diff --git a/CHANGES b/CHANGES
index 6dbaea2555..8ec7593749 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,108 @@
 
+2.4-20 | 2015-07-03 10:40:21 -0700
+
+  * Adding a weird for when truncated packets lead TCP reassembly to
+    ignore content. (Robin Sommer)
+
+2.4-19 | 2015-07-03 09:04:54 -0700
+
+  * A set of tests exercising IP defragmentation and TCP reassembly.
+    (Robin Sommer)
+
+2.4-17 | 2015-06-28 13:02:41 -0700
+
+  * BIT-1314: Add detection for Quantum Insert attacks. The TCP
+    reassembler can now keep a history of old TCP segments using the
+    tcp_max_old_segments option. An overlapping segment with different
+    data will then generate an rexmit_inconsistency event. The default
+    for tcp_max_old_segments is zero, which disabled any additional
+    buffering. (Yun Zheng Hu/Robin Sommer)
+
+2.4-14 | 2015-06-28 12:30:12 -0700
+
+  * BIT-1400: Allow '<' and '>' in MIME multipart boundaries. The spec
+    doesn't actually seem to permit these, but they seem to occur in
+    the wild. (Jon Siwek)
+
+2.4-12 | 2015-06-28 12:21:11 -0700
+
+  * BIT-1399: Trying to decompress deflated HTTP content even when
+    zlib headers are missing. (Seth Hall)
+
+2.4-10 | 2015-06-25 07:11:17 -0700
+
+  * Correct a name used in a header identifier (Justin Azoff)
+
+2.4-8 | 2015-06-24 07:50:50 -0700
+
+  * Restore the --load-seeds cmd-line option and enable the short
+    options -G/-H for --load-seeds/--save-seeds. (Daniel Thayer)
+
+2.4-6 | 2015-06-19 16:26:40 -0700
+
+  * Generate protocol confirmations for Modbus, making it appear as a
+    confirmed service in conn.log. (Seth Hall)
+
+  * Put command line options in alphabetical order. (Daniel Thayer)
+
+  * Removing dead code for no longer supported -G switch. (Robin
+    Sommer) (Robin Sommer)
+
+2.4 | 2015-06-09 07:30:53 -0700
+
+  * Release 2.4.
+
+  * Fixing tiny thing in NEWS. (Robin Sommer)
+
+2.4-beta-42 | 2015-06-08 09:41:39 -0700
+
+  * Fix reporter errors with GridFTP traffic. (Robin Sommer)
+
+2.4-beta-40 | 2015-06-06 08:20:52 -0700
+
+  * PE Analyzer: Change how we calculate the rva_table size. (Vlad Grigorescu)
+
+2.4-beta-39 | 2015-06-05 09:09:44 -0500
+
+  * Fix a unit test to check for Broker requirement. (Jon Siwek)
+
+2.4-beta-38 | 2015-06-04 14:48:37 -0700
+
+  * Test for Broker termination. (Robin Sommer)
+
+2.4-beta-37 | 2015-06-04 07:53:52 -0700
+
+  * BIT-1408: Improve I/O loop and Broker IOSource. (Jon Siwek)
+
+2.4-beta-34 | 2015-06-02 10:37:22 -0700
+
+  * Add signature support for F4M files. (Seth Hall)
+
+2.4-beta-32 | 2015-06-02 09:43:31 -0700
+
+  * A larger set of documentation updates, fixes, and extentions.
+    (Daniel Thayer)
+
+2.4-beta-14 | 2015-06-02 09:16:44 -0700
+
+  * Add memleak btest for attachments over SMTP. (Vlad Grigorescu)
+
+  * BIT-1410: Fix flipped tx_hosts and rx_hosts in files.log. Reported
+    by Ali Hadi. (Vlad Grigorescu)
+
+  * Updating the Mozilla root certs. (Seth Hall)
+
+  * Updates for the urls.bro script. Fixes BIT-1404. (Seth Hall)
+
+2.4-beta-6 | 2015-05-28 13:20:44 -0700
+
+  * Updating submodule(s).
+
+2.4-beta-2 | 2015-05-26 08:58:37 -0700
+
+  * Fix segfault when DNS is not available. Addresses BIT-1387. (Frank
+    Meier and Robin Sommer)
+
 2.4-beta | 2015-05-07 21:55:31 -0700
 
   * Release 2.4-beta.
diff --git a/COPYING b/COPYING
index 2c66f98113..5454660df2 100644
--- a/COPYING
+++ b/COPYING
@@ -1,4 +1,4 @@
-Copyright (c) 1995-2013, The Regents of the University of California
+Copyright (c) 1995-2015, The Regents of the University of California
 through the Lawrence Berkeley National Laboratory and the
 International Computer Science Institute. All rights reserved.
 
diff --git a/NEWS b/NEWS
index 54deaf1e25..e47b58ffd0 100644
--- a/NEWS
+++ b/NEWS
@@ -4,8 +4,8 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
 (note that submodules, such as BroControl and Broccoli, come with
 their own ``CHANGES``.)
 
-Bro 2.4 (in progress)
-=====================
+Bro 2.4
+=======
 
 New Functionality
 -----------------
diff --git a/VERSION b/VERSION
index 0a8901319c..748c727101 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.4-beta
+2.4-20
diff --git a/aux/bro-aux b/aux/bro-aux
index a2d290a832..6d6679506d 160000
--- a/aux/bro-aux
+++ b/aux/bro-aux
@@ -1 +1 @@
-Subproject commit a2d290a832c35ad11f3fabb19812bcae2ff089cd
+Subproject commit 6d6679506d8762ddbba16f0b34f7ad253e3aac45
diff --git a/aux/broctl b/aux/broctl
index 97c17d2172..54377d4746 160000
--- a/aux/broctl
+++ b/aux/broctl
@@ -1 +1 @@
-Subproject commit 97c17d21725e42b36f4b49579077ecdc28ddb86a
+Subproject commit 54377d4746e2fd3ba7b7ca97e4a6ceccbd2cc236
diff --git a/aux/broker b/aux/broker
index b02fefd5cf..f303cdbc60 160000
--- a/aux/broker
+++ b/aux/broker
@@ -1 +1 @@
-Subproject commit b02fefd5cf78c1576e59c106f5211ce5ae47cfdd
+Subproject commit f303cdbc60ad6eef35ebcd1473ee85b3123f5ef1
diff --git a/aux/btest b/aux/btest
index 80b42ee3e4..0e2da116a5 160000
--- a/aux/btest
+++ b/aux/btest
@@ -1 +1 @@
-Subproject commit 80b42ee3e4503783b6720855b28e83ff1658c22b
+Subproject commit 0e2da116a5e29baacaecc6daac7bc4bc9ff387c5
diff --git a/aux/plugins b/aux/plugins
index e1ea9f67cf..99d7519991 160000
--- a/aux/plugins
+++ b/aux/plugins
@@ -1 +1 @@
-Subproject commit e1ea9f67cfe3d6a81e0c1479ced0b9aa73e77c87
+Subproject commit 99d7519991b41a970809a99433ea9c7df42e9d93
diff --git a/doc/components/bro-plugins/README.rst b/doc/components/bro-plugins/README.rst
new file mode 120000
index 0000000000..8f96f50909
--- /dev/null
+++ b/doc/components/bro-plugins/README.rst
@@ -0,0 +1 @@
+../../../aux/plugins/README
\ No newline at end of file
diff --git a/doc/components/bro-plugins/dataseries/README.rst b/doc/components/bro-plugins/dataseries/README.rst
new file mode 120000
index 0000000000..3362e911fc
--- /dev/null
+++ b/doc/components/bro-plugins/dataseries/README.rst
@@ -0,0 +1 @@
+../../../../aux/plugins/dataseries/README
\ No newline at end of file
diff --git a/doc/components/bro-plugins/elasticsearch/README.rst b/doc/components/bro-plugins/elasticsearch/README.rst
new file mode 120000
index 0000000000..8a5b78d689
--- /dev/null
+++ b/doc/components/bro-plugins/elasticsearch/README.rst
@@ -0,0 +1 @@
+../../../../aux/plugins/elasticsearch/README
\ No newline at end of file
diff --git a/doc/components/bro-plugins/netmap/README.rst b/doc/components/bro-plugins/netmap/README.rst
new file mode 120000
index 0000000000..819a2bb0e9
--- /dev/null
+++ b/doc/components/bro-plugins/netmap/README.rst
@@ -0,0 +1 @@
+../../../../aux/plugins/netmap/README
\ No newline at end of file
diff --git a/doc/components/index.rst b/doc/components/index.rst
index c1feda4a61..85527e9f9c 100644
--- a/doc/components/index.rst
+++ b/doc/components/index.rst
@@ -21,6 +21,7 @@ current, independent component releases.
    Broker - User Manual <broker/broker-manual.rst>
    BroControl - Interactive Bro management shell <broctl/README>
    Bro-Aux - Small auxiliary tools for Bro <bro-aux/README>
+   Bro-Plugins - A collection of plugins for Bro <bro-plugins/README>
    BTest - A unit testing framework <btest/README>
    Capstats - Command-line packet statistic tool <capstats/README>
    PySubnetTree - Python module for CIDR lookups<pysubnettree/README>
diff --git a/doc/devel/plugins.rst b/doc/devel/plugins.rst
index 5c963a1552..091a0090d1 100644
--- a/doc/devel/plugins.rst
+++ b/doc/devel/plugins.rst
@@ -3,7 +3,7 @@
 Writing Bro Plugins
 ===================
 
