Merge remote-tracking branch 'origin/topic/timw/open-dict'

* origin/topic/timw/open-dict: (40 commits)
  Move Dict constants to detail namespace
  Add a few missing deprecation fixes
  Adjust Dict whitespace/style
  Adjust more btest timings
  Improve termination reliability/speed for brokerstore btests
  General btest cleanup
  Update NEWS about change in Dictionary implementation
  Improve Intel expire-item btest to be less time-sensitive
  Improve btests with unstable table/set output ordering
  Update doc submodule
  Adjust a few btests that were unstable due to time-sensitivity
  Fix DNS script deleting a table element while iterating
  Improve a brokerstore btest to filter out Broker connection messages
  Sort output of a few SumStats cluster tests
  Fix extract_first_email_addr() to really return the first email
  Add find_all_ordered() BIF
  Extend external test suite canonifier with set-sorting logic
  Update btests/baselines for OpenDict compat
  Fix new/malloc/delete/free mismatches in Dictionary code
  Add explanation for a Dict TODO item
  ...

CHANGES

@@ -1,3 +1,111 @@
+3.3.0-dev.97 | 2020-08-11 11:34:17 -0700
+
+  * Move Dict constants to detail namespace (Tim Wojtulewicz, Corelight)
+
+  * Add a few missing deprecation fixes (Tim Wojtulewicz, Corelight)
+
+  * Adjust Dict whitespace/style (Jon Siwek, Corelight)
+
+  * Adjust more btest timings (Jon Siwek, Corelight)
+
+  * Improve termination reliability/speed for brokerstore btests (Jon Siwek, Corelight)
+
+  * General btest cleanup
+
+    - Use `-b` most everywhere, it will save time.
+
+    - Start some intel tests upon the input file being fully read instead of
+      at an arbitrary time.
+
+    - Improve termination condition for some sumstats/cluster tests.
+
+    - Filter uninteresting output from some supervisor tests.
+
+    - Test for `notice_policy.log` is no longer needed. (Jon Siwek, Corelight)
+
+  * Update NEWS about change in Dictionary implementation (Jon Siwek, Corelight)
+
+  * Improve Intel expire-item btest to be less time-sensitive (Jon Siwek, Corelight)
+
+  * Improve btests with unstable table/set output ordering
+
+    Particularly, the final output order of a table/set is sensitive to
+    order of input/insertions and some tests were converting
+    std::unordered_{set,map} to Zeek table/set and iteration over those
+    standard containers may not always loop through elements in the same
+    order across all platforms. (Jon Siwek, Corelight)
+
+  * Update doc submodule (Jon Siwek, Corelight)
+
+  * Adjust a few btests that were unstable due to time-sensitivity (Jon Siwek, Corelight)
+
+  * Fix DNS script deleting a table element while iterating
+
+    Doesn't typically cause any problems since the loop breaks after
+    deleting, except there's now an assert in debug builds catching
+    potential problems like this. (Jon Siwek, Corelight)
+
+  * Improve a brokerstore btest to filter out Broker connection messages (Jon Siwek, Corelight)
+
+  * Sort output of a few SumStats cluster tests
+
+    The order of $epoch_result() function calls among all keys within a
+    single epoch isn't consequential. (Jon Siwek, Corelight)
+
+  * Fix extract_first_email_addr() to really return the first email
+
+    The use of find_all() in extract_email_addrs_vec() extracted occurrences
+    to an intermediate set and thus lost any sense of ordering.
+
+    This changes extract_email_addrs_vec() to use find_all_ordered() and
+    return all occurrences of email addresses found in the argument,
+    included duplicates, with their order of occurrence preserved. (Jon Siwek, Corelight)
+
+  * Add find_all_ordered() BIF
+
+    Operates similar to find_all(), except returns a vector instead of
+    set to allow preservation of order/duplicates. (Jon Siwek, Corelight)
+
+  * Extend external test suite canonifier with set-sorting logic
+
+    Two new canonifiers: one to sort the contents of conn.log "service"
+    field and another to sort the contents of any field of type "set". (Jon Siwek, Corelight)
+
+  * Update btests/baselines for OpenDict compat
+
+    Haven't checked different build configurations yet, but all except
+    a few SumStats tests are stable for me now.  The external tests
+    are also completely failing, but haven't looked at those yet. (Jon Siwek, Corelight)
+
+  * Fix new/malloc/delete/free mismatches in Dictionary code (Jon Siwek, Corelight)
+
+  * Add explanation for a Dict TODO item (Jon Siwek, Corelight)
+
+  * Fix compiler warning in Dictionary debug/dump printf format string (Jon Siwek, Corelight)
+
+  * Overwrite old Dict.h/cc with new ones (Tim Wojtulewicz, Corelight)
+
+  * Fix issue with sumstats script and fix baselines that were crashing previously (Tim Wojtulewicz, Corelight)
+
+  * Extend the timeouts on a few intel tests, update baselines (Tim Wojtulewicz, Corelight)
+
+  * Updating test baselines for new dictionary code due to changes in ordering of fields in the dictionary (Tim Wojtulewicz, Corelight)
+
+  * Add namespaces for OpenDict files (Tim Wojtulewicz, Corelight)
+
+  * Add unit tests from Dict into OpenDict files (Tim Wojtulewicz, Corelight)
+
+  * Build fixups
+
+    - Fix some clang-tidy warnings
+    - Add std:: namespaces for ofstream and ios
+    - Remove some unused methods (Tim Wojtulewicz, Corelight)
+
+  * Massive formatting cleanup (jasonlue)
+
+  * Remove key reference after insertion because the key may become invalid afterwards. (jasonlue)
+
+  * add Clustered Hashing based Open Addressing Dict. To replace the existing dict, #define USE_OPEN_DICT (jasonlue)
 
 3.3.0-dev.55 | 2020-08-10 09:57:36 -0700
 

NEWS

@@ -27,6 +27,17 @@ Changed Functionality
   - The use as enum of type ``NetControl::RuleType`` is unchanged and still
     named ``NetControl::DROP``
 
+- The extract_email_addrs_vec() BIF now returns all occurrences of emails,
+  including duplicates, with preserved order of occurrence.  This seems like
+  the original/documented intent of the function, but the previous
+  implementation did not preserve ordering or duplicates.
+
+- The Dictionary implementation is replaced (no API changes).  The new version
+  uses clustered hashing, a variation of Robinhood / Open Addressing hashing.
+  This implementation generally performs better and utilizes less memory
+  than the previous one.  A detailed explanation of the implementation is here:
+  https://jasonlue.github.io/algo/2019/08/20/clustered-hashing.html
+
 Removed Functionality
 ---------------------
 

VERSION

@@ -1 +1 @@
-3.3.0-dev.55
+3.3.0-dev.97

doc

@@ -1 +1 @@
-Subproject commit 607b7a6ce09f12117b44387a2df585e81c9607e9
+Subproject commit 990bf9fab1456e555d9945a76c03c22d400ae4e0

scripts/base/frameworks/sumstats/cluster.zeek

@@ -328,13 +328,16 @@ function request_all_current_keys(uid: string, ss_name: string, cleanup: bool)
 	if ( uid in stats_keys && |stats_keys[uid]| > 0 )
 		{
 		#print fmt("    -- %d remaining keys here", |stats_keys[uid]|);
-		for ( key in stats_keys[uid] )
+		local key: Key;
+		for ( k in stats_keys[uid] )
 			{
+			key = k;
+			break; # only a single key
+			}
+
 		done_with[uid] = 0;
 		event SumStats::cluster_get_result(uid, ss_name, key, cleanup);
 		delete stats_keys[uid][key];
-			break; # only a single key
-			}
 		}
 	else
 		{

scripts/base/protocols/dns/main.zeek

@@ -285,12 +285,19 @@ hook set_session(c: connection, msg: dns_msg, is_query: bool) &priority=5
 				else
 					{
 					# Just pick an arbitrary, unpaired query.
+					local tid: count;
+					local found_one = F;
+
 					for ( trans_id, q in c$dns_state$pending_queries )
 						if ( Queue::len(q) > 0 )
 							{
-							c$dns_state$pending_query = pop_msg(c$dns_state$pending_queries, trans_id);
+							tid = trans_id;
+							found_one = T;
 							break;
 							}
+
+					if ( found_one )
+						c$dns_state$pending_query = pop_msg(c$dns_state$pending_queries, tid);
 					}
 				}
 			}

scripts/base/utils/email.zeek

@@ -8,9 +8,9 @@ function extract_email_addrs_vec(str: string): string_vec
 	{
 	local addrs: vector of string = vector();
 
-	local raw_addrs = find_all(str, /(^|[<,:[:blank:]])[^<,:[:blank:]@]+"@"[^>,;[:blank:]]+([>,;[:blank:]]|$)/);
+	local raw_addrs = find_all_ordered(str, /(^|[<,:[:blank:]])[^<,:[:blank:]@]+"@"[^>,;[:blank:]]+([>,;[:blank:]]|$)/);
-	for ( raw_addr in raw_addrs )
+	for ( i in raw_addrs )
-		addrs += gsub(raw_addr, /[<>,:;[:blank:]]/, "");
+		addrs += gsub(raw_addrs[i], /[<>,:;[:blank:]]/, "");
 
 	return addrs;
 	}

src/Dict.h

@@ -2,79 +2,197 @@
 
 #pragma once
 
-#include "zeek-config.h"
+#include <cstdint>
+#include <vector>
 
-#include "List.h"
 #include "Hash.h"
 
-ZEEK_FORWARD_DECLARE_NAMESPACED(DictEntry, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(IterCookie, zeek);
+ZEEK_FORWARD_DECLARE_NAMESPACED(DictEntry, zeek::detail);
 
 // Type for function to be called when deleting elements.
 typedef void (*dict_delete_func)(void*);
 
 namespace zeek {
 
-// Type indicating whether the dictionary should keep track of the order
-// of insertions.
 enum DictOrder { ORDERED, UNORDERED };
 
 // A dict_delete_func that just calls delete.
 extern void generic_delete_func(void*);
 
