16909060
+IPv4 Address 1.2.3.4: 32
 IPv6 Address ::1: 128
 Boolean T: 1
 Count 10: 10
 Double -1.23: 1.230000
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log
@ -5,33 +5,33 @@
 #path	local
 #fields	ts	id.orig_h
 #types	time	addr
 1300475168.652003	141.142.220.118
 1300475168.724007	141.142.220.118
 1300475168.859163	141.142.220.118
 1300475168.902635	141.142.220.118
 1300475168.892936	141.142.220.118
 1300475168.895267	141.142.220.118
 1300475168.892913	141.142.220.118
 1300475168.652003	141.142.220.118
 1300475168.855305	141.142.220.118
 1300475168.855330	141.142.220.118
-1300475168.895267	141.142.220.118
+1300475168.859163	141.142.220.118
-1300475168.853899	141.142.220.118
+1300475168.902635	141.142.220.118
 1300475168.893988	141.142.220.118
 1300475168.894787	141.142.220.118
 1300475173.117362	141.142.220.226
 1300475173.153679	141.142.220.238
 1300475168.857956	141.142.220.118
 1300475168.854378	141.142.220.118
 1300475168.854837	141.142.220.118
 1300475167.099816	141.142.220.50
 1300475168.891644	141.142.220.118
 1300475168.892037	141.142.220.118
 1300475171.677081	141.142.220.226
 1300475168.894422	141.142.220.118
-1300475167.096535	141.142.220.202
+1300475168.893988	141.142.220.118
 1300475168.858713	141.142.220.118
 1300475168.902195	141.142.220.118
 1300475169.899438	141.142.220.44
 1300475168.892414	141.142.220.118
 1300475168.858306	141.142.220.118
 1300475168.901749	141.142.220.118
 1300475168.853899	141.142.220.118
 1300475168.854837	141.142.220.118
 1300475168.857956	141.142.220.118
 1300475168.858713	141.142.220.118
 1300475171.677081	141.142.220.226
 1300475168.854378	141.142.220.118
 1300475173.153679	141.142.220.238
 1300475169.899438	141.142.220.44
 1300475168.892037	141.142.220.118
 1300475168.892414	141.142.220.118
 1300475168.902195	141.142.220.118
 1300475168.891644	141.142.220.118
 1300475168.894787	141.142.220.118
 1300475167.099816	141.142.220.50
 1300475170.862384	141.142.220.226
 1300475167.096535	141.142.220.202
 1300475168.858306	141.142.220.118
 1300475173.117362	141.142.220.226
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log
@ -6,3 +6,6 @@
 #fields	ts	id.orig_h
 #types	time	addr
 1300475169.780331	173.192.163.128
 1300475167.097012	fe80::217:f2ff:fed7:cf65
 1300475171.675372	fe80::3074:17d5:2052:c324
 1300475173.116749	fe80::3074:17d5:2052:c324
--- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log
@ -5,6 +5,6 @@
 #path	metrics
 #fields	ts	metric_id	filter_name	index.host	index.str	index.network	value
 #types	time	enum	string	addr	string	subnet	count
-1324314335.570789	TEST_METRIC	foo-bar	6.5.4.3	-	-	4
+1328303679.867377	TEST_METRIC	foo-bar	6.5.4.3	-	-	4
-1324314335.570789	TEST_METRIC	foo-bar	1.2.3.4	-	-	6
+1328303679.867377	TEST_METRIC	foo-bar	7.2.1.5	-	-	2
-1324314335.570789	TEST_METRIC	foo-bar	7.2.1.5	-	-	2
+1328303679.867377	TEST_METRIC	foo-bar	1.2.3.4	-	-	6
--- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log
@ -5,6 +5,6 @@
 #path	metrics
 #fields	ts	metric_id	filter_name	index.host	index.str	index.network	value
 #types	time	enum	string	addr	string	subnet	count
-1324314344.807073	TEST_METRIC	foo-bar	6.5.4.3	-	-	2
+1328303763.333948	TEST_METRIC	foo-bar	6.5.4.3	-	-	2