-Bro internally provides plugin API that enables extending
+Bro internally provides a plugin API that enables extending
 the system dynamically, without modifying the core code base. That way
 custom code remains self-contained and can be maintained, compiled,
 and installed independently. Currently, plugins can add the following
@@ -32,7 +32,7 @@ Quick Start
 ===========
 
 Writing a basic plugin is quite straight-forward as long as one
-follows a few conventions. In the following we walk a simple example
+follows a few conventions. In the following we create a simple example
 plugin that adds a new built-in function (bif) to Bro: we'll add 
 ``rot13(s: string) : string``, a function that rotates every character
 in a string by 13 places.
@@ -81,7 +81,7 @@ The syntax of this file is just like any other ``*.bif`` file; we
 won't go into it here.
 
 Now we can already compile our plugin, we just need to tell the
-configure script that ``init-plugin`` put in place where the Bro
+configure script (that ``init-plugin`` created) where the Bro
 source tree is located (Bro needs to have been built there first)::
 
     # cd rot13-plugin
@@ -99,7 +99,7 @@ option::
     # export BRO_PLUGIN_PATH=/path/to/rot13-plugin/build
     # bro -N
     [...]
-    Plugin: Demo::Rot13 - <Insert brief description of plugin> (dynamic, version 1)
+    Demo::Rot13 - <Insert description> (dynamic, version 0.1)
     [...]
 
 That looks quite good, except for the dummy description that we should
@@ -108,28 +108,30 @@ is about.  We do this by editing the ``config.description`` line in
 ``src/Plugin.cc``, like this::
 
     [...]
-    plugin::Configuration Configure()
+    plugin::Configuration Plugin::Configure()
         {
         plugin::Configuration config;
         config.name = "Demo::Rot13";
         config.description = "Caesar cipher rotating a string's characters by 13 places.";
-        config.version.major = 1;
-        config.version.minor = 0;
+        config.version.major = 0;
+        config.version.minor = 1;
         return config;
         }
     [...]
 
+Now rebuild and verify that the description is visible::
+
     # make
     [...]
     # bro -N | grep Rot13
-    Plugin: Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
 
-Better. Bro can also show us what exactly the plugin provides with the
+Bro can also show us what exactly the plugin provides with the
 more verbose option ``-NN``::
 
     # bro -NN
     [...]
-    Plugin: Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
         [Function] Demo::rot13
     [...]
 
@@ -157,10 +159,12 @@ The installed version went into
 ``<bro-install-prefix>/lib/bro/plugins/Demo_Rot13``.
 
 One can distribute the plugin independently of Bro for others to use.
-To distribute in source form, just remove the ``build/`` (``make
-distclean`` does that) and then tar up the whole ``rot13-plugin/``
+To distribute in source form, just remove the ``build/`` directory
+(``make distclean`` does that) and then tar up the whole ``rot13-plugin/``
 directory. Others then follow the same process as above after
-unpacking. To distribute the plugin in binary form, the build process
+unpacking.
+
+To distribute the plugin in binary form, the build process
 conveniently creates a corresponding tarball in ``build/dist/``. In
 this case, it's called ``Demo_Rot13-0.1.tar.gz``, with the version
 number coming out of the ``VERSION`` file that ``init-plugin`` put
@@ -169,14 +173,14 @@ plugin, but no further source files. Optionally, one can include
 further files by specifying them in the plugin's ``CMakeLists.txt``
 through the ``bro_plugin_dist_files`` macro; the skeleton does that
 for ``README``, ``VERSION``, ``CHANGES``, and ``COPYING``. To use the
-plugin through the binary tarball, just unpack it and point
-``BRO_PLUGIN_PATH`` there; or copy it into
-``<bro-install-prefix>/lib/bro/plugins/`` directly.
+plugin through the binary tarball, just unpack it into
+``<bro-install-prefix>/lib/bro/plugins/``.  Alternatively, if you unpack
+it in another location, then you need to point ``BRO_PLUGIN_PATH`` there.
 
 Before distributing your plugin, you should edit some of the meta
 files that ``init-plugin`` puts in place. Edit ``README`` and
 ``VERSION``, and update ``CHANGES`` when you make changes. Also put a
-license file in place as ``COPYING``; if BSD is fine, you find a
+license file in place as ``COPYING``; if BSD is fine, you will find a
 template in ``COPYING.edit-me``.
 
 Plugin Directory Layout
@@ -193,7 +197,7 @@ directory. With the skeleton, ``<base>`` corresponds to ``build/``.
     must exist, and its content must consist of a single line with the
     qualified name of the plugin (e.g., "Demo::Rot13").
 
-``<base>/lib/<plugin-name>-<os>-<arch>.so``
+``<base>/lib/<plugin-name>.<os>-<arch>.so``
     The shared library containing the plugin's compiled code. Bro will
     load this in dynamically at run-time if OS and architecture match
     the current platform.
@@ -215,8 +219,8 @@ directory. With the skeleton, ``<base>`` corresponds to ``build/``.
 Any other files in ``<base>`` are ignored by Bro.
 
 By convention, a plugin should put its custom scripts into sub folders
-of ``scripts/``, i.e., ``scripts/<script-namespace>/<script>.bro`` to
-avoid conflicts. As usual, you can then put a ``__load__.bro`` in
+of ``scripts/``, i.e., ``scripts/<plugin-namespace>/<plugin-name>/<script>.bro``
+to avoid conflicts. As usual, you can then put a ``__load__.bro`` in
 there as well so that, e.g., ``@load Demo/Rot13`` could load a whole
 module in the form of multiple individual scripts.
 
@@ -242,7 +246,8 @@ as well as the ``__bro_plugin__`` magic file and any further
 distribution files specified in ``CMakeLists.txt`` (e.g., README,
 VERSION). You can find a full list of files installed in
 ``build/MANIFEST``. Behind the scenes, ``make install`` really just
-copies over the binary tarball in ``build/dist``. 
+unpacks the binary tarball from ``build/dist`` into the destination
+directory.
 
 ``init-plugin`` will never overwrite existing files. If its target
 directory already exists, it will by default decline to do anything.
@@ -369,18 +374,19 @@ Testing Plugins
 ===============
 
 A plugin should come with a test suite to exercise its functionality.
-The ``init-plugin`` script puts in place a basic </btest/README> setup
+The ``init-plugin`` script puts in place a basic
+:doc:`BTest <../../components/btest/README>` setup
 to start with. Initially, it comes with a single test that just checks
 that Bro loads the plugin correctly. It won't have a baseline yet, so
 let's get that in place::
 
     # cd tests
     # btest -d
-    [  0%] plugin.loading ... failed
+    [  0%] rot13.show-plugin ... failed
     % 'btest-diff output' failed unexpectedly (exit code 100)
     % cat .diag
     == File ===============================
-    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1.0)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
         [Function] Demo::rot13
 
     == Error ===============================
@@ -413,8 +419,8 @@ correctly::
 
 Check the output::
 
-    # btest -d plugin/rot13.bro
-    [  0%] plugin.rot13 ... failed
+    # btest -d rot13/bif-rot13.bro
+    [  0%] rot13.bif-rot13 ... failed
     % 'btest-diff output' failed unexpectedly (exit code 100)
     % cat .diag
     == File ===============================
@@ -429,7 +435,7 @@ Check the output::
 
 Install the baseline::
 
-    # btest -U plugin/rot13.bro
+    # btest -U rot13/bif-rot13.bro
     all 1 tests successful
 
 Run the test-suite::
@@ -457,7 +463,7 @@ your plugin's debugging output with ``-B plugin-<name>``, where
 ``<name>`` is the name of the plugin as returned by its
 ``Configure()`` method, yet with the namespace-separator ``::``
 replaced with a simple dash. Example: If the plugin is called
-``Bro::Demo``, use ``-B plugin-Bro-Demo``. As usual, the debugging
+``Demo::Rot13``, use ``-B plugin-Demo-Rot13``. As usual, the debugging
 output will be recorded to ``debug.log`` if Bro's compiled in debug
 mode.
 
diff --git a/doc/frameworks/logging-input-sqlite.rst b/doc/frameworks/logging-input-sqlite.rst
index 15df91b8c6..6f5e867686 100644
--- a/doc/frameworks/logging-input-sqlite.rst
+++ b/doc/frameworks/logging-input-sqlite.rst
@@ -67,8 +67,8 @@ that are present in the ASCII log files::
     'id.orig_p' integer,
     ...
 