+namespace detail {
+
+// Default number of hash buckets in dictionary.  The dictionary will increase the size
+// of the hash table as needed.
+constexpr uint32_t HASH_MASK = 0xFFFFFFFF; //only lower 32 bits.
+
+// These four variables can be used to build different targets with -Dxxx for performance
+// or for debugging purposes.
+
+// When incrementally resizing and remapping, it remaps DICT_REMAP_ENTRIES each step. Use
+// 2 for debug. 16 is best for a release build.
+constexpr uint8_t DICT_REMAP_ENTRIES = 16;
+
+// Load factor = 1 - 0.5 ^ LOAD_FACTOR_BITS. 0.75 is the optimal value for release builds.
+constexpr uint8_t DICT_LOAD_FACTOR_BITS = 2;
+
+// Default number of hash buckets in dictionary.  The dictionary will
+// increase the size of the hash table as needed.
+constexpr uint8_t DEFAULT_DICT_SIZE = 0;
+
+// When log2_buckets > DICT_THRESHOLD_BITS, DICT_LOAD_FACTOR_BITS becomes effective.
+// Basically if dict size < 2^DICT_THRESHOLD_BITS + n, we size up only if necessary.
+constexpr uint8_t DICT_THRESHOLD_BITS = 3;
+
+// The value of an iteration cookie is the bucket and offset within the
+// bucket at which to start looking for the next value to return.
+constexpr uint16_t TOO_FAR_TO_REACH = 0xFFFF;
+
+/**
+ * An entry stored in the dictionary.
+ */
+class DictEntry {
+public:
+
+#ifdef DEBUG
+	int bucket = 0;
+#endif
+
+	// Distance from the expected position in the table. 0xFFFF means that the entry is empty.
+	uint16_t distance = TOO_FAR_TO_REACH;
+
+	// The size of the key. Less than 8 bytes we'll store directly in the entry, otherwise we'll
+	// store it as a pointer. This avoids extra allocations if we can help it.
+	uint16_t key_size = 0;
+
+	// Lower 4 bytes of the 8-byte hash, which is used to calculate the position in the table.
+	uint32_t hash = 0;
+
+	void* value = nullptr;
+	union{
+		char key_here[8]; //hold key len<=8. when over 8, it's a pointer to real keys.
+		char* key;
+	};
+
+	DictEntry(void* arg_key, int key_size = 0, zeek::detail::hash_t hash = 0, void* value = nullptr,
+	          int16_t d = TOO_FAR_TO_REACH, bool copy_key = false)
+		: distance(d), key_size(key_size), hash((uint32_t)hash), value(value)
+		{
+		if ( key_size <= 8 )
+			{
+			memcpy(key_here, arg_key, key_size);
+			if ( ! copy_key )
+				delete [] (char*)arg_key; //own the arg_key, now don't need it.
+			}
+		else
+			{
+			if ( copy_key )
+				{
+				key = new char[key_size];
+				memcpy(key, arg_key, key_size);
+				}
+			else
+				{
+				key = (char*)arg_key;
+				}
+			}
+		}
+
+	bool Empty() const	{ return distance == TOO_FAR_TO_REACH; }
+	void SetEmpty()
+		{
+		distance = TOO_FAR_TO_REACH;
+#ifdef DEBUG
+
+		hash = 0;
+		key = nullptr;
+		value = nullptr;
+		key_size = 0;
+		bucket = 0;
+#endif//DEBUG
+		}
+
+	void Clear()
+		{
+		if( key_size > 8 )
+			delete [] key;
+		SetEmpty();
+		}
+
+	const char* GetKey() const { return key_size <= 8 ? key_here : key; }
+
+	bool Equal(const char* arg_key, int arg_key_size, zeek::detail::hash_t arg_hash) const
+		{//only 40-bit hash comparison.
+		return ( 0 == ((hash ^ arg_hash) & HASH_MASK) )
+			&& key_size == arg_key_size && 0 == memcmp(GetKey(), arg_key, key_size);
+		}
+	bool operator==(const DictEntry& r) const
+		{
+		return Equal(r.GetKey(), r.key_size, r.hash);
+		}
+	bool operator!=(const DictEntry& r) const
+		{
+		return ! Equal(r.GetKey(), r.key_size, r.hash);
+		}
+};
+
+} // namespace detail
+
+/**
+ * A dictionary type that uses clustered hashing, a variation of Robinhood/Open Addressing
+ * hashing. The following posts help to understand the implementation:
+ * - https://jasonlue.github.io/algo/2019/08/20/clustered-hashing.html
+ * - https://jasonlue.github.io/algo/2019/08/27/clustered-hashing-basic-operations.html
+ * - https://jasonlue.github.io/algo/2019/09/03/clustered-hashing-incremental-resize.html
+ * - https://jasonlue.github.io/algo/2019/09/10/clustered-hashing-modify-on-iteration.html
+ *
+ * The dictionary is effectively a hashmap from hashed keys to values. The dictionary owns
+ * the keys but not the values. The dictionary size will be bounded at around 100K. 1M
+ * entries is the absolute limit. Only Connections use that many entries, and that is rare.
+ */
 class Dictionary {
 public:
-	explicit Dictionary(DictOrder ordering = UNORDERED,
+	explicit Dictionary(DictOrder ordering = UNORDERED, int initial_size = detail::DEFAULT_DICT_SIZE);
-	                    int initial_size = 0);
-
 	~Dictionary();
 
 	// Member functions for looking up a key, inserting/changing its
 	// contents, and deleting it.  These come in two flavors: one
-	// which takes a HashKey, and the other which takes a raw key,
+	// which takes a zeek::detail::HashKey, and the other which takes a raw key,
 	// its size, and its (unmodulated) hash.
-	void* Lookup(const zeek::detail::HashKey* key) const
+	//lookup may move the key to right place if in the old zone to speed up the next lookup.
-		{ return Lookup(key->Key(), key->Size(), key->Hash()); }
+	void* Lookup(const zeek::detail::HashKey* key) const;
-	void* Lookup(const void* key, int key_size, zeek::detail::hash_t hash) const;
+	void* Lookup(const void* key, int key_size, zeek::detail::hash_t h) const;
 
 	// Returns previous value, or 0 if none.
 	void* Insert(zeek::detail::HashKey* key, void* val)
-		{
+		{ return Insert(key->TakeKey(), key->Size(), key->Hash(), val, false); }
-		return Insert(key->TakeKey(), key->Size(), key->Hash(), val, 0);
+
-		}
 	// If copy_key is true, then the key is copied, otherwise it's assumed
 	// that it's a heap pointer that now belongs to the Dictionary to
 	// manage as needed.
-	void* Insert(void* key, int key_size, zeek::detail::hash_t hash, void* val,
+	void* Insert(void* key, int key_size, zeek::detail::hash_t hash, void* val, bool copy_key);
-			bool copy_key);
 
 	// Removes the given element.  Returns a pointer to the element in
 	// case it needs to be deleted.  Returns 0 if no such element exists.
 	// If dontdelete is true, the key's bytes will not be deleted.
 	void* Remove(const zeek::detail::HashKey* key)
 		{ return Remove(key->Key(), key->Size(), key->Hash()); }
-	void* Remove(const void* key, int key_size, zeek::detail::hash_t hash,
+	void* Remove(const void* key, int key_size, zeek::detail::hash_t hash, bool dont_delete = false);
-				bool dont_delete = false);
 
 	// Number of entries.
 	int Length() const
-		{ return tbl2 ? num_entries + num_entries2 : num_entries; }
+		{ return num_entries; }
 
 	// Largest it's ever been.
 	int MaxLength() const
-		{
+		{ return max_entries; }
-		return tbl2 ?
-			max_num_entries + max_num_entries2 : max_num_entries;
-		}
 
 	// Total number of entries ever.
 	uint64_t NumCumulativeInserts() const
-		{
+		{ return cum_entries; }
-		return cumulative_entries;
-		}
 
 	// True if the dictionary is ordered, false otherwise.
-	bool IsOrdered() const		{ return order != nullptr; }
+	int IsOrdered() const	{ return order != nullptr; }
 
 	// If the dictionary is ordered then returns the n'th entry's value;
 	// the second method also returns the key.  The first entry inserted
@@ -104,7 +222,7 @@ public:
 	// If return_hash is true, a HashKey for the entry is returned in h,
 	// which should be delete'd when no longer needed.
 	IterCookie* InitForIteration() const;
-	void* NextEntry(zeek::detail::HashKey*& h, IterCookie*& cookie, int return_hash) const;
+	void* NextEntry(zeek::detail::HashKey*& h, IterCookie*& cookie, bool return_hash) const;
 	void StopIteration(IterCookie* cookie) const;
 
 	void SetDeleteFunc(dict_delete_func f)		{ delete_func = f; }
@@ -115,78 +233,141 @@ public:
 	// and (ii) we won't visit any still-unseen entries which are getting
 	// removed. (We don't get this for free, so only use it if
 	// necessary.)
-	void MakeRobustCookie(IterCookie* cookie)
+	void MakeRobustCookie(IterCookie* cookie);
-		{ cookies.push_back(cookie); }
 
 	// Remove all entries.
 	void Clear();
 
-	unsigned int MemoryAllocation() const;
+	size_t MemoryAllocation() const;
+
+	/// The capacity of the table, Buckets + Overflow Size.
+	int Capacity(bool expected = false) const;
+
+	//Debugging
+#ifdef DEBUG
+	void AssertValid() const;
+#endif//DEBUG
+	void Dump(int level=0) const;
+	void DistanceStats(int& max_distance, int* distances = 0, int num_distances = 0) const;
+	void DumpKeys() const;
 
 private:
-	void Init(int size);
+	friend zeek::IterCookie;
-	void Init2(int size);	// initialize second table for resizing
-	void DeInit();
 
-	// Internal version of Insert().
+	/// Buckets of the table, not including overflow size.
-	void* Insert(zeek::detail::DictEntry* entry, bool copy_key);
+	int Buckets(bool expected = false) const;
 
-	void* DoRemove(zeek::detail::DictEntry* entry, zeek::detail::hash_t h,
+	//bucket math
-	               zeek::PList<zeek::detail::DictEntry>* chain, int chain_offset);
+	int Log2(int num) const;
+	int ThresholdEntries() const;
 
-	int NextPrime(int n) const;
+	// Used to improve the distribution of the original hash.
-	bool IsPrime(int n) const;
+	zeek::detail::hash_t FibHash(zeek::detail::hash_t h) const;
-	void StartChangeSize(int new_size);
-	void FinishChangeSize();
-	void MoveChains();
 
-	// The following get and set the "density" threshold - if the
+	// Maps a hash to the appropriate n-bit table bucket.
-	// average hash chain length exceeds this threshold, the
+	int BucketByHash(zeek::detail::hash_t h, int bit) const;
-	// table will be resized.  The default value is 3.0.
-	double DensityThresh() const	{ return den_thresh; }
 