-1324314344.807073	TEST_METRIC	foo-bar	1.2.3.4	-	-	3
+1328303763.333948	TEST_METRIC	foo-bar	7.2.1.5	-	-	1
-1324314344.807073	TEST_METRIC	foo-bar	7.2.1.5	-	-	1
+1328303763.333948	TEST_METRIC	foo-bar	1.2.3.4	-	-	3
--- a/testing/btest/bifs/addr_version.bro
+++ b/testing/btest/bifs/addr_version.bro
@ -0,0 +1,7 @@
 # @TEST-EXEC: bro %INPUT >out
 # @TEST-EXEC: btest-diff out
 print is_v4_addr(1.2.3.4);
 print is_v4_addr(::1);
 print is_v6_addr(1.2.3.4);
 print is_v6_addr(::1);
--- a/testing/btest/core/print-bpf-filters-ipv4.bro
+++ b/testing/btest/core/print-bpf-filters-ipv4.bro
@ -1,12 +0,0 @@
 # @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q F
 #
 # @TEST-EXEC: bro -r $TRACES/empty.trace -e '' >output
 # @TEST-EXEC: cat packet_filter.log >>output
 # @TEST-EXEC: bro -r $TRACES/empty.trace PacketFilter::all_packets=F >>output
 # @TEST-EXEC: cat packet_filter.log >>output
 # @TEST-EXEC: bro -r $TRACES/empty.trace -f "port 42" -e '' >>output
 # @TEST-EXEC: cat packet_filter.log >>output
 # @TEST-EXEC: bro -r $TRACES/empty.trace -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace >>output
 # @TEST-EXEC: cat packet_filter.log >>output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff conn.log
--- a/testing/btest/core/print-bpf-filters-ipv6.bro
+++ b/testing/btest/core/print-bpf-filters-ipv6.bro
@ -1,5 +1,3 @@
 # @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q T
 #
 # @TEST-EXEC: bro -r $TRACES/empty.trace -e '' >output
 # @TEST-EXEC: cat packet_filter.log >>output
 # @TEST-EXEC: bro -r $TRACES/empty.trace PacketFilter::all_packets=F >>output
--- a/testing/btest/istate/broccoli.bro
+++ b/testing/btest/istate/broccoli.bro
@ -1,4 +1,3 @@
 # @TEST-REQUIRES: grep -vq '#define BROv6' $BUILD/config.h
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 #
 # @TEST-EXEC: btest-bg-run bro bro %INPUT $DIST/aux/broccoli/test/broping-record.bro
--- a/testing/btest/istate/pybroccoli.py
+++ b/testing/btest/istate/pybroccoli.py
@ -1,4 +1,3 @@
 # @TEST-REQUIRES: grep -vq '#define BROv6' $BUILD/config.h
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/bindings/broccoli-python/_broccoli_intern.so
 #
--- a/testing/btest/language/sizeof.bro
+++ b/testing/btest/language/sizeof.bro
@ -20,6 +20,7 @@ type example_record: record {
 };
 global a:  addr = 1.2.3.4;
 global a6: addr = ::1;
 global b:  bool = T;
 global c:  count = 10;
 global d:  double = -1.23;
@ -52,8 +53,10 @@ v[4] = "World";
 # Print out the sizes of the various vals:
 #-----------------------------------------
-# Size of addr: returns integer representation for IPv4, 0 for IPv6.
+# Size of addr: returns number of bits required to represent the address
-print fmt("Address %s: %d", a, |a|);
+# which is 32 for IPv4 or 128 for IPv6
 print fmt("IPv4 Address %s: %d", a, |a|);
 print fmt("IPv6 Address %s: %d", a6, |a6|);
 # Size of boolean: returns 1 or 0.
 print fmt("Boolean %s: %d", b, |b|);
`@ -1 +1 @@`
	`[pkts_recvd=131, pkts_dropped=0, pkts_link=0]`	`[pkts_recvd=136, pkts_dropped=0, pkts_link=0]`
		`@ -1,2 +0,0 @@`
			`# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history notice_tags`
			`1128727435.4509 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp - 1.73330307006836 98 9417 SF - 0 ShADdFaf -`