-Note that the ASCII ``conn.log`` will still be created. To disable the ASCII writer for a
-log stream, you can remove the default filter:
+Note that the ASCII ``conn.log`` will still be created. To prevent this file
+from being created, you can remove the default filter:
 
 .. code:: bro
 
diff --git a/doc/frameworks/logging.rst b/doc/frameworks/logging.rst
index 765d7bed23..9b6fef0c15 100644
--- a/doc/frameworks/logging.rst
+++ b/doc/frameworks/logging.rst
@@ -19,195 +19,144 @@ Terminology
 
 Bro's logging interface is built around three main abstractions:
 
-    Log streams
-        A stream corresponds to a single log. It defines the set of
-        fields that a log consists of with their names and fields.
-        Examples are the ``conn`` for recording connection summaries,
+    Streams
+        A log stream corresponds to a single log. It defines the set of
+        fields that a log consists of with their names and types.
+        Examples are the ``conn`` stream for recording connection summaries,
         and the ``http`` stream for recording HTTP activity.
 
     Filters
         Each stream has a set of filters attached to it that determine
         what information gets written out. By default, each stream has
-        one default filter that just logs everything directly to disk
-        with an automatically generated file name. However, further
-        filters can be added to record only a subset, split a stream
-        into different outputs, or to even duplicate the log to
-        multiple outputs. If all filters are removed from a stream,
-        all output is disabled.
+        one default filter that just logs everything directly to disk.
+        However, additional filters can be added to record only a subset
+        of the log records, write to different outputs, or set a custom
+        rotation interval.  If all filters are removed from a stream,
+        then output is disabled for that stream.
 
     Writers
-        A writer defines the actual output format for the information
-        being logged. At the moment, Bro comes with only one type of
-        writer, which produces tab separated ASCII files. In the
-        future we will add further writers, like for binary output and
-        direct logging into a database.
+        Each filter has a writer.  A writer defines the actual output
+        format for the information being logged. The default writer is
+        the ASCII writer, which produces tab-separated ASCII files. Other
+        writers are available, like for binary output or direct logging
+        into a database.
 
-Basics
-======
+There are several different ways to customize Bro's logging: you can create
+a new log stream, you can extend an existing log with new fields, you
+can apply filters to an existing log stream, or you can customize the output
+format by setting log writer options.  All of these approaches are
+described in this document.
 
-The data fields that a stream records are defined by a record type
-specified when it is created. Let's look at the script generating Bro's
-connection summaries as an example,
-:doc:`/scripts/base/protocols/conn/main.bro`. It defines a record
-:bro:type:`Conn::Info` that lists all the fields that go into
-``conn.log``, each marked with a ``&log`` attribute indicating that it
-is part of the information written out. To write a log record, the
-script then passes an instance of :bro:type:`Conn::Info` to the logging
-framework's :bro:id:`Log::write` function.
+Streams
+=======
 
-By default, each stream automatically gets a filter named ``default``
-that generates the normal output by recording all record fields into a
-single output file.
+In order to log data to a new log stream, all of the following needs to be
+done:
 
-In the following, we summarize ways in which the logging can be
-customized. We continue using the connection summaries as our example
-to work with.
+- A :bro:type:`record` type must be defined which consists of all the
+  fields that will be logged (by convention, the name of this record type is
+  usually "Info").
+- A log stream ID (an :bro:type:`enum` with type name "Log::ID") must be
+  defined that uniquely identifies the new log stream.
+- A log stream must be created using the :bro:id:`Log::create_stream` function.
+- When the data to be logged becomes available, the :bro:id:`Log::write`
+  function must be called.
 
-Filtering
----------
-
-To create a new output file for an existing stream, you can add a
-new filter. A filter can, e.g., restrict the set of fields being
-logged:
+In the following example, we create a new module "Foo" which creates
+a new log stream.
 
 .. code:: bro
 
-    event bro_init()
+    module Foo;
+
+    export {
+        # Create an ID for our new stream. By convention, this is
+        # called "LOG".
+        redef enum Log::ID += { LOG };
+
+        # Define the record type that will contain the data to log.
+        type Info: record {
+            ts: time        &log;
+            id: conn_id     &log;
+            service: string &log &optional;
+            missed_bytes: count &log &default=0;
+        };
+    }
+
+    # Optionally, we can add a new field to the connection record so that
+    # the data we are logging (our "Info" record) will be easily
+    # accessible in a variety of event handlers.
+    redef record connection += {
+        # By convention, the name of this new field is the lowercase name
+        # of the module.
+        foo: Info &optional;
+    };
+
+    # This event is handled at a priority higher than zero so that if
+    # users modify this stream in another script, they can do so at the
+    # default priority of zero.
+    event bro_init() &priority=5
         {
-        # Add a new filter to the Conn::LOG stream that logs only
-        # timestamp and originator address.
-        local filter: Log::Filter = [$name="orig-only", $path="origs", $include=set("ts", "id.orig_h")];
-        Log::add_filter(Conn::LOG, filter);
+        # Create the stream. This adds a default filter automatically.
+        Log::create_stream(Foo::LOG, [$columns=Info, $path="foo"]);
         }
 
-Note the fields that are set for the filter:
+In the definition of the "Info" record above, notice that each field has the
+:bro:attr:`&log` attribute.  Without this attribute, a field will not appear in
+the log output. Also notice one field has the :bro:attr:`&optional` attribute.
+This indicates that the field might not be assigned any value before the
+log record is written.  Finally, a field with the :bro:attr:`&default`
+attribute has a default value assigned to it automatically.
 
-    ``name``
-        A mandatory name for the filter that can later be used
-        to manipulate it further.
-
-    ``path``
-        The filename for the output file, without any extension (which
-        may be automatically added by the writer). Default path values
-        are generated by taking the stream's ID and munging it slightly.
-        :bro:enum:`Conn::LOG` is converted into ``conn``,
-        :bro:enum:`PacketFilter::LOG` is converted into
-        ``packet_filter``, and :bro:enum:`Known::CERTS_LOG` is
-        converted into ``known_certs``.
-
-    ``include``
-        A set limiting the fields to the ones given. The names
-        correspond to those in the :bro:type:`Conn::Info` record, with
-        sub-records unrolled by concatenating fields (separated with
-        dots).
-
-Using the code above, you will now get a new log file ``origs.log``
-that looks like this::
-
-    #separator \x09
-    #path   origs
-    #fields ts      id.orig_h
-    #types  time    addr
-    1128727430.350788       141.42.64.125
-    1128727435.450898       141.42.64.125
-
-If you want to make this the only log file for the stream, you can
-remove the default filter (which, conveniently, has the name
-``default``):
+At this point, the only thing missing is a call to the :bro:id:`Log::write`
+function to send data to the logging framework.  The actual event handler
+where this should take place will depend on where your data becomes available.
+In this example, the :bro:id:`connection_established` event provides our data,
+and we also store a copy of the data being logged into the
+:bro:type:`connection` record:
 
 .. code:: bro
 
-    event bro_init()
+    event connection_established(c: connection)
         {
-        # Remove the filter called "default".
-        Log::remove_filter(Conn::LOG, "default");
+        local rec: Foo::Info = [$ts=network_time(), $id=c$id];
+
+        # Store a copy of the data in the connection record so other
+        # event handlers can access it.
+        c$foo = rec;
+
+        Log::write(Foo::LOG, rec);
         }
 
-An alternate approach to "turning off" a log is to completely disable
-the stream:
+If you run Bro with this script, a new log file ``foo.log`` will be created.
+Although we only specified four fields in the "Info" record above, the
+log output will actually contain seven fields because one of the fields
+(the one named "id") is itself a record type.  Since a :bro:type:`conn_id`
+record has four fields, then each of these fields is a separate column in
+the log output.  Note that the way that such fields are named in the log
+output differs slightly from the way we would refer to the same field
+in a Bro script (each dollar sign is replaced with a period).  For example,
+to access the first field of a ``conn_id`` in a Bro script we would use
+the notation ``id$orig_h``, but that field is named ``id.orig_h``
+in the log output.
 
-.. code:: bro
+When you are developing scripts that add data to the :bro:type:`connection`
+record, care must be given to when and how long data is stored.
+Normally data saved to the connection record will remain there for the
+duration of the connection and from a practical perspective it's not
+uncommon to need to delete that data before the end of the connection.
 