-	void SetDensityThresh(double thresh)
+	// Given a position of a non-empty item in the table, find the related bucket.
-		{
+	int BucketByPosition(int position) const;
-		den_thresh = thresh;
-		thresh_entries = int(thresh * double(num_buckets));
-		}
 
-	// Same for the second table, when resizing.
+	// Given a bucket of a non-empty item in the table, find the end of its cluster.
-	void SetDensityThresh2(double thresh)
+	// The end should be equal to tail+1 if tail exists. Otherwise it's the tail of
-		{
+	// the just-smaller cluster + 1.
-		den_thresh2 = thresh;
+	int EndOfClusterByBucket(int bucket) const;
-		thresh_entries2 = int(thresh * double(num_buckets2));
+
-		}
+	// Given a position of a non-empty item in the table, find the head of its cluster.
+	int HeadOfClusterByPosition(int position) const;
+
+	// Given a position of a non-empty item in the table, find the tail of its cluster.
+	int TailOfClusterByPosition(int position) const;
+
+	// Given a position of a non-empty item in the table, find the end of its cluster.
+	// The end should be equal to tail+1 if tail exists. Otherwise it's the tail of
+	// the just-smaller cluster + 1.
+	int EndOfClusterByPosition(int position) const;
+
+	// Given a position of a non-empty item in the table, find the offset of it within
+	// its cluster.
+	int OffsetInClusterByPosition(int position) const;
+
+	// Next non-empty item position in the table.
+	int Next(int i) const;
+
+	void Init();
+
+	//Iteration
+	IterCookie* InitForIterationNonConst();
+	void* NextEntryNonConst(zeek::detail::HashKey*& h, IterCookie*& cookie, bool return_hash);
+	void StopIterationNonConst(IterCookie* cookie);
+
+	//Lookup
+	int LinearLookupIndex(const void* key, int key_size, zeek::detail::hash_t hash) const;
+	int LookupIndex(const void* key, int key_size, zeek::detail::hash_t hash, int* insert_position = nullptr,
+		int* insert_distance = nullptr);
+	int LookupIndex(const void* key, int key_size, zeek::detail::hash_t hash, int begin, int end,
+		int* insert_position = nullptr, int* insert_distance  = nullptr);
+
+	/// Insert entry, Adjust cookies when necessary.
+	void InsertRelocateAndAdjust(detail::DictEntry& entry, int insert_position);
+
+	/// insert entry into position, relocate other entries when necessary.
+	void InsertAndRelocate(detail::DictEntry& entry, int insert_position, int* last_affected_position = nullptr);
+
+	/// Adjust Cookies on Insert.
+	void AdjustOnInsert(IterCookie* c, const detail::DictEntry& entry, int insert_position, int last_affected_position);
+
+	///Remove, Relocate & Adjust cookies.
+	detail::DictEntry RemoveRelocateAndAdjust(int position);
+
+	///Remove & Relocate
+	detail::DictEntry RemoveAndRelocate(int position, int* last_affected_position = nullptr);
+
+	///Adjust safe cookies after Removal of entry at position.
+	void AdjustOnRemove(IterCookie* c, const detail::DictEntry& entry, int position, int last_affected_position);
+
+	bool Remapping() const { return remap_end >= 0;} //remap in reverse order.
+
+	///One round of remap.
+	void Remap();
+
+	// Remap an item in position to a new position. Returns true if the relocation was
+	// successful, false otherwise. new_position will be set to the new position if a
+	// pointer is provided to store the new value.
+	bool Remap(int position, int* new_position = nullptr);
+
+	void SizeUp();
+
+	//alligned on 8-bytes with 4-leading bytes. 7*8=56 bytes a dictionary.
+
+	// when sizeup but the current mapping is in progress. the current mapping will be ignored
+	// as it will be remapped to new dict size anyway. however, the missed count is recorded
+	// for lookup. if position not found for a key in the position of dict of current size, it
+	// still could be in the position of dict of previous N sizes.
+	unsigned char remaps = 0;
+	unsigned char log2_buckets = 0;
+
+	// Pending number of iterators on the Dict, including both robust and non-robust.
+	// This is used to avoid remapping if there are any active iterators.
+	unsigned short num_iterators = 0;
+
+	// The last index to be remapped.
+	int remap_end = -1;
 
-	// Normally we only have tbl.
-	// When we're resizing, we'll have tbl (old) and tbl2 (new)
-	// tbl_next_ind keeps track of how much we've moved to tbl2
-	// (it's the next index we're going to move).
-	zeek::PList<zeek::detail::DictEntry>** tbl = nullptr;
-	int num_buckets = 0;
 	int num_entries = 0;
-	int max_num_entries = 0;
+	int max_entries = 0;
-	int thresh_entries = 0;
-	uint64_t cumulative_entries = 0;
-	double den_thresh = 0.0;
 
-	// Resizing table (replicates tbl above).
+	uint64_t cum_entries = 0;
-	zeek::PList<zeek::detail::DictEntry>** tbl2 = nullptr;
-	int num_buckets2 = 0;
-	int num_entries2 = 0;
-	int max_num_entries2 = 0;
-
-	int thresh_entries2 = 0;
-	double den_thresh2 = 0;
-
-	zeek::detail::hash_t tbl_next_ind = 0;
-
-	zeek::PList<zeek::detail::DictEntry>* order = nullptr;
 	dict_delete_func delete_func = nullptr;
+	detail::DictEntry* table = nullptr;
+	std::vector<IterCookie*>* cookies = nullptr;
 
-	zeek::PList<IterCookie> cookies;
+	// Order means the order of insertion. means no deletion until exit. will be inefficient.
+	std::vector<detail::DictEntry>* order = nullptr;
 };
 
+/*
+ * Template specialization of Dictionary that stores pointers for values.
+ */
 template<typename T>
 class PDict : public Dictionary {
 public:
@@ -216,10 +397,10 @@ public:
 	T* NextEntry(IterCookie*& cookie) const
 		{
 		zeek::detail::HashKey* h;
-		return (T*) Dictionary::NextEntry(h, cookie, 0);
+		return (T*) Dictionary::NextEntry(h, cookie, false);
 		}
 	T* NextEntry(zeek::detail::HashKey*& h, IterCookie*& cookie) const
-		{ return (T*) Dictionary::NextEntry(h, cookie, 1); }
+		{ return (T*) Dictionary::NextEntry(h, cookie, true); }
 	T* RemoveEntry(const zeek::detail::HashKey* key)
 		{ return (T*) Remove(key->Key(), key->Size(), key->Hash()); }
 	T* RemoveEntry(const zeek::detail::HashKey& key)

src/strings.bif

@@ -943,7 +943,7 @@ function safe_shell_quote%(source: string%): string
 ##
 ## Returns: The set of strings in *str* that match *re*, or the empty set.
 ##
-## .. zeek:see: find_last strstr
+## .. zeek:see: find_all_ordered find_last strstr
 function find_all%(str: string, re: pattern%) : string_set
 	%{
 	auto a = zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set);
@@ -965,6 +965,38 @@ function find_all%(str: string, re: pattern%) : string_set
 	return a;
 	%}
 
+## Finds all occurrences of a pattern in a string.  The order in which
+## occurrences are found is preverved and the return value may contain
+## duplicate elements.
+##
+## str: The string to inspect.
+##
+## re: The pattern to look for in *str*.
+##
+## Returns: All strings in *str* that match *re*, or an empty vector.
+##
+## .. zeek:see: find_all find_last strstr
+function find_all_ordered%(str: string, re: pattern%) : string_vec
+	%{
+	auto a = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
+
+	const u_char* s = str->Bytes();
+	const u_char* e = s + str->Len();
+
+	for ( const u_char* t = s; t < e; ++t )
+		{
+		int n = re->MatchPrefix(t, e - t);
+		if ( n >= 0 )
+			{
+			auto idx = zeek::make_intrusive<zeek::StringVal>(n, (const char*) t);
+			a->Assign(a->Size(), std::move(idx));
+			t += n - 1;
+			}
+		}
+
+	return a;
+	%}
+
 ## Finds the last occurrence of a pattern in a string. This function returns
 ## the match that starts at the largest index in the string, which is not
 ## necessarily the longest match.  For example, a pattern of ``/.*/`` will
@@ -976,7 +1008,7 @@ function find_all%(str: string, re: pattern%) : string_set
 ##
 ## Returns: The last string in *str* that matches *re*, or the empty string.
 ##
-## .. zeek:see: find_all strstr
+## .. zeek:see: find_all find_all_ordered strstr
 function find_last%(str: string, re: pattern%) : string
 	%{
 	const u_char* s = str->Bytes();

testing/btest/Baseline/bifs.filter_subnet_table/output

@@ -1,16 +1,16 @@
 {
+10.2.0.2/31,
 10.0.0.0/8,
-10.2.0.0/16,
+10.2.0.0/16
-10.2.0.2/31
+}
+{
+[10.2.0.2/31] = c,
+[10.0.0.0/8] = a,
+[10.2.0.0/16] = b
 }
 {
 [10.0.0.0/8] = a,
-[10.2.0.0/16] = b,
+[10.3.0.0/16] = e
-[10.2.0.2/31] = c
-}
-{
-[10.3.0.0/16] = e,
-[10.0.0.0/8] = a
 }
 {
 

testing/btest/Baseline/bifs.find_all/out

@@ -1,4 +1,4 @@
-es
 hi
+es
 -------------------
 0

testing/btest/Baseline/bifs.find_all_ordered/out

@@ -0,0 +1,8 @@
+[this, is, a, test]
+[one, two, three, four, one, two, three, four]
+[this, is, a, test, test, test]
+[]
+[a, b]
+[foo]
+[bar, foo]
+[]

testing/btest/Baseline/bifs.matching_subnets/output

@@ -1,16 +1,16 @@
 {
-5.0.0.0/8,
-7.2.0.0/32,
-10.3.0.0/16,
-2607:f8b0:4007:807::200e/128,
-10.0.0.0/8,
-2607:f8b0:4007:807::/64,
-10.1.0.0/16,
-5.2.0.0/32,
-10.2.0.0/16,
 2607:f8b0:4008:807::/64,
 10.2.0.2/31,
-5.5.0.0/25
+10.2.0.0/16,
+5.5.0.0/25,
+10.1.0.0/16,
+10.0.0.0/8,
+7.2.0.0/32,
+5.2.0.0/32,
+2607:f8b0:4007:807::200e/128,
+2607:f8b0:4007:807::/64,
+5.0.0.0/8,
+10.3.0.0/16
 }
 [10.2.0.2/31, 10.2.0.0/16, 10.0.0.0/8]
 [2607:f8b0:4007:807::200e/128, 2607:f8b0:4007:807::/64]

testing/btest/Baseline/bifs.netbios-functions/out

@@ -1,7 +1,7 @@
-\x01\x02__MSBROWSE__\x02
-1
 WORKGROUP
 27
+\x01\x02__MSBROWSE__\x02
+1
 MARTIN
 3
 ISATAP

testing/btest/Baseline/bifs.records_fields/out

@@ -1,32 +1,32 @@
 [a=42, b=Foo, c=<uninitialized>, d=Bar, e=tt]
 {
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>],
 [b] = [type_name=string, log=F, value=Foo, default_val=Foo],
 [c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>]
-[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
-[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
 }
 F
 {
-[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
-[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
-[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
-[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
-[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
-[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>],
 [b] = [type_name=string, log=F, value=Foo, default_val=Foo],
 [c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>]
-[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
-[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
 }
 {
 