-    event bro_init()
-        {
-        Log::disable_stream(Conn::LOG);
-        }
 
-If you want to skip only some fields but keep the rest, there is a
-corresponding ``exclude`` filter attribute that you can use instead of
-``include`` to list only the ones you are not interested in.
+Add Fields to a Log
+-------------------
 
-A filter can also determine output paths *dynamically* based on the
-record being logged. That allows, e.g., to record local and remote
-connections into separate files. To do this, you define a function
-that returns the desired path:
+You can add additional fields to a log by extending the record
+type that defines its content, and setting a value for the new fields
+before each log record is written.
 
-.. code:: bro
-
-    function split_log(id: Log::ID, path: string, rec: Conn::Info) : string
-        {
-        # Return "conn-local" if originator is a local IP, otherwise "conn-remote".
-        local lr = Site::is_local_addr(rec$id$orig_h) ? "local" : "remote";
-        return fmt("%s-%s", path, lr);
-        }
-
-    event bro_init()
-        {
-        local filter: Log::Filter = [$name="conn-split", $path_func=split_log, $include=set("ts", "id.orig_h")];
-        Log::add_filter(Conn::LOG, filter);
-        }
-
-Running this will now produce two files, ``local.log`` and
-``remote.log``, with the corresponding entries. One could extend this
-further for example to log information by subnets or even by IP
-address. Be careful, however, as it is easy to create many files very
-quickly ...
-
-.. sidebar:: A More Generic Path Function
-
-    The ``split_log`` method has one draw-back: it can be used
-    only with the :bro:enum:`Conn::LOG` stream as the record type is hardcoded
-    into its argument list. However, Bro allows to do a more generic
-    variant:
-
-    .. code:: bro
-
-        function split_log(id: Log::ID, path: string, rec: record { id: conn_id; } ) : string
-            {
-            return Site::is_local_addr(rec$id$orig_h) ? "local" : "remote";
-            }
-
-    This function can be used with all log streams that have records
-    containing an ``id: conn_id`` field.
-
-While so far we have seen how to customize the columns being logged,
-you can also control which records are written out by providing a
-predicate that will be called for each log record:
-
-.. code:: bro
-
-    function http_only(rec: Conn::Info) : bool
-        {
-        # Record only connections with successfully analyzed HTTP traffic
-        return rec$service == "http";
-        }
-
-    event bro_init()
-        {
-        local filter: Log::Filter = [$name="http-only", $path="conn-http", $pred=http_only];
-        Log::add_filter(Conn::LOG, filter);
-        }
-
-This will result in a log file ``conn-http.log`` that contains only
-traffic detected and analyzed as HTTP traffic.
-
-Extending
----------
-
-You can add further fields to a log stream by extending the record
-type that defines its content. Let's say we want to add a boolean
-field ``is_private`` to :bro:type:`Conn::Info` that indicates whether the
-originator IP address is part of the :rfc:`1918` space:
+Let's say we want to add a boolean field ``is_private`` to
+:bro:type:`Conn::Info` that indicates whether the originator IP address
+is part of the :rfc:`1918` space:
 
 .. code:: bro
 
@@ -218,9 +167,21 @@ originator IP address is part of the :rfc:`1918` space:
         is_private: bool &default=F &log;
     };
 
+As this example shows, when extending a log stream's "Info" record, each
+new field must always be declared either with a ``&default`` value or
+as ``&optional``.  Furthermore, you need to add the ``&log`` attribute
+or otherwise the field won't appear in the log file.
 
-Now we need to set the field. A connection's summary is generated at
-the time its state is removed from memory. We can add another handler
+Now we need to set the field.  Although the details vary depending on which
+log is being extended, in general it is important to choose a suitable event
+in which to set the additional fields because we need to make sure that
+the fields are set before the log record is written.  Sometimes the right
+choice is the same event which writes the log record, but at a higher
+priority (in order to ensure that the event handler that sets the additional
+fields is executed before the event handler that writes the log record).
+
+In this example, since a connection's summary is generated at
+the time its state is removed from memory, we can add another handler
 at that time that sets our field correctly:
 
 .. code:: bro
@@ -232,31 +193,58 @@ at that time that sets our field correctly:
         }
 
 Now ``conn.log`` will show a new field ``is_private`` of type
-``bool``.
+``bool``.  If you look at the Bro script which defines the connection
+log stream :doc:`/scripts/base/protocols/conn/main.bro`, you will see
+that ``Log::write`` gets called in an event handler for the
+same event as used in this example to set the additional fields, but at a
+lower priority than the one used in this example (i.e., the log record gets
+written after we assign the ``is_private`` field).
 
-Notes:
+For extending logs this way, one needs a bit of knowledge about how
+the script that creates the log stream is organizing its state
+keeping. Most of the standard Bro scripts attach their log state to
+the :bro:type:`connection` record where it can then be accessed, just
+like ``c$conn`` above. For example, the HTTP analysis adds a field
+``http`` of type :bro:type:`HTTP::Info` to the :bro:type:`connection`
+record.
 
-- For extending logs this way, one needs a bit of knowledge about how
-  the script that creates the log stream is organizing its state
-  keeping. Most of the standard Bro scripts attach their log state to
-  the :bro:type:`connection` record where it can then be accessed, just
-  as the ``c$conn`` above. For example, the HTTP analysis adds a field
-  ``http`` of type :bro:type:`HTTP::Info` to the :bro:type:`connection`
-  record. See the script reference for more information.
 
-- When extending records as shown above, the new fields must always be
-  declared either with a ``&default`` value or as ``&optional``.
-  Furthermore, you need to add the ``&log`` attribute or otherwise the
-  field won't appear in the output.
-
-Hooking into the Logging
-------------------------
+Define a Logging Event
+----------------------
 
 Sometimes it is helpful to do additional analysis of the information
 being logged. For these cases, a stream can specify an event that will
-be generated every time a log record is written to it. All of Bro's
-default log streams define such an event. For example, the connection
-log stream raises the event :bro:id:`Conn::log_conn`. You
+be generated every time a log record is written to it.  To do this, we
+need to modify the example module shown above to look something like this:
+
+.. code:: bro
+
+    module Foo;
+
+    export {
+        redef enum Log::ID += { LOG };
+
+        type Info: record {
+            ts: time     &log;
+            id: conn_id  &log;
+            service: string &log &optional;
+            missed_bytes: count &log &default=0;
+        };
+
+        # Define a logging event. By convention, this is called
+        # "log_<stream>".
+        global log_foo: event(rec: Info);
+    }
+
+    event bro_init() &priority=5
+        {
+        # Specify the "log_foo" event here in order for Bro to raise it.
+        Log::create_stream(Foo::LOG, [$columns=Info, $ev=log_foo,
+                           $path="foo"]);
+        }
+
+All of Bro's default log streams define such an event. For example, the
+connection log stream raises the event :bro:id:`Conn::log_conn`. You
 could use that for example for flagging when a connection to a
 specific destination exceeds a certain duration:
 
@@ -270,7 +258,7 @@ specific destination exceeds a certain duration:
 
     event Conn::log_conn(rec: Conn::Info)
         {
-        if ( rec$duration > 5mins )
+        if ( rec?$duration && rec$duration > 5mins )
             NOTICE([$note=Long_Conn_Found,
                     $msg=fmt("unusually long conn to %s", rec$id$resp_h),
                     $id=rec$id]);
@@ -281,15 +269,196 @@ externally with Perl scripts. Much of what such an external script
 would do later offline, one may instead do directly inside of Bro in
 real-time.
 
-Rotation
---------
+Disable a Stream
+----------------
 
-By default, no log rotation occurs, but it's globally controllable for all
-filters by redefining the :bro:id:`Log::default_rotation_interval` option:
+One way to "turn off" a log is to completely disable the stream.  For
+example, the following example will prevent the conn.log from being written:
 
 .. code:: bro
 
-    redef Log::default_rotation_interval = 1 hr;
+    event bro_init()
+        {
+        Log::disable_stream(Conn::LOG);
+        }
+
+Note that this must run after the stream is created, so the priority
+of this event handler must be lower than the priority of the event handler
+where the stream was created.
+
+
+Filters
+=======
+
+A stream has one or more filters attached to it (a stream without any filters
+will not produce any log output).  When a stream is created, it automatically
+gets a default filter attached to it.  This default filter can be removed
+or replaced, or other filters can be added to the stream.  This is accomplished
+by using either the :bro:id:`Log::add_filter` or :bro:id:`Log::remove_filter`
+function.  This section shows how to use filters to do such tasks as
+rename a log file, split the output into multiple files, control which
+records are written, and set a custom rotation interval.
+
+Rename Log File
+---------------
+
+Normally, the log filename for a given log stream is determined when the
+stream is created, unless you explicitly specify a different one by adding
+a filter.
+
+The easiest way to change a log filename is to simply replace the
+default log filter with a new filter that specifies a value for the "path"
+field.  In this example, "conn.log" will be changed to "myconn.log":
+
+.. code:: bro
+
+    event bro_init()
+        {
+        # Replace default filter for the Conn::LOG stream in order to
+        # change the log filename.
+
+        local f = Log::get_filter(Conn::LOG, "default");
+        f$path = "myconn";
+        Log::add_filter(Conn::LOG, f);
+        }
+
+Keep in mind that the "path" field of a log filter never contains the
+filename extension.  The extension will be determined later by the log writer.
+
+Add a New Log File
+------------------
+
+Normally, a log stream writes to only one log file.  However, you can
+add filters so that the stream writes to multiple files.  This is useful
+if you want to restrict the set of fields being logged to the new file.
+
+In this example, a new filter is added to the Conn::LOG stream that writes
+two fields to a new log file:
+
+.. code:: bro
+
+    event bro_init()
+        {
+        # Add a new filter to the Conn::LOG stream that logs only
+        # timestamp and originator address.
+
+        local filter: Log::Filter = [$name="orig-only", $path="origs",
+                                     $include=set("ts", "id.orig_h")];
+        Log::add_filter(Conn::LOG, filter);
+        }
+
+
+Notice how the "include" filter attribute specifies a set that limits the
+fields to the ones given. The names correspond to those in the
+:bro:type:`Conn::Info` record (however, because the "id" field is itself a
+record, we can specify an individual field of "id" by the dot notation
+shown in the example).
+
+Using the code above, in addition to the regular ``conn.log``, you will
+now also get a new log file ``origs.log`` that looks like the regular
+``conn.log``, but will have only the fields specified in the "include"
+filter attribute.
+
+If you want to skip only some fields but keep the rest, there is a
+corresponding ``exclude`` filter attribute that you can use instead of
+``include`` to list only the ones you are not interested in.
+
+If you want to make this the only log file for the stream, you can
+remove the default filter:
+
+.. code:: bro
+
+    event bro_init()
+        {
+        # Remove the filter called "default".
+        Log::remove_filter(Conn::LOG, "default");
+        }
+
+Determine Log Path Dynamically
+------------------------------
+
+Instead of using the "path" filter attribute, a filter can determine
+output paths *dynamically* based on the record being logged. That
+allows, e.g., to record local and remote connections into separate
+files. To do this, you define a function that returns the desired path,
+and use the "path_func" filter attribute:
+
+.. code:: bro
+
+    # Note: if using BroControl then you don't need to redef local_nets.
+    redef Site::local_nets = { 192.168.0.0/16 };
+
+    function myfunc(id: Log::ID, path: string, rec: Conn::Info) : string
+        {
+        # Return "conn-local" if originator is a local IP, otherwise
+        # return "conn-remote".
+        local r = Site::is_local_addr(rec$id$orig_h) ? "local" : "remote";
+        return fmt("%s-%s", path, r);
+        }
+
+    event bro_init()
+        {
+        local filter: Log::Filter = [$name="conn-split",
+                 $path_func=myfunc, $include=set("ts", "id.orig_h")];
+        Log::add_filter(Conn::LOG, filter);
+        }
+
+Running this will now produce two new files, ``conn-local.log`` and
+``conn-remote.log``, with the corresponding entries (for this example to work,
+the ``Site::local_nets`` must specify your local network). One could extend
+this further for example to log information by subnets or even by IP
+address. Be careful, however, as it is easy to create many files very
+quickly.
+
+The ``myfunc`` function has one drawback: it can be used
+only with the :bro:enum:`Conn::LOG` stream as the record type is hardcoded
+into its argument list. However, Bro allows to do a more generic
+variant:
+
+.. code:: bro
+
+    function myfunc(id: Log::ID, path: string,
+                    rec: record { id: conn_id; } ) : string
+        {
+        local r = Site::is_local_addr(rec$id$orig_h) ? "local" : "remote";
+        return fmt("%s-%s", path, r);
+        }
+
+This function can be used with all log streams that have records
+containing an ``id: conn_id`` field.
+
+Filter Log Records
+------------------
+
+We have seen how to customize the columns being logged, but
+you can also control which records are written out by providing a
+predicate that will be called for each log record:
+
+.. code:: bro
+
+    function http_only(rec: Conn::Info) : bool
+        {
+        # Record only connections with successfully analyzed HTTP traffic
+        return rec?$service && rec$service == "http";
+        }
+
+    event bro_init()
+        {
+        local filter: Log::Filter = [$name="http-only", $path="conn-http",
+                                     $pred=http_only];
+        Log::add_filter(Conn::LOG, filter);
+        }
+
+This will result in a new log file ``conn-http.log`` that contains only
+the log records from ``conn.log`` that are analyzed as HTTP traffic.
+
+Rotation
+--------
+
+The log rotation interval is globally controllable for all
+filters by redefining the :bro:id:`Log::default_rotation_interval` option
+(note that when using BroControl, this option is set automatically via
+the BroControl configuration).
 
 Or specifically for certain :bro:type:`Log::Filter` instances by setting
 their ``interv`` field.  Here's an example of changing just the
@@ -301,90 +470,73 @@ their ``interv`` field.  Here's an example of changing just the
         {
         local f = Log::get_filter(Conn::LOG, "default");
         f$interv = 1 min;
-        Log::remove_filter(Conn::LOG, "default");
         Log::add_filter(Conn::LOG, f);
         }
 
-ASCII Writer Configuration
---------------------------
+Writers
+=======
 
-The ASCII writer has a number of options for customizing the format of
-its output, see :doc:`/scripts/base/frameworks/logging/writers/ascii.bro`.
+Each filter has a writer.  If you do not specify a writer when adding a
+filter to a stream, then the ASCII writer is the default.
 
-Adding Streams
-==============
+There are two ways to specify a non-default writer.  To change the default
+writer for all log filters, just redefine the :bro:id:`Log::default_writer`
+option.  Alternatively, you can specify the writer to use on a per-filter
+basis by setting a value for the filter's "writer" field.  Consult the
+documentation of the writer to use to see if there are other options that are
+needed.
 
-It's easy to create a new log stream for custom scripts. Here's an
-example for the ``Foo`` module:
+ASCII Writer
+------------
+
+By default, the ASCII writer outputs log files that begin with several
+lines of metadata, followed by the actual log output.  The metadata
+describes the format of the log file, the "path" of the log (i.e., the log
+filename without file extension), and also specifies the time that the log
+was created and the time when Bro finished writing to it.
+The ASCII writer has a number of options for customizing the format of its
+output, see :doc:`/scripts/base/frameworks/logging/writers/ascii.bro`.
+If you change the output format options, then be careful to check whether
+your postprocessing scripts can still recognize your log files.
+
+Some writer options are global (i.e., they affect all log filters using
+that log writer).  For example, to change the output format of all ASCII
+logs to JSON format:
 
 .. code:: bro
 
-    module Foo;
+    redef LogAscii::use_json = T;
 
-    export {
-        # Create an ID for our new stream. By convention, this is
-        # called "LOG".
-        redef enum Log::ID += { LOG };
+Some writer options are filter-specific (i.e., they affect only the filters
+that explicitly specify the option).  For example, to change the output
+format of the ``conn.log`` only:
 
-        # Define the fields. By convention, the type is called "Info".
-        type Info: record {
-            ts: time     &log;
-            id: conn_id  &log;
-        };
+.. code:: bro
 
-        # Define a hook event. By convention, this is called
-        # "log_<stream>".
-        global log_foo: event(rec: Info);
-
-    }
-
-    # This event should be handled at a higher priority so that when
-    # users modify your stream later and they do it at priority 0,
-    # their code runs after this.
-    event bro_init() &priority=5
+    event bro_init()
         {
-        # Create the stream. This also adds a default filter automatically.
-        Log::create_stream(Foo::LOG, [$columns=Info, $ev=log_foo, $path="foo"]);
+        local f = Log::get_filter(Conn::LOG, "default");
+        # Use tab-separated-value mode
+        f$config = table(["tsv"] = "T");
+        Log::add_filter(Conn::LOG, f);
         }
 
-You can also add the state to the :bro:type:`connection` record to make
-it easily accessible across event handlers:
-
-.. code:: bro
-
-    redef record connection += {
-        foo: Info &optional;
-        }
-
-Now you can use the :bro:id:`Log::write` method to output log records and
-save the logged ``Foo::Info`` record into the connection record:
-
-.. code:: bro
-
-    event connection_established(c: connection)
-        {
-        local rec: Foo::Info = [$ts=network_time(), $id=c$id];
-        c$foo = rec;
-        Log::write(Foo::LOG, rec);
-        }
-
-See the existing scripts for how to work with such a new connection
-field. A simple example is :doc:`/scripts/base/protocols/syslog/main.bro`.
-
-When you are developing scripts that add data to the :bro:type:`connection`
-record, care must be given to when and how long data is stored.
-Normally data saved to the connection record will remain there for the
-duration of the connection and from a practical perspective it's not
-uncommon to need to delete that data before the end of the connection.
 