@@ -35,23 +35,23 @@ F
 [myfield] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
-[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
-[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
-[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
+[a] = [type_name=count, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
 [b] = [type_name=string, log=F, value=<uninitialized>, default_val=Foo],
 [c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=any, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=<uninitialized>, default_val=<uninitialized>]
-[a] = [type_name=count, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
+[a] = [type_name=set[double], log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=table[double,string] of table[string] of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [b] = [type_name=set[double,string], log=F, value=<uninitialized>, default_val=<uninitialized>],
 [c] = [type_name=set[double,record r], log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=vector of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=vector of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>]
-[a] = [type_name=set[double], log=F, value=<uninitialized>, default_val=<uninitialized>],
-[d] = [type_name=table[double,string] of table[string] of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }

testing/btest/Baseline/broker.store.brokerstore-attr-clone/clonetwo.out

@@ -1,19 +1,4 @@
 Peer added
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-attr-clone/master.out

@@ -1,38 +1,5 @@
 Peer added 
 Peer added 
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}
-{
-[b] = 3,
-[whatever] = 5,
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-attr-persistence-clone/output1

@@ -1,20 +1,3 @@
-{
+[[key=a, val=5], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[Believe me - I am a set, I am a set!, I am really a set!]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 5
-}
-{
-I am really a set!,
-Believe me - I am a set,
-I am a set!
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-attr-persistence-clone/output2

@@ -1,20 +1,3 @@
-{
+[[key=a, val=5], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[Believe me - I am a set, I am a set!, I am really a set!]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 5
-}
-{
-I am really a set!,
-Believe me - I am a set,
-I am a set!
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-attr-persistence-clone/output3

@@ -1,20 +1,3 @@
-{
+[[key=a, val=5], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[Believe me - I am a set, I am a set!, I am really a set!]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 5
-}
-{
-I am really a set!,
-Believe me - I am a set,
-I am a set!
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-attr-persistence/output1

@@ -1,20 +1,3 @@
-{
+[[key=a, val=5], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[Believe me - I am a set, I am a set!, I am really a set!]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 5
-}
-{
-I am really a set!,
-Believe me - I am a set,
-I am a set!
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-attr-persistence/output2

@@ -1,20 +1,3 @@
-{
+[[key=a, val=5], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[Believe me - I am a set, I am a set!, I am really a set!]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 5
-}
-{
-I am really a set!,
-Believe me - I am a set,
-I am a set!
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-attr-simple/clone.out

@@ -1,19 +1,10 @@
 Peer added
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c={
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
 elem1,
 elem2
-}],
+}]], [key=b, val=[a=2, b=d, c={
-[a] = [a=1, b=c, c={
 elem1,
 elem2
-}]
+}]]]
-}

testing/btest/Baseline/broker.store.brokerstore-backend-simple-incompatible/worker-1..stderr

@@ -1,3 +0,0 @@
-error: ProcessStoreEvent Insert: could not convert value "b" for key "a" in store "___sync_store_TestModule::s" while receiving remote data. This probably means the tables have different types on different nodes.
-error: ProcessStoreEvent Insert: could not convert key "a" for store "___sync_store_TestModule::t" while receiving remote data. This probably means the tables have different types on different nodes.
-received termination signal

testing/btest/Baseline/broker.store.brokerstore-backend-simple-incompatible/worker-1.err.log

@@ -0,0 +1,2 @@
+ProcessStoreEvent Insert: could not convert key "a" for store "___sync_store_TestModule::t" while receiving remote data. This probably means the tables have different types on different nodes.
+ProcessStoreEvent Insert: could not convert value "b" for key "a" in store "___sync_store_TestModule::s" while receiving remote data. This probably means the tables have different types on different nodes.

testing/btest/Baseline/broker.store.brokerstore-backend-simple-incompatible/worker-2.err.log

@@ -0,0 +1,2 @@
+ProcessStoreEvent Insert: could not convert key "a" for store "___sync_store_TestModule::t" while receiving remote data. This probably means the tables have different types on different nodes.
+ProcessStoreEvent Insert: could not convert value "b" for key "a" in store "___sync_store_TestModule::s" while receiving remote data. This probably means the tables have different types on different nodes.

testing/btest/Baseline/broker.store.brokerstore-backend-simple-reverse/clone.out

@@ -1,18 +1,3 @@
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-backend-simple-reverse/master.out

@@ -1,18 +1,3 @@
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-backend-simple/clone.out

@@ -1,18 +1,3 @@
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-backend-simple/master.out

@@ -1,18 +1,3 @@
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c=[elem1, elem2]]], [key=b, val=[a=2, b=d, c=[elem1, elem2]]]]
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
-elem1,
-elem2
-}],
-[a] = [a=1, b=c, c={
-elem1,
-elem2
-}]
-}

testing/btest/Baseline/broker.store.brokerstore-backend-sqlite/clone.out

@@ -1,18 +1,9 @@
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c={
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
 elem1,
 elem2
-}],
+}]], [key=b, val=[a=2, b=d, c={
-[a] = [a=1, b=c, c={
 elem1,
 elem2
-}]
+}]]]
-}

testing/btest/Baseline/broker.store.brokerstore-backend-sqlite/master.out

@@ -1,18 +1,9 @@
-{
+[[key=a, val=3], [key=b, val=3], [key=whatever, val=5]]
-[b] = 3,
+[hi]
-[whatever] = 5,
+[[key=a, val=[a=1, b=c, c={
-[a] = 3
-}
-{
-hi
-}
-{
-[b] = [a=2, b=d, c={
 elem1,
 elem2
-}],
+}]], [key=b, val=[a=2, b=d, c={
-[a] = [a=1, b=c, c={
 elem1,
 elem2
-}]
+}]]]
-}

testing/btest/Baseline/broker.store.ops/master.out

@@ -4,8 +4,8 @@
 [4], four, Broker::SUCCESS, [data=broker::data{{1, 2, 3}}]
 [5], five, Broker::FAILURE, [data=<uninitialized>]
 [6], {
-y,
+x,
-x
+y
 }, Broker::SUCCESS, [data=broker::data{(1/tcp, 2/tcp, 3/tcp)}]
 [7], two, Broker::SUCCESS, [data=broker::data{230}]
 [8], three, Broker::SUCCESS, [data=broker::data{320}]

testing/btest/Baseline/broker.store.sqlite/out

@@ -8,6 +8,6 @@ three, Broker::SUCCESS, [data=broker::data{330}]
 four, Broker::SUCCESS, [data=broker::data{{1, 2, 3}}]
 five, Broker::FAILURE, [data=<uninitialized>]
 {
-y,
+x,
-x
+y
 }, Broker::SUCCESS, [data=broker::data{(1/tcp, 2/tcp, 3/tcp)}]

testing/btest/Baseline/broker.store.type-conversion/master.out

@@ -33,13 +33,13 @@ hello
 Broker::BOOL
 {
 two,
-one,
+three,
-three
+one
 }
 {
 [two] = 2,
-[one] = 1,
+[three] = 3,
-[three] = 3
+[one] = 1
 }
 [zero, one, two]
 [s=abc]

testing/btest/Baseline/core.fake_dns/out

@@ -1,7 +1,7 @@
 {
-7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a,
 51f3:f001:5b82:e802:c401:6750:7b95:89bb,
-4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd
+4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd,
+7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a
 }
 lookup_hostname_txt, fake_text_lookup_result_bro.wp.dg.cx
 lookup_hostname, {

testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2019-07-31-18-53-23
+#open	2020-07-06-17-36-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1333458850.032887	C3eiCBGOLw3VtHfOj	10.131.42.160	62069	94.245.121.253	3544	udp	teredo	-	-	-	SHR	-	-	0	^d	0	0	1	84	C4J4Th3PJpwUYZZ6gc
@@ -22,5 +22,5 @@
 1333458850.029781	CmES5u32sYpV7JYN	190.104.181.254	2152	190.104.181.62	2152	udp	gtpv1	0.000002	192	0	S0	-	-	0	D	2	248	0	0	-
 1333458850.035456	CwjjYJ2WqgTbAqiHl6	190.104.181.210	2152	190.104.181.125	2152	udp	gtpv1	0.000004	194	0	S0	-	-	0	D	2	250	0	0	-
 1333458850.016620	CUM0KZ3MLUfNB0cl11	2001:0:5ef5:79fb:38b8:1695:2b37:be8e	128	2002:2571:c817::2571:c817	129	icmp	-	-	-	-	OTH	-	-	0	-	1	52	0	0	CtPZjS20MLrsMUOJi2
-1333458850.035456	CFLRIC3zaTU1loLGxh	fe80::ffff:ffff:fffe	133	ff02::2	134	icmp	-	0.000004	0	0	OTH	-	-	0	-	2	96	0	0	C9rXSW3KSpTYvPrlI1,C0LAHyvtKSQHyJxIl
+1333458850.035456	CFLRIC3zaTU1loLGxh	fe80::ffff:ffff:fffe	133	ff02::2	134	icmp	-	0.000004	0	0	OTH	-	-	0	-	2	96	0	0	C0LAHyvtKSQHyJxIl,C9rXSW3KSpTYvPrlI1
-#close	2019-07-31-18-53-23
+#close	2020-07-06-17-36-08

testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2019-07-31-18-53-23
+#open	2020-07-06-17-36-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1333458850.014199	CHhAvVGS1DHFjwGM9	174.94.190.213	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::DISCOVER
@@ -24,4 +24,4 @@
 1333458850.043796	Ck51lg1bScffFj34Ri	190.104.181.57	2152	190.104.181.222	2152	Tunnel::GTPv1	Tunnel::CLOSE
 1333458850.043796	CmES5u32sYpV7JYN	190.104.181.254	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::CLOSE
 1333458850.043796	CwjjYJ2WqgTbAqiHl6	190.104.181.210	2152	190.104.181.125	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2019-07-31-18-53-23
+#close	2020-07-06-17-36-08

testing/btest/Baseline/core.tunnels.teredo/conn.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2020-04-30-00-45-53
+#open	2020-07-06-17-36-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1210953047.736921	ClEkJM2Vm5giqnMf4h	192.168.2.16	1576	75.126.130.163	80	tcp	-	0.000357	0	0	SHR	-	-	0	^fA	1	40	1	40	-
@@ -24,7 +24,7 @@
 1210953052.324629	CmES5u32sYpV7JYN	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	-
 1210953060.829233	Ck51lg1bScffFj34Ri	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	13.293994	2359	11243	SF	-	-	0	Dd	12	2695	13	11607	-
 1210953046.591933	CHhAvVGS1DHFjwGM9	192.168.2.16	138	192.168.2.255	138	udp	-	28.448321	416	0	S0	-	-	0	D	2	472	0	0	-
-1210953060.829303	C9mvWx3ezztgzcexV7	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	-	0	-	1	52	1	52	CtPZjS20MLrsMUOJi2,Ck51lg1bScffFj34Ri
+1210953060.829303	C9mvWx3ezztgzcexV7	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	-	0	-	1	52	1	52	Ck51lg1bScffFj34Ri,CtPZjS20MLrsMUOJi2
 1210953052.324629	CP5puj4I8PtEU4qzYg	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	CmES5u32sYpV7JYN
 1210953052.202579	CUM0KZ3MLUfNB0cl11	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CtPZjS20MLrsMUOJi2
-#close	2020-04-30-00-45-53
+#close	2020-07-06-17-36-15

testing/btest/Baseline/core.tunnels.teredo/http.log

@@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2020-04-30-00-45-53
+#open	2020-07-06-17-36-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
 1210953057.917183	C3eiCBGOLw3VtHfOj	192.168.2.16	1578	75.126.203.78	80	1	POST	download913.avast.com	/cgi-bin/iavs4stats.cgi	-	1.1	Syncer/4.80 (av_pro-1169;f)	-	589	0	204	<empty>	-	-	(empty)	-	-	-	FS64me2T5SbKZ5Cp53	-	text/plain	-	-	-
 1210953061.585996	CNnMIj2QSd84NKf7U3	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	F6Q5fr1axmaI8Oxy77	-	text/html
 1210953073.381474	CNnMIj2QSd84NKf7U3	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FGaesFZVSRZcEseFi	-	text/html
 1210953074.674817	CpmdRlaUoJLN3uIRa	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	11845	200	OK	-	-	(empty)	-	-	-	-	-	-	FxVarSo2RcFkvGFxd	-	text/html
-#close	2020-04-30-00-45-53
+#close	2020-07-06-17-36-15

testing/btest/Baseline/core.tunnels.teredo/tunnel.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2020-04-30-00-45-53
+#open	2020-07-06-17-36-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1210953052.202579	CtPZjS20MLrsMUOJi2	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
@@ -12,4 +12,4 @@
 1210953076.058333	CtPZjS20MLrsMUOJi2	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1210953076.058333	CmES5u32sYpV7JYN	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1210953076.058333	Ck51lg1bScffFj34Ri	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
-#close	2020-04-30-00-45-53
+#close	2020-07-06-17-36-15

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log

@@ -3,14 +3,14 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1340127577.354166	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	0.052829	1675	10467	S1	-	-	0	ShADad	10	2279	12	11191	CUM0KZ3MLUfNB0cl11
 1340127577.336558	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	udp	teredo	0.010291	129	52	SF	-	-	0	Dd	2	185	1	80	-
 1340127577.339015	C4J4Th3PJpwUYZZ6gc	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	-
 1340127577.341510	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	0.065485	2367	11243	SF	-	-	0	Dd	12	2703	13	11607	-
-1340127577.343969	CmES5u32sYpV7JYN	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.007778	4	4	OTH	-	-	0	-	1	52	1	52	CUM0KZ3MLUfNB0cl11,CHhAvVGS1DHFjwGM9
+1340127577.343969	CmES5u32sYpV7JYN	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.007778	4	4	OTH	-	-	0	-	1	52	1	52	CHhAvVGS1DHFjwGM9,CUM0KZ3MLUfNB0cl11
 1340127577.339015	CtPZjS20MLrsMUOJi2	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	C4J4Th3PJpwUYZZ6gc
 1340127577.336558	ClEkJM2Vm5giqnMf4h	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CHhAvVGS1DHFjwGM9
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
 1340127577.361683	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	FP83rC4NcNrcMNo2vc	-	text/html
 1340127577.379360	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FcGY7v3XYRhT3tOXIa	-	text/html
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1340127577.336558	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
@@ -12,4 +12,4 @@
 1340127577.406995	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1340127577.406995	C4J4Th3PJpwUYZZ6gc	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1340127577.406995	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1340127577.341510	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Teredo_bubble_with_payload	-	F	zeek
 1340127577.346849	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Teredo_bubble_with_payload	-	F	zeek
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/language.container-ctor-scope/out

@@ -1,44 +1,44 @@
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]

testing/btest/Baseline/language.copy-all-types/out

@@ -5,8 +5,8 @@ orig=42/tcp (port) clone=42/tcp (port) equal=T same_object=T (ok)
 orig=127.0.0.0/24 (subnet) clone=127.0.0.0/24 (subnet) equal=T same_object=T (ok)
 orig=Foo (string) clone=Foo (string) equal=T same_object=F (ok)
 orig=/^?(.*PATTERN.*)$?/ (pattern) clone=/^?(.*PATTERN.*)$?/ (pattern) same_object=F
-orig=2,4,1,5,3 (set[count]) clone=2,4,1,5,3 (set[count]) equal=T same_object=F (ok)
+orig=2,5,3,4,1 (set[count]) clone=2,5,3,4,1 (set[count]) equal=T same_object=F (ok)
 orig=[1, 2, 3, 4, 5] (vector of count) clone=[1, 2, 3, 4, 5] (vector of count) equal=T same_object=F (ok)
-orig=b=vb;a=va (table[string] of string) clone=b=vb;a=va (table[string] of string) equal=T same_object=F (ok)
+orig=a=va;b=vb (table[string] of string) clone=a=va;b=vb (table[string] of string) equal=T same_object=F (ok)
 orig=ENUMME (enum) clone=ENUMME (enum) equal=T same_object=T (ok)
 orig=[s1=s1, s2=s2, i1=[a=a], i2=[a=a], donotset=<uninitialized>, def=5] (record { s1:string; s2:string; i1:record { a:string; }; i2:record { a:string; }; donotset:record { a:string; }; def:count; }) clone=[s1=s1, s2=s2, i1=[a=a], i2=[a=a], donotset=<uninitialized>, def=5] (record { s1:string; s2:string; i1:record { a:string; }; i2:record { a:string; }; donotset:record { a:string; }; def:count; }) equal=T same_object=F (ok)

testing/btest/Baseline/language.cross-product-init/output

@@ -1,6 +1,6 @@
 {
-[foo, 1.2.0.0/19] ,
-[bar, 5.6.0.0/21] ,
 [bar, 1.2.0.0/19] ,
-[foo, 5.6.0.0/21] 
+[foo, 1.2.0.0/19] ,
+[foo, 5.6.0.0/21] ,
+[bar, 5.6.0.0/21] 
 }

testing/btest/Baseline/language.default-params/out

@@ -13,8 +13,8 @@ begin table_func, {
 [initial] = conditions
 }
 end table_func, {
-[initial] = conditions,
+[the test] = works,
-[the test] = works
+[initial] = conditions
 }
 foo_hook, test
 foo_hook, hello

testing/btest/Baseline/language.expire_func/output

@@ -1,99 +1,99 @@
 {
-am,
 here,
-[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
+i,
-i
+am,
+[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
 }
 {
-am,
+here,
+i,
 [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-i
+am
 }
 {
+here,
+i,
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-i
+am
 }
 {
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 here,
-[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
+i,
 [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-i
-}
-{
-[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
 [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
 {
+here,
+i,
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
 [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
 am,
+[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
+}
+{
+here,
+i,
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
 [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
 {
-[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
-[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+i,
 here,
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
 {
-[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp],
-am,
+[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
+i,
-[orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 here,
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
-expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
+expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
-expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
-expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
-expired am
-expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
 expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
 expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
+expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
 expired here
-expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
-expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
 expired i
+expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
+expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
+expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
+expired am
 {
 [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 }
 {
-[orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp],
+[orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 }
-expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 {
 [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
 }
@@ -102,277 +102,277 @@ expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53
 [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
 [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
 [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
-expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
+expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
 expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
+expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
 expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
 expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
 {
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
+[orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=123/udp, resp_h=69.50.219.51, resp_p=123/udp],
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }

testing/btest/Baseline/language.expire_subnet/expire-nets-output

@@ -1,5 +1,5 @@
-Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
+Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.018829 usecs
-Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.018829 usecs
 Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.018829 usecs
+Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.018829 usecs

testing/btest/Baseline/language.expire_subnet/expire-nums-output

@@ -1,5 +1,5 @@
+Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
-Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 2 --> two at 15.0 secs 150.0 msecs 681.018829 usecs
 Expired Num: 3 --> three at 15.0 secs 150.0 msecs 681.018829 usecs

testing/btest/Baseline/language.expire_subnet/output

@@ -1,14 +1,14 @@
 All:
+0 --> zero
 2 --> two
 4 --> four
 1 --> one
-0 --> zero
 3 --> three
 192.168.0.0/16 --> zero
-192.168.3.0/24 --> three
-192.168.2.0/24 --> two
-192.168.4.0/24 --> four
 192.168.1.0/24 --> one
+192.168.2.0/24 --> two
+192.168.3.0/24 --> three
+192.168.4.0/24 --> four
 Time: 0 secs
 