 Other Writers
 -------------
 
-Bro supports the following built-in output formats other than ASCII:
+Bro supports the following additional built-in output formats:
 
 .. toctree::
    :maxdepth: 1
 
    logging-input-sqlite
 
-Further formats are available as external plugins.
+Additional writers are available as external plugins:
+
+.. toctree::
+   :maxdepth: 1
+
+   ../components/bro-plugins/dataseries/README
+   ../components/bro-plugins/elasticsearch/README
+
diff --git a/doc/install/guidelines.rst b/doc/install/guidelines.rst
index af33b8fee1..d1e1777165 100644
--- a/doc/install/guidelines.rst
+++ b/doc/install/guidelines.rst
@@ -8,10 +8,12 @@ How to Upgrade
 If you're doing an upgrade install (rather than a fresh install),
 there's two suggested approaches: either install Bro using the same
 installation prefix directory as before, or pick a new prefix and copy
-local customizations over.  Regardless of which approach you choose,
-if you are using BroControl, then after upgrading Bro you will need to
-run "broctl check" (to verify that your new configuration is OK)
-and "broctl install" to complete the upgrade process.
+local customizations over.
+
+Regardless of which approach you choose, if you are using BroControl, then
+before doing the upgrade you should stop all running Bro processes with the
+"broctl stop" command.  After the upgrade is complete then you will need
+to run "broctl deploy".
 
 In the following we summarize general guidelines for upgrading, see
 the :ref:`release-notes` for version-specific information.
diff --git a/doc/install/install.rst b/doc/install/install.rst
index 18bacd7758..ab3f6cafc8 100644
--- a/doc/install/install.rst
+++ b/doc/install/install.rst
@@ -46,8 +46,7 @@ To build Bro from source, the following additional dependencies are required:
     * zlib headers
     * Perl
 
-To install the required dependencies, you can use (when done, make sure
-that ``bash`` and ``python`` are in your ``PATH``):
+To install the required dependencies, you can use:
 
 * RPM/RedHat-based Linux:
 
@@ -68,13 +67,17 @@ that ``bash`` and ``python`` are in your ``PATH``):
 
   .. console::
 
-      sudo pkg_add -r bash cmake swig bison python perl py27-sqlite3
+      sudo pkg install bash cmake swig bison python perl py27-sqlite3
+
+  Note that in older versions of FreeBSD, you might have to use the
+  "pkg_add -r" command instead of "pkg install".
 
 * Mac OS X:
 
-  Compiling source code on Macs requires first downloading Xcode_,
-  then going through its "Preferences..." -> "Downloads" menus to
-  install the "Command Line Tools" component.
+  Compiling source code on Macs requires first installing Xcode_ (in older
+  versions of Xcode, you would then need to go through its
+  "Preferences..." -> "Downloads" menus to install the "Command Line Tools"
+  component).
 
   OS X comes with all required dependencies except for CMake_ and SWIG_.
   Distributions of these dependencies can likely be obtained from your
@@ -94,7 +97,6 @@ build time:
     * curl (used by a Bro script that implements active HTTP)
     * gperftools (tcmalloc is used to improve memory and CPU usage)
     * ipsumdump (for trace-summary; http://www.cs.ucla.edu/~kohler/ipsumdump)
-    * Ruby executable, library, and headers (for Broccoli Ruby bindings)
 
 LibGeoIP is probably the most interesting and can be installed
 on most platforms by following the instructions for :ref:`installing
@@ -119,8 +121,8 @@ platforms for binary releases and for installation instructions.
 
   Linux based binary installations are usually performed by adding
   information about the Bro packages to the respective system packaging
-  tool. Theen the usual system utilities such as ``apt``, ``yum``
-  or ``zyppper`` are used to perforn the installation. By default,
+  tool. Then the usual system utilities such as ``apt``, ``yum``
+  or ``zypper`` are used to perform the installation. By default,
   installations of binary packages will go into ``/opt/bro``.
 
 * MacOS Disk Image with Installer
@@ -131,7 +133,7 @@ platforms for binary releases and for installation instructions.
 The primary install prefix for binary packages is ``/opt/bro``.
 
 Installing from Source
-==========================
+======================
 
 Bro releases are bundled into source packages for convenience and are
 available on the `bro downloads page`_. Alternatively, the latest
diff --git a/doc/quickstart/index.rst b/doc/quickstart/index.rst
index 616c94c261..ba9896e19d 100644
--- a/doc/quickstart/index.rst
+++ b/doc/quickstart/index.rst
@@ -24,9 +24,10 @@ Managing Bro with BroControl
 BroControl is an interactive shell for easily operating/managing Bro
 installations on a single system or even across multiple systems in a
 traffic-monitoring cluster.  This section explains how to use BroControl
-to manage a stand-alone Bro installation.  For instructions on how to
-configure a Bro cluster, see the :doc:`Cluster Configuration
-<../configuration/index>` documentation.
+to manage a stand-alone Bro installation.  For a complete reference on
+BroControl, see the :doc:`BroControl <../components/broctl/README>`
+documentation.  For instructions on how to configure a Bro cluster,
+see the :doc:`Cluster Configuration <../configuration/index>` documentation.
 
 A Minimal Starting Configuration
 --------------------------------
diff --git a/doc/script-reference/attributes.rst b/doc/script-reference/attributes.rst
index 40646f64f4..d37cc2a98a 100644
--- a/doc/script-reference/attributes.rst
+++ b/doc/script-reference/attributes.rst
@@ -173,14 +173,20 @@ Here is a more detailed explanation of each attribute:
 
     Rotates a file after a specified interval.
 
+    Note: This attribute is deprecated and will be removed in a future release.
+
 .. bro:attr:: &rotate_size
 
     Rotates a file after it has reached a given size in bytes.
 
+    Note: This attribute is deprecated and will be removed in a future release.
+
 .. bro:attr:: &encrypt
 
     Encrypts files right before writing them to disk.
 
+    Note: This attribute is deprecated and will be removed in a future release.
+
 .. bro:attr:: &raw_output
 
     Opens a file in raw mode, i.e., non-ASCII characters are not
@@ -229,5 +235,4 @@ Here is a more detailed explanation of each attribute:
 
     The associated identifier is marked as deprecated and will be
     removed in a future version of Bro.  Look in the NEWS file for more
-    explanation and/or instructions to migrate code that uses deprecated
-    functionality.
+    instructions to migrate code that uses deprecated functionality.
diff --git a/doc/script-reference/directives.rst b/doc/script-reference/directives.rst
index f98f328191..b56967ff3d 100644
--- a/doc/script-reference/directives.rst
+++ b/doc/script-reference/directives.rst
@@ -58,6 +58,23 @@ executed.  Directives are evaluated before script execution begins.
     for that script are ignored).
 
 
+.. bro:keyword:: @load-plugin
+
+    Activate a dynamic plugin with the specified plugin name.  The specified
+    plugin must be located in Bro's plugin search path.  Example::
+
+        @load-plugin Demo::Rot13
+
+    By default, Bro will automatically activate all dynamic plugins found
+    in the plugin search path (the search path can be changed by setting
+    the environment variable BRO_PLUGIN_PATH to a colon-separated list of
+    directories). However, in bare mode ("bro -b"), dynamic plugins can be
+    activated only by using "@load-plugin", or by specifying the full
+    plugin name on the Bro command-line (e.g., "bro Demo::Rot13"), or by
+    setting the environment variable BRO_PLUGIN_ACTIVATE to a
+    comma-separated list of plugin names.
+
+
 .. bro:keyword:: @load-sigs
 
     This works similarly to "@load", except that in this case the filename
diff --git a/doc/script-reference/log-files.rst b/doc/script-reference/log-files.rst
index 208a692443..c3fbca95a0 100644
--- a/doc/script-reference/log-files.rst
+++ b/doc/script-reference/log-files.rst
@@ -26,13 +26,21 @@ Network Protocols
 +----------------------------+---------------------------------------+---------------------------------+
 | irc.log                    | IRC commands and responses            | :bro:type:`IRC::Info`           |
 +----------------------------+---------------------------------------+---------------------------------+
+| kerberos.log               | Kerberos                              | :bro:type:`KRB::Info`           |
++----------------------------+---------------------------------------+---------------------------------+
 | modbus.log                 | Modbus commands and responses         | :bro:type:`Modbus::Info`        |
 +----------------------------+---------------------------------------+---------------------------------+
 | modbus_register_change.log | Tracks changes to Modbus holding      | :bro:type:`Modbus::MemmapInfo`  |
 |                            | registers                             |                                 |
 +----------------------------+---------------------------------------+---------------------------------+
+| mysql.log                  | MySQL                                 | :bro:type:`MySQL::Info`         |
++----------------------------+---------------------------------------+---------------------------------+
 | radius.log                 | RADIUS authentication attempts        | :bro:type:`RADIUS::Info`        |
 +----------------------------+---------------------------------------+---------------------------------+
+| rdp.log                    | RDP                                   | :bro:type:`RDP::Info`           |
++----------------------------+---------------------------------------+---------------------------------+
+| sip.log                    | SIP                                   | :bro:type:`SIP::Info`           |
++----------------------------+---------------------------------------+---------------------------------+
 | smtp.log                   | SMTP transactions                     | :bro:type:`SMTP::Info`          |
 +----------------------------+---------------------------------------+---------------------------------+
 | snmp.log                   | SNMP messages                         | :bro:type:`SNMP::Info`          |
@@ -56,6 +64,8 @@ Files
 +============================+=======================================+=================================+
 | files.log                  | File analysis results                 | :bro:type:`Files::Info`         |
 +----------------------------+---------------------------------------+---------------------------------+
+| pe.log                     | Portable Executable (PE)              | :bro:type:`PE::Info`            |
++----------------------------+---------------------------------------+---------------------------------+
 | x509.log                   | X.509 certificate info                | :bro:type:`X509::Info`          |
 +----------------------------+---------------------------------------+---------------------------------+
 
diff --git a/doc/script-reference/statements.rst b/doc/script-reference/statements.rst
index bf607ad0f9..1f5b388e7f 100644
--- a/doc/script-reference/statements.rst
+++ b/doc/script-reference/statements.rst
@@ -258,8 +258,8 @@ Here are the statements that the Bro scripting language supports.
 
 .. bro:keyword:: break
 
-    The "break" statement is used to break out of a :bro:keyword:`switch` or
-    :bro:keyword:`for` statement.
+    The "break" statement is used to break out of a :bro:keyword:`switch`,
+    :bro:keyword:`for`, or :bro:keyword:`while` statement.
 
 
 .. bro:keyword:: delete
@@ -379,10 +379,10 @@ Here are the statements that the Bro scripting language supports.
 
 .. bro:keyword:: next
 
-    The "next" statement can only appear within a :bro:keyword:`for` loop.
-    It causes execution to skip to the next iteration.
+    The "next" statement can only appear within a :bro:keyword:`for` or
+    :bro:keyword:`while` loop.  It causes execution to skip to the next
+    iteration.
 
-    For an example, see the :bro:keyword:`for` statement.
 
 .. bro:keyword:: print
 
@@ -571,7 +571,7 @@ Here are the statements that the Bro scripting language supports.
 
 .. bro:keyword:: while
 
-    A "while" loop iterates over a body statement as long a given
+    A "while" loop iterates over a body statement as long as a given
     condition remains true.
 
     A :bro:keyword:`break` statement can be used at any time to immediately
@@ -609,8 +609,8 @@ Here are the statements that the Bro scripting language supports.
     (outside of the braces) of a compound statement.
 
     A compound statement is required in order to execute more than one
-    statement in the body of a :bro:keyword:`for`, :bro:keyword:`if`, or
-    :bro:keyword:`when` statement.
+    statement in the body of a :bro:keyword:`for`, :bro:keyword:`while`,
+    :bro:keyword:`if`, or :bro:keyword:`when` statement.
 
     Example::
 
diff --git a/man/bro.8 b/man/bro.8
index 612adb8107..fb2b44a420 100644
--- a/man/bro.8
+++ b/man/bro.8
@@ -51,12 +51,6 @@ add given prefix to policy file resolution
 \fB\-r\fR,\ \-\-readfile <readfile>
 read from given tcpdump file
 .TP
-\fB\-y\fR,\ \-\-flowfile <file>[=<ident>]
-read from given flow file
-.TP
-\fB\-Y\fR,\ \-\-netflow <ip>:<prt>[=<id>]
-read flow from socket
-.TP
 \fB\-s\fR,\ \-\-rulefile <rulefile>
 read rules from given file
 .TP
@@ -78,27 +72,21 @@ run the specified policy file analysis
 \fB\-C\fR,\ \-\-no\-checksums
 ignore checksums
 .TP
-\fB\-D\fR,\ \-\-dfa\-size <size>
-DFA state cache size
-.TP
 \fB\-F\fR,\ \-\-force\-dns
 force DNS
 .TP
 \fB\-I\fR,\ \-\-print\-id <ID name>
 print out given ID
 .TP
+\fB\-J\fR,\ \-\-set\-seed <seed>
+set the random number seed
+.TP
 \fB\-K\fR,\ \-\-md5\-hashkey <hashkey>
 set key for MD5\-keyed hashing
 .TP
-\fB\-L\fR,\ \-\-rule\-benchmark
-benchmark for rules
-.TP
 \fB\-N\fR,\ \-\-print\-plugins
 print available plugins and exit (\fB\-NN\fR for verbose)
 .TP
-\fB\-O\fR,\ \-\-optimize
-optimize policy script
-.TP
 \fB\-P\fR,\ \-\-prime\-dns
 prime DNS
 .TP
@@ -120,7 +108,7 @@ Record process status in file
 \fB\-W\fR,\ \-\-watchdog
 activate watchdog timer
 .TP
-\fB\-X\fR,\ \-\-broxygen
+\fB\-X\fR,\ \-\-broxygen <cfgfile>
 generate documentation based on config file
 .TP
 \fB\-\-pseudo\-realtime[=\fR<speedup>]
@@ -131,6 +119,19 @@ load seeds from given file
 .TP
 \fB\-\-save\-seeds\fR <file>
 save seeds to given file
+.TP
+The following option is available only when Bro is built with the \-\-enable\-debug configure option:
+.TP
+\fB\-B\fR,\ \-\-debug <dbgstreams>
+Enable debugging output for selected streams ('-B help' for help)
+.TP
+The following options are available only when Bro is built with gperftools support (use the \-\-enable\-perftools and \-\-enable\-perftools\-debug configure options):
+.TP
+\fB\-m\fR,\ \-\-mem-leaks
+show leaks
+.TP
+\fB\-M\fR,\ \-\-mem-profile
+record heap
 .SH ENVIRONMENT
 .TP
 .B BROPATH
diff --git a/scripts/base/files/pe/README b/scripts/base/files/pe/README
new file mode 100644
index 0000000000..3ba2354717
--- /dev/null
+++ b/scripts/base/files/pe/README
@@ -0,0 +1 @@
+Support for Portable Executable (PE) file analysis.
diff --git a/scripts/base/frameworks/broker/README b/scripts/base/frameworks/broker/README
new file mode 100644
index 0000000000..11c2479d90
--- /dev/null
+++ b/scripts/base/frameworks/broker/README
@@ -0,0 +1,2 @@
+The Broker communication framework facilitates connecting to remote Bro
+instances to share state and transfer events.
diff --git a/scripts/base/frameworks/files/magic/general.sig b/scripts/base/frameworks/files/magic/general.sig
index eb38d39c8c..268412ff05 100644
--- a/scripts/base/frameworks/files/magic/general.sig
+++ b/scripts/base/frameworks/files/magic/general.sig
@@ -78,6 +78,12 @@ signature file-coldfusion {
 	file-magic /^([\x0d\x0a[:blank:]]*(<!--.*-->)?)*<(CFPARAM|CFSET|CFIF)/
 }
 
+# Adobe Flash Media Manifest
+signature file-f4m {
+	file-mime "application/f4m", 49
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<[mM][aA][nN][iI][fF][eE][sS][tT][\x0d\x0a[:blank:]]{1,}xmlns=\"http:\/\/ns\.adobe\.com\/f4m\//
+}
+
 # Microsoft LNK files
 signature file-lnk {
 	file-mime "application/x-ms-shortcut", 49
diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro
index 3e0faac21b..769136e6e6 100644
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@@ -6,9 +6,10 @@
 module Log;
 
 export {
-	## Type that defines an ID unique to each log stream. Scripts creating new log
-	## streams need to redef this enum to add their own specific log ID. The log ID
-	## implicitly determines the default name of the generated log file.
+	## Type that defines an ID unique to each log stream. Scripts creating new
+	## log streams need to redef this enum to add their own specific log ID.
+	## The log ID implicitly determines the default name of the generated log
+	## file.
 	type Log::ID: enum {
 		## Dummy place-holder.
 		UNKNOWN
@@ -20,25 +21,24 @@ export {
 	## If true, remote logging is by default enabled for all filters.
 	const enable_remote_logging = T &redef;
 
-	## Default writer to use if a filter does not specify
-	## anything else.
+	## Default writer to use if a filter does not specify anything else.
 	const default_writer = WRITER_ASCII &redef;
 
-	## Default separator between fields for logwriters.
-	## Can be overwritten by individual writers.
+	## Default separator to use between fields.
+	## Individual writers can use a different value.
 	const separator = "\t" &redef;
 