 Accessed table nums: two; three

testing/btest/Baseline/language.index-assignment-invalid/out

@@ -1,5 +1,5 @@
-runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=<uninitialized>], expression: Queue::ret[Queue::j], call stack: 
+runtime error in /Users/tim/Desktop/projects/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=<uninitialized>], expression: Queue::ret[Queue::j], call stack: 
- #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=<uninitialized>]}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19 
+ #0 Queue::get_vector([initialized=T, vals={[2] = test,[3] = [a=T, b=hi, c=<uninitialized>],[5] = 3,[0] = hello,[6] = jkl;,[4] = asdf,[1] = goodbye}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19 
- #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27 
+ #1 bar(55) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27 
- #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39 
+ #2 foo(hi, 13) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39 
  #3 zeek_init() 

testing/btest/Baseline/language.key-value-for/out

@@ -1,4 +1,4 @@
-1, hello
 55, goodbye
-goodbye, world, 55
+1, hello
 hello, world, 1
+goodbye, world, 55

testing/btest/Baseline/language.named-set-ctors/out

@@ -1,13 +1,13 @@
 {
+3,
 1,
-5,
+5
-3
 }
 {
-[min=<uninitialized>, max=5],
+[min=<uninitialized>, max=2],
-[min=<uninitialized>, max=2]
+[min=<uninitialized>, max=5]
 }
 {
-[test, 1] ,
+[cool, 2] ,
-[cool, 2] 
+[test, 1] 
 }

testing/btest/Baseline/language.named-table-ctors/out

@@ -1,15 +1,15 @@
 {
+[3] = three,
 [1] = one,
-[5] = five,
+[5] = five
-[3] = three
 }
 {
-[[min=<uninitialized>, max=5]] = max5,
+[[min=<uninitialized>, max=2]] = max2,
-[[min=<uninitialized>, max=2]] = max2
+[[min=<uninitialized>, max=5]] = max5
 }
 {
-[test, 1] = test1,
+[cool, 2] = cool2,
-[cool, 2] = cool2
+[test, 1] = test1
 }
 {
 [two] = 2.0,

testing/btest/Baseline/language.next-test/output

@@ -1,8 +1,8 @@
-1
-1
 0
+1
+1
 MIDDLE
+0
+0
 1
-0
-0
 THE END

testing/btest/Baseline/language.on_change_expire/output

@@ -7,30 +7,30 @@ change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp
 change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_NEW
-expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
-change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
-change_function, [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
-change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
-change_function, [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
 expired a
 change_function, a, 5, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
+change_function, [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
+change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
+change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
+change_function, [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp], 1, TABLE_ELEMENT_EXPIRED
 change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
-expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_EXPIRED
 expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
 change_function, [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_EXPIRED
 change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
@@ -46,36 +46,36 @@ change_function, [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2,
 change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
-expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
-change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
 expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
 change_function, [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
+change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
 change_function, [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp], 1, TABLE_ELEMENT_NEW

testing/btest/Baseline/language.patterns-stored-in-containers/out

@@ -6,14 +6,14 @@
 /^?(b)$?/, F
 /^?(o)$?/, T
 ---
-/^?(a)$?/, F
-/^?(b)$?/, F
-/^?(o)$?/, T
----
-/^?(a)$?/, F
-/^?(b)$?/, F
-/^?(o)$?/, T
----
 /^?(o)$?/, T
 /^?(b)$?/, F
 /^?(a)$?/, F
+---
+/^?(o)$?/, T
+/^?(b)$?/, F
+/^?(a)$?/, F
+---
+/^?(a)$?/, F
+/^?(o)$?/, T
+/^?(b)$?/, F

testing/btest/Baseline/language.rec-table-default/output

@@ -5,9 +5,9 @@
 
 }
 {
-B,
 A,
-C
+C,
+B
 }
 {
 

testing/btest/Baseline/language.record-index-complex-fields/output

@@ -4,24 +4,24 @@
 [two] = 2,
 [one] = 1
 }, tags_s={
-b,
+a,
-a
+b
 }]
 }
 }
 {
 [a=13, tags_v=[, , 2, 3], tags_t={
-[five] = 5,
+[four] = 4,
-[four] = 4
+[five] = 5
 }, tags_s={
-c,
+d,
-d
+c
 }],
 [a=4, tags_v=[0, 1], tags_t={
 [two] = 2,
 [one] = 1
 }, tags_s={
-b,
+a,
-a
+b
 }]
 }

testing/btest/Baseline/language.table-init-attrs/output

@@ -1,9 +1,9 @@
 my_set_ctor_init
 {
 test4,
+test2,
 test3,
-test1,
+test1
-test2
 }
 
 my_table_ctor_init
@@ -17,17 +17,17 @@ nope
 my_set_init
 {
 test4,
+test2,
 test3,
-test1,
+test1
-test2
 }
 
 my_table_init
 {
-[2] = test2,
 [4] = test4,
-[1] = test1,
+[2] = test2,
-[3] = test3
+[3] = test3,
+[1] = test1
 }
 nope
 

testing/btest/Baseline/language.table-init-container-ctors/output

@@ -5,8 +5,8 @@ table of set
 [baz, 4] 
 },
 [13] = {
-[foo, 1] ,
+[bar, 2] ,
-[bar, 2] 
+[foo, 1] 
 }
 }
 
@@ -23,8 +23,8 @@ table of table
 [baz, 4] = 4
 },
 [13] = {
-[foo, 1] = 1,
+[bar, 2] = 2,
-[bar, 2] = 2
+[foo, 1] = 1
 }
 }
 

testing/btest/Baseline/language.table-init-record-idx-2/output

@@ -16,10 +16,10 @@ F
 F
 now here's the foo table...
 {
-[[a=foo, b=1], 1] = 1,
-[[a=baz, b=5], 5] = 5,
-[[a=foo, b=2], 2] = 2,
 [[a=bar, b=3], 3] = 3,
 [[a=baz, b=6], 6] = 6,
+[[a=baz, b=5], 5] = 5,
+[[a=foo, b=2], 2] = 2,
+[[a=foo, b=1], 1] = 1,
 [[a=bar, b=4], 4] = 4
 }

testing/btest/Baseline/language.table-init-record-idx-3/output

@@ -20,6 +20,6 @@ now here's the foo table...
 [[a=foo, b=1]] = 1,
 [[a=bar, b=3]] = 3,
 [[a=baz, b=6]] = 6,
-[[a=baz, b=5]] = 5,
+[[a=bar, b=4]] = 4,
-[[a=bar, b=4]] = 4
+[[a=baz, b=5]] = 5
 }

testing/btest/Baseline/language.table-init-record-idx-4/output

@@ -16,10 +16,10 @@ F
 F
 now here's the foo table...
 {
-[[a=foo, b=1], 1] = 1,
-[[a=baz, b=5], 5] = 5,
-[[a=foo, b=2], 2] = 2,
 [[a=bar, b=3], 3] = 3,
 [[a=baz, b=6], 6] = 6,
+[[a=baz, b=5], 5] = 5,
+[[a=foo, b=2], 2] = 2,
+[[a=foo, b=1], 1] = 1,
 [[a=bar, b=4], 4] = 4
 }

testing/btest/Baseline/language.table-init-record-idx/output

@@ -20,6 +20,6 @@ now here's the foo table...
 [[a=foo, b=1]] = 1,
 [[a=bar, b=3]] = 3,
 [[a=baz, b=6]] = 6,
-[[a=baz, b=5]] = 5,
+[[a=bar, b=4]] = 4,
-[[a=bar, b=4]] = 4
+[[a=baz, b=5]] = 5
 }

testing/btest/Baseline/language.table-pattern-index/out

@@ -4,16 +4,16 @@
 /^?(four)$?/
 -----------------
 /^?(two|oob)$?/
-/^?(four)$?/
 /^?(one|foo|bar)$?/
+/^?(four)$?/
 /^?(three|oob)$?/
 -----------------
 /^?(two|oob)$?/, 1
-/^?(four)$?/, 3
 /^?(one|foo|bar)$?/, 0
+/^?(four)$?/, 3
 /^?(three|oob)$?/, 2
 -----------------
+/^?(three|oob)$?/, 4, 4
+/^?(two|oob)$?/, 3, 2
 /^?(one|foo|bar)$?/, 2, 0
 /^?(four)$?/, 5, 6
-/^?(two|oob)$?/, 3, 2
-/^?(three|oob)$?/, 4, 4

testing/btest/Baseline/language.table-redef/out

@@ -1,6 +1,6 @@
 {
-[cool] = 28.0,
+[abc] = 8.0,
-[def] = 99.0,
 [neat] = 1.0,
-[abc] = 8.0
+[cool] = 28.0,
+[def] = 99.0
 }

testing/btest/Baseline/language.while/out

@@ -3,10 +3,10 @@ s
 ss
 sss
 {
-9,
-1,
-7,
 5,
-3
+7,
+3,
+9,
+1
 }
 [number 0, number 1, number 2, number 3, number 4, number 5, number 6, number 7, number 8, number 9, number 10, number 11, number 12]

testing/btest/Baseline/plugins.hooks/output

@@ -133,14 +133,14 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2123<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {8080<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> <no result>
@@ -151,11 +151,11 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMB, {139<...>/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {587<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {563<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> <no result>
@@ -282,7 +282,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@@ -463,7 +463,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@@ -1056,14 +1056,14 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DCE_RPC, {135/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2123<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {8080<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6666<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp}))
@@ -1074,11 +1074,11 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDPEUDP, {3389/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMB, {139<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {587<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {563<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp}))
@@ -1205,7 +1205,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@@ -1386,7 +1386,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@@ -1979,14 +1979,14 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, {5072/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, {135/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5355<...>/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2123<...>/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {8080<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6669<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6666<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp})
@@ -1997,11 +1997,11 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDPEUDP, {3389/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, {5060/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, {139<...>/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {587<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, {22/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {5223<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {563<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp})
@@ -2127,7 +2127,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@@ -2308,7 +2308,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@@ -2762,7 +2762,7 @@
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLoadFile  base<...>/zeek.bif.zeek
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1594057891.733070, node=zeek, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent filter_change_tracking()
 0.000000 | HookQueueEvent zeek_init()

testing/btest/Baseline/plugins.logging-hooks/output

@@ -1 +1 @@
-1488216470.960453 | HookLogInit   ssh 1/1 {b (bool), i (int), e (enum), c (count), p (port), sn (subnet), a (addr), d (double), t (time), iv (interval), s (string), sc (set[count]), ss (set[string]), se (set[string]), vc (vector[count]), ve (vector[string]), f (func)}
+1594057911.083127 | HookLogInit   ssh 1/1 {b (bool), i (int), e (enum), c (count), p (port), sn (subnet), a (addr), d (double), t (time), iv (interval), s (string), sc (set[count]), ss (set[string]), se (set[string]), vc (vector[count]), ve (vector[string]), f (func)}

testing/btest/Baseline/plugins.logging-hooks/ssh.log

@@ -3,9 +3,9 @@
 #empty_field	EMPTY
 #unset_field	-
 #path	ssh
-#open	2017-02-27-17-27-50
+#open	2020-07-06-17-51-51
 #fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	f
 #types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	set[count]	set[string]	set[string]	vector[count]	vector[string]	func
-F	-2	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1488216470.960453	100.000000	hurz	2,4,1,3	BB,AA,CC	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+F	-2	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1594057911.083127	100.000000	hurz	4,2,3,1	CC,BB,AA	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
-T	-	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1488216470.960453	100.000000	hurz	2,4,1,3	BB,AA,CC	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+T	-	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1594057911.083127	100.000000	hurz	4,2,3,1	CC,BB,AA	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
-#close	2017-02-27-17-27-50
+#close	2020-07-06-17-51-51

testing/btest/Baseline/plugins.writer/output

@@ -3,7 +3,7 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
 
 ===
 [conn] 1340213005.165293|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|-
-[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|socks,http|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
+[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
 [conn] 1340213048.780152|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
 [conn] 1340213097.272764|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
 [conn] 1340213162.160367|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
@@ -17,6 +17,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
 [http] 1340213020.732963|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
 [http] 1340213021.300269|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
 [http] 1340213021.861584|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
-[packet_filter] 1588207600.726061|zeek|ip or not ip|T|T
+[packet_filter] 1594057935.894949|zeek|ip or not ip|T|T
 [socks] 1340213015.276495|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
 [tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER

testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log

@@ -3,23 +3,23 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-08-10-18-16-52
+#open	2020-07-06-18-21-36
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1533925012.140634	testbool	T	F	../configfile
+1594059696.059713	testbool	T	F	../configfile
-1533925012.140634	testcount	0	1	../configfile
+1594059696.059713	testcount	0	1	../configfile
-1533925012.140634	testcount	1	2	../configfile
+1594059696.059713	testcount	1	2	../configfile
-1533925012.140634	testint	0	-1	../configfile
+1594059696.059713	testint	0	-1	../configfile
-1533925012.140634	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059696.059713	testenum	SSH::LOG	Conn::LOG	../configfile
-1533925012.140634	testport	42/tcp	45/unknown	../configfile
+1594059696.059713	testport	42/tcp	45/unknown	../configfile
-1533925012.140634	testporttcp	40/udp	42/tcp	../configfile
+1594059696.059713	testporttcp	40/udp	42/tcp	../configfile
-1533925012.140634	testportudp	40/tcp	42/udp	../configfile
+1594059696.059713	testportudp	40/tcp	42/udp	../configfile
-1533925012.140634	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059696.059713	testaddr	127.0.0.1	127.0.0.1	../configfile
-1533925012.140634	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059696.059713	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1533925012.140634	testinterval	1.0 sec	1.0 min	../configfile
+1594059696.059713	testinterval	1.0 sec	1.0 min	../configfile
-1533925012.140634	testtime	0.0	1507321987.0	../configfile
+1594059696.059713	testtime	0.0	1507321987.0	../configfile
-1533925012.140634	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059696.059713	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1533925012.140634	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059696.059713	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1533925012.140634	test_set	b,c,a,d,erdbeerschnitzel	(empty)	../configfile
+1594059696.059713	test_set	a,d,b,c,erdbeerschnitzel	(empty)	../configfile
-1533925012.140634	test_set	(empty)	\x2d	../configfile
+1594059696.059713	test_set	(empty)	\x2d	../configfile
-#close	2018-08-10-18-16-52
+#close	2020-07-06-18-21-36

testing/btest/Baseline/scripts.base.frameworks.config.basic_cluster/manager-1.config.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-06-22-18-27-45
+#open	2020-07-06-18-21-44
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1529692065.525489	testport	42/tcp	44/tcp	-
+1594059704.790556	testport	42/tcp	44/tcp	-
-1529692065.562594	teststring	a	b	comment
+1594059704.790556	teststring	a	b	comment
-#close	2018-06-22-18-27-50
+#close	2020-07-06-18-21-49

testing/btest/Baseline/scripts.base.frameworks.config.container-options/out

@@ -8,9 +8,9 @@ RED
 BLUE
 }
 {
+RED,
 BLUE,
-GREEN,
+GREEN
-RED
 }
 {
 
@@ -32,9 +32,9 @@ RED
 [BLUE] = blue
 }
 {
+[RED] = red,
 [BLUE] = blue,
-[GREEN] = green,
+[GREEN] = green
-[RED] = red
 }
 {
 

testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log

@@ -3,22 +3,22 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2019-10-14-15-40-21
+#open	2020-07-06-18-22-46
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1571067621.558501	testbool	T	F	../configfile
+1594059766.418882	testbool	T	F	../configfile
-1571067621.558501	testcount	0	1	../configfile
+1594059766.418882	testcount	0	1	../configfile
-1571067621.558501	testcount	1	2	../configfile
+1594059766.418882	testcount	1	2	../configfile
-1571067621.558501	testint	0	-1	../configfile
+1594059766.418882	testint	0	-1	../configfile
-1571067621.558501	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059766.418882	testenum	SSH::LOG	Conn::LOG	../configfile
-1571067621.558501	testport	42/tcp	45/unknown	../configfile
+1594059766.418882	testport	42/tcp	45/unknown	../configfile
-1571067621.558501	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059766.418882	testaddr	127.0.0.1	127.0.0.1	../configfile
-1571067621.558501	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059766.418882	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1571067621.558501	testinterval	1.0 sec	1.0 min	../configfile
+1594059766.418882	testinterval	1.0 sec	1.0 min	../configfile
-1571067621.558501	teststring	a	abc	../configfile
+1594059766.418882	teststring	a	abc	../configfile
-1571067621.558501	testtime	0.0	1507321987.0	../configfile
+1594059766.418882	testtime	0.0	1507321987.0	../configfile
-1571067621.558501	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059766.418882	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1571067621.558501	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059766.418882	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1571067621.558501	test_set	b,c,a,d,erdbeerschnitzel	(empty)	../configfile
+1594059766.418882	test_set	a,d,b,c,erdbeerschnitzel	(empty)	../configfile
-1571067621.558501	test_set	(empty)	\x2d	../configfile
+1594059766.418882	test_set	(empty)	\x2d	../configfile
-#close	2019-10-14-15-40-21
+#close	2020-07-06-18-22-46

testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/manager-1.config.log

@@ -3,22 +3,22 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-07-20-20-40-10
+#open	2020-07-06-18-22-53
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1532119210.151927	testbool	T	F	../configfile
+1594059773.776304	testbool	T	F	../configfile
-1532119210.151927	testcount	0	1	../configfile
+1594059773.776304	testcount	0	1	../configfile
-1532119210.151927	testcount	1	2	../configfile
+1594059773.776304	testcount	1	2	../configfile
-1532119210.151927	testint	0	-1	../configfile
+1594059773.776304	testint	0	-1	../configfile
-1532119210.151927	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059773.776304	testenum	SSH::LOG	Conn::LOG	../configfile
-1532119210.151927	testport	42/tcp	45/unknown	../configfile
+1594059773.776304	testport	42/tcp	45/unknown	../configfile
-1532119210.151927	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059773.776304	testaddr	127.0.0.1	127.0.0.1	../configfile
-1532119210.151927	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059773.776304	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1532119210.151927	testinterval	1.0 sec	1.0 min	../configfile
+1594059773.776304	testinterval	1.0 sec	1.0 min	../configfile
-1532119210.151927	testtime	0.0	1507321987.0	../configfile
+1594059773.776304	testtime	0.0	1507321987.0	../configfile
-1532119210.151927	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059773.776304	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1532119210.151927	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059773.776304	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1532119210.151927	test_set	b,c,a,d,erdbeerschnitzel	\x28empty)	../configfile
+1594059773.776304	test_set	a,d,b,c,erdbeerschnitzel	\x28empty)	../configfile
-1532119210.151927	test_set	\x28empty)	\x2d	../configfile
+1594059773.776304	test_set	\x28empty)	\x2d	../configfile
-1532119210.151927	test_set_full	2,1,7,15,10,3	6,4,1,7,5,3	../configfile
+1594059773.776304	test_set_full	2,7,3,15,10,1	3,5,7,6,4,1	../configfile
-#close	2018-07-20-20-40-22
+#close	2020-07-06-18-23-04

testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/worker-1..stdout

@@ -1,12 +1,12 @@
 cluster_set_option, testtime, [data=broker::data{1507321987000000000ns}], ../configfile
-cluster_set_option, testint, [data=broker::data{-1}], ../configfile
+cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
+cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
+cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
 option changed, testport, 45/unknown, ../configfile
 cluster_set_option, testport, [data=broker::data{45/?}], ../configfile
 cluster_set_option, testinterval, [data=broker::data{60000000000ns}], ../configfile
+cluster_set_option, testint, [data=broker::data{-1}], ../configfile
 cluster_set_option, test_set, [data=broker::data{{-}}], ../configfile
-cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
-cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
-cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
 cluster_set_option, testbool, [data=broker::data{F}], ../configfile
-cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
-cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile

testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/worker-2..stdout

@@ -1,12 +1,12 @@
 cluster_set_option, testtime, [data=broker::data{1507321987000000000ns}], ../configfile
-cluster_set_option, testint, [data=broker::data{-1}], ../configfile
+cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
+cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
+cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
 option changed, testport, 45/unknown, ../configfile
 cluster_set_option, testport, [data=broker::data{45/?}], ../configfile
 cluster_set_option, testinterval, [data=broker::data{60000000000ns}], ../configfile
+cluster_set_option, testint, [data=broker::data{-1}], ../configfile
 cluster_set_option, test_set, [data=broker::data{{-}}], ../configfile
-cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
-cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
-cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
 cluster_set_option, testbool, [data=broker::data{F}], ../configfile
-cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
-cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile

testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log

@@ -1,19 +1,19 @@
-#close	2018-02-07-22-20-13
-#empty_field	(empty)
-#fields	ts	id	old_value	new_value	location
-#open	2018-02-07-22-20-13
-#path	config
 #separator \x09
 #set_separator	,
-#types	time	string	string	string	string
+#empty_field	(empty)
 #unset_field	-
-1518042012.989543	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile1
+#path	config
-1518042012.989543	test_vector	(empty)	1,2,3,4,5,6	../configfile1
+#open	2020-07-06-18-23-08
-1518042012.989543	testaddr	127.0.0.1	127.0.0.1	../configfile2
+#fields	ts	id	old_value	new_value	location
-1518042012.989543	testbool	T	F	../configfile1
+#types	time	string	string	string	string
-1518042012.989543	testcount	0	2	../configfile1
+1594059788.562153	testbool	T	F	../configfile1
-1518042012.989543	testenum	SSH::LOG	Conn::LOG	../configfile1
+1594059788.562153	testcount	0	2	../configfile1
-1518042012.989543	testint	0	-1	../configfile1
+1594059788.562153	testint	0	-1	../configfile1
-1518042012.989543	testinterval	1.0 sec	1.0 min	../configfile2
+1594059788.562153	testenum	SSH::LOG	Conn::LOG	../configfile1
-1518042012.989543	testport	42/tcp	45/unknown	../configfile2
+1594059788.562153	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile1
-1518042012.989543	testtime	0.0	1507321987.0	../configfile2
+1594059788.562153	test_vector	(empty)	1,2,3,4,5,6	../configfile1
+1594059788.562153	testport	42/tcp	45/unknown	../configfile2
+1594059788.562153	testaddr	127.0.0.1	127.0.0.1	../configfile2
+1594059788.562153	testinterval	1.0 sec	1.0 min	../configfile2
+1594059788.562153	testtime	0.0	1507321987.0	../configfile2
+#close	2020-07-06-18-23-08

testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log

@@ -3,25 +3,25 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-01-18-23-16-41
+#open	2020-07-06-18-23-11
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1516317401.889929	testbool	T	F	../configfile
+1594059791.896375	testbool	T	F	../configfile
-1516317401.889929	testcount	0	1	../configfile
+1594059791.896375	testcount	0	1	../configfile
-1516317401.889929	testcount	1	2	../configfile
+1594059791.896375	testcount	1	2	../configfile
-1516317401.889929	testint	0	-1	../configfile
+1594059791.896375	testint	0	-1	../configfile
-1516317401.889929	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059791.896375	testenum	SSH::LOG	Conn::LOG	../configfile
-1516317401.889929	testport	42/tcp	45/unknown	../configfile
+1594059791.896375	testport	42/tcp	45/unknown	../configfile
-1516317401.889929	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059791.896375	testaddr	127.0.0.1	127.0.0.1	../configfile
-1516317401.889929	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059791.896375	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1516317401.889929	testinterval	1.0 sec	1.0 min	../configfile
+1594059791.896375	testinterval	1.0 sec	1.0 min	../configfile
-1516317401.889929	testtime	0.0	1507321987.0	../configfile
+1594059791.896375	testtime	0.0	1507321987.0	../configfile
-1516317401.889929	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059791.896375	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1516317401.889929	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059791.896375	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1516317405.093522	testcount	2	1	../configfile
+1594059793.173710	testcount	2	1	../configfile
-1516317405.093522	testcount	1	2	../configfile
+1594059793.173710	testcount	1	2	../configfile
-1516317405.093522	testaddr	2607:f8b0:4005:801::200e	127.0.0.1	../configfile
+1594059793.173710	testaddr	2607:f8b0:4005:801::200e	127.0.0.1	../configfile
-1516317405.093522	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059793.173710	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1516317405.093522	test_vector	1,2,3,4,5,6	1,2,3,4,5,9	../configfile
+1594059793.173710	test_vector	1,2,3,4,5,6	1,2,3,4,5,9	../configfile
-1516317409.199572	test_vector	1,2,3,4,5,9	1,2,3,4,5,9	../configfile
+1594059795.177655	test_vector	1,2,3,4,5,9	1,2,3,4,5,9	../configfile
-#close	2018-01-18-23-16-49
+#close	2020-07-06-18-23-15

testing/btest/Baseline/scripts.base.frameworks.config.weird/config.log

@@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-09-05-19-30-42
+#open	2020-07-06-18-23-21
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
 0.000000	Weird::sampling_duration	10.0 mins	5.0 secs	-
 0.000000	Weird::sampling_threshold	25	10	-
 0.000000	Weird::sampling_rate	1000	10	-
 0.000000	Weird::sampling_whitelist	(empty)	whitelisted_net_weird,whitelisted_flow_weird,whitelisted_conn_weird	-
-#close	2018-09-05-19-30-42
+#close	2020-07-06-18-23-21

testing/btest/Baseline/scripts.base.frameworks.config.weird/output

@@ -1,9 +1,5 @@
 Config values set
-{
+[whitelisted_conn_weird, whitelisted_flow_weird, whitelisted_net_weird]
-whitelisted_net_weird,
-whitelisted_flow_weird,
-whitelisted_conn_weird
-}
 10
 10
 5.0 secs

testing/btest/Baseline/scripts.base.frameworks.file-analysis.big-bof-buffer/files.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2020-04-30-00-46-52
+#open	2020-07-06-18-28-50
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count
-1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	MD5,SHA1	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	-	-	-	-
+1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	SHA1,MD5	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	-	-	-	-
-#close	2020-04-30-00-46-52
+#close	2020-07-06-18-28-50

testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out

@@ -4,8 +4,8 @@ FILE_OVER_NEW_CONNECTION
 FILE_OVER_NEW_CONNECTION
 FILE_STATE_REMOVE
 file #0, 498668, 0
-[orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 [orig_h=10.45.179.94, orig_p=19953/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
+[orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 FILE_BOF_BUFFER
 %PDF-1.4\x0d%\xe2
 MIME_TYPE

testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2020-04-30-00-46-56
+#open	2020-07-06-18-30-22
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count
-1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	MD5,EXTRACT,DATA_EVENT,SHA1,SHA256	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18	FMnxxt3xjVcWNS2141-file	F	-
+1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	SHA256,EXTRACT,SHA1,MD5,DATA_EVENT	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18	FMnxxt3xjVcWNS2141-file	F	-
-#close	2020-04-30-00-46-56
+#close	2020-07-06-18-30-22

testing/btest/Baseline/scripts.base.frameworks.input.basic/out

@@ -1,13 +1,13 @@
 {
 [-42] = [b=T, bt=T, e=SSH::LOG, c=21, p=123/unknown, pp=5/icmp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.bignumber/out

@@ -1,4 +1,4 @@
 {
-[-9223372036854775800] = [c=18446744073709551612],
+[9223372036854775800] = [c=18446744073709551612],
-[9223372036854775800] = [c=18446744073709551612]
+[-9223372036854775800] = [c=18446744073709551612]
 }

testing/btest/Baseline/scripts.base.frameworks.input.config.basic/out

@@ -10,10 +10,10 @@ testaddr, 2607:f8b0:4005:801::200e
 testinterval, 1.0 min
 testtime, 1507321987.0
 test_set, {
-b,
-c,
 a,
 d,
+b,
+c,
 erdbeerschnitzel
 }
 test_vector, [1, 2, 3, 4, 5, 6]

testing/btest/Baseline/scripts.base.frameworks.input.config.enum-set/zeek.config.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2019-10-03-04-02-02
+#open	2020-07-06-18-34-22
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1570075321.966826	DPD::ignore_violations	(empty)	Analyzer::ANALYZER_SYSLOG	-
+1594060462.186976	DPD::ignore_violations	(empty)	Analyzer::ANALYZER_SYSLOG	-
-#close	2019-10-03-04-02-02
+#close	2020-07-06-18-34-22

testing/btest/Baseline/scripts.base.frameworks.input.config.spaces/out

@@ -4,8 +4,8 @@ testint, -1
 testportandproto, 45/udp
 testaddr, 127.0.0.3
 test_set, {
-127.0.0.2,
 127.0.0.1,
-127.0.0.3
+127.0.0.3,
+127.0.0.2
 }
 test_vector, [10.0.0.1/32, 10.0.0.0/16, 10.0.0.0/8]

testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/.stderrwithoutfirstline

@@ -2,8 +2,8 @@ warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41	SSH:
 warning: ../input.log/Input::READER_ASCII: Tried to parse invalid/unknown protocol: whatever
 warning: ../input.log/Input::READER_ASCII: Bad address: 342.2.3.4
 warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41' of ../input.log. Found 1 fields, want positions 2 and -1
+received termination signal
 error: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41	SSH::LOG	21	123	tcp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30' of ../input.log. Found 15 fields, want positions 17 and -1
 error: ../input.log/Input::READER_ASCII: Init failed
 error: ../input.log/Input::READER_ASCII: terminating thread
-received termination signal
 >>>

testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/out

@@ -1,37 +1,37 @@
 {
-[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
-2,
-4,
-1,
-3
-}, ss={
-BB,
-AA,
-CC
-}, se={
-
-}, vc=[10, 20, 30], ve=[]],
 [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]],
 [-42] = [b=T, e=SSH::LOG, c=21, p=123/tcp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
+}, se={
+
+}, vc=[10, 20, 30], ve=[]],
+[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
+4,
+2,
+1,
+3
+}, ss={
+CC,
+AA,
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/out

@@ -1,8 +1,8 @@
-TableErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
-TableErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
 EventErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
 EventErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
 Event, [c=5]
+TableErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
+TableErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
 {
 [] = [c=5]
 }

testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout

@@ -1,5 +1,5 @@
-input: 1 now it does
-input: 2 and more!
 inputstream: 1 now it does
 inputstream: 2 and more!
+input: 1 now it does
+input: 2 and more!
 inputstream: 3 streaming still works

testing/btest/Baseline/scripts.base.frameworks.input.optional/out

@@ -1,9 +1,9 @@
 {
 [2] = [b=T, notb=F],
+[5] = [b=F, notb=T],
+[3] = [b=F, notb=T],
+[7] = [b=T, notb=F],
 [6] = [b=F, notb=T],
 [4] = [b=F, notb=T],
-[1] = [b=T, notb=F],
+[1] = [b=T, notb=F]
-[7] = [b=T, notb=F],
-[5] = [b=F, notb=T],
-[3] = [b=F, notb=T]
 }