-	## Separator between set elements.
-	## Can be overwritten by individual writers.
+	## Default separator to use between elements of a set.
+	## Individual writers can use a different value.
 	const set_separator = "," &redef;
 
-	## String to use for empty fields. This should be different from
-	## *unset_field* to make the output unambiguous.
-	## Can be overwritten by individual writers.
+	## Default string to use for empty fields. This should be different
+	## from *unset_field* to make the output unambiguous.
+	## Individual writers can use a different value.
 	const empty_field = "(empty)" &redef;
 
-	## String to use for an unset &optional field.
-	## Can be overwritten by individual writers.
+	## Default string to use for an unset &optional field.
+	## Individual writers can use a different value.
 	const unset_field = "-" &redef;
 
 	## Type defining the content of a logging stream.
@@ -69,7 +69,7 @@ export {
 	##       If no ``path`` is defined for the filter, then the first call
 	##       to the function will contain an empty string.
 	##
-	## rec: An instance of the streams's ``columns`` type with its
+	## rec: An instance of the stream's ``columns`` type with its
 	##      fields set to the values to be logged.
 	##
 	## Returns: The path to be used for the filter.
@@ -87,7 +87,8 @@ export {
 		terminating: bool;	##< True if rotation occured due to Bro shutting down.
 	};
 
-	## Default rotation interval. Zero disables rotation.
+	## Default rotation interval to use for filters that do not specify
+	## an interval. Zero disables rotation.
 	##
 	## Note that this is overridden by the BroControl LogRotationInterval
 	## option.
@@ -122,8 +123,8 @@ export {
 		## Indicates whether a log entry should be recorded.
 		## If not given, all entries are recorded.
 		##
-		## rec: An instance of the streams's ``columns`` type with its
-		##      fields set to the values to logged.
+		## rec: An instance of the stream's ``columns`` type with its
+		##      fields set to the values to be logged.
 		##
 		## Returns: True if the entry is to be recorded.
 		pred: function(rec: any): bool &optional;
@@ -131,10 +132,10 @@ export {
 		## Output path for recording entries matching this
 		## filter.
 		##
-		## The specific interpretation of the string is up to
-		## the used writer, and may for example be the destination
+		## The specific interpretation of the string is up to the
+		## logging writer, and may for example be the destination
 		## file name. Generally, filenames are expected to be given
-		## without any extensions; writers will add appropiate
+		## without any extensions; writers will add appropriate
 		## extensions automatically.
 		##
 		## If this path is found to conflict with another filter's
@@ -151,7 +152,7 @@ export {
 		## easy to flood the disk by returning a new string for each
 		## connection.  Upon adding a filter to a stream, if neither
 		## ``path`` nor ``path_func`` is explicitly set by them, then
-		## :bro:see:`default_path_func` is used.
+		## :bro:see:`Log::default_path_func` is used.
 		##
 		## id: The ID associated with the log stream.
 		##
@@ -161,7 +162,7 @@ export {
 		##       then the first call to the function will contain an
 		##       empty string.
 		##
-		## rec: An instance of the streams's ``columns`` type with its
+		## rec: An instance of the stream's ``columns`` type with its
 		##      fields set to the values to be logged.
 		##
 		## Returns: The path to be used for the filter, which will be
@@ -185,7 +186,7 @@ export {
 		## If true, entries are passed on to remote peers.
 		log_remote: bool &default=enable_remote_logging;
 
-		## Rotation interval.
+		## Rotation interval. Zero disables rotation.
 		interv: interval &default=default_rotation_interval;
 
 		## Callback function to trigger for rotated files. If not set, the
@@ -215,9 +216,9 @@ export {
 
 	## Removes a logging stream completely, stopping all the threads.
 	##
-	## id: The ID enum to be associated with the new logging stream.
+	## id: The ID associated with the logging stream.
 	##
-	## Returns: True if a new stream was successfully removed.
+	## Returns: True if the stream was successfully removed.
 	##
 	## .. bro:see:: Log::create_stream
 	global remove_stream: function(id: ID) : bool;
diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.bro
index 5f59229f7f..c10c86145e 100644
--- a/scripts/base/frameworks/logging/writers/ascii.bro
+++ b/scripts/base/frameworks/logging/writers/ascii.bro
@@ -1,15 +1,15 @@
 ##! Interface for the ASCII log writer.  Redefinable options are available
 ##! to tweak the output format of ASCII logs.
 ##!
-##! The ASCII writer supports currently one writer-specific filter option via
-##! ``config``: setting ``tsv`` to the string ``T`` turns the output into
+##! The ASCII writer currently supports one writer-specific per-filter config
+##! option: setting ``tsv`` to the string ``T`` turns the output into
 ##! "tab-separated-value" mode where only a single header row with the column
 ##! names is printed out as meta information, with no "# fields" prepended; no
-##! other meta data gets included in that mode.
+##! other meta data gets included in that mode.  Example filter using this::
 ##!
-##! Example filter using this::
-##!
-##!    local my_filter: Log::Filter = [$name = "my-filter", $writer = Log::WRITER_ASCII, $config = table(["tsv"] = "T")];
+##!    local f: Log::Filter = [$name = "my-filter",
+##!                            $writer = Log::WRITER_ASCII,
+##!                            $config = table(["tsv"] = "T")];
 ##!
 
 module LogAscii;
@@ -29,6 +29,8 @@ export {
 	## Format of timestamps when writing out JSON. By default, the JSON
 	## formatter will use double values for timestamps which represent the
 	## number of seconds from the UNIX epoch.
+	##
+	## This option is also available as a per-filter ``$config`` option.
 	const json_timestamps: JSON::TimestampFormat = JSON::TS_EPOCH &redef;
 
 	## If true, include lines with log meta information such as column names
diff --git a/scripts/base/frameworks/logging/writers/sqlite.bro b/scripts/base/frameworks/logging/writers/sqlite.bro
index d73e95ac0a..f7ebd9130c 100644
--- a/scripts/base/frameworks/logging/writers/sqlite.bro
+++ b/scripts/base/frameworks/logging/writers/sqlite.bro
@@ -19,7 +19,7 @@ export {
 	const unset_field = Log::unset_field &redef;
 
 	## String to use for empty fields. This should be different from
-        ## *unset_field* to make the output unambiguous.
+	## *unset_field* to make the output unambiguous.
 	const empty_field = Log::empty_field &redef;
 }
 
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 2a8a2f7c04..15c04b1ef1 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -966,6 +966,11 @@ const tcp_max_above_hole_without_any_acks = 16384 &redef;
 ## .. bro:see:: tcp_max_initial_window tcp_max_above_hole_without_any_acks
 const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024 &redef;
 
+## Number of TCP segments to buffer beyond what's been acknowledged already
+## to detect retransmission inconsistencies. Zero disables any additonal
+## buffering.
+const tcp_max_old_segments = 0 &redef;
+
 ## For services without a handler, these sets define originator-side ports
 ## that still trigger reassembly.
 ##
diff --git a/scripts/base/protocols/ftp/gridftp.bro b/scripts/base/protocols/ftp/gridftp.bro
index 570d13d8dc..68be66d53a 100644
--- a/scripts/base/protocols/ftp/gridftp.bro
+++ b/scripts/base/protocols/ftp/gridftp.bro
@@ -86,7 +86,7 @@ event gridftp_possibility_timeout(c: connection)
 	{
 	# only remove if we did not already detect it and the connection
 	# is not yet at its end.
-	if ( "gridftp-data" !in c$service && ! c$conn?$service )
+	if ( "gridftp-data" !in c$service && ! (c?$conn && c$conn?$service) )
 		{
 		ConnThreshold::delete_bytes_threshold(c, size_threshold, T);
 		ConnThreshold::delete_bytes_threshold(c, size_threshold, F);
diff --git a/scripts/base/protocols/krb/README b/scripts/base/protocols/krb/README
new file mode 100644
index 0000000000..66c3228ad9
--- /dev/null
+++ b/scripts/base/protocols/krb/README
@@ -0,0 +1 @@
+Support for Kerberos protocol analysis.
diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.bro
index 6ab4fd2b2a..4a8bf46f42 100644
--- a/scripts/base/protocols/krb/main.bro
+++ b/scripts/base/protocols/krb/main.bro
@@ -1,4 +1,5 @@
-##! Implements base functionality for KRB analysis. Generates the krb.log file.
+##! Implements base functionality for KRB analysis. Generates the kerberos.log
+##! file.
 
 module KRB;
 
diff --git a/scripts/base/protocols/mysql/README b/scripts/base/protocols/mysql/README
new file mode 100644
index 0000000000..9f642b71c4
--- /dev/null
+++ b/scripts/base/protocols/mysql/README
@@ -0,0 +1 @@
+Support for MySQL protocol analysis.
diff --git a/scripts/base/protocols/radius/README b/scripts/base/protocols/radius/README
new file mode 100644
index 0000000000..5248f62e62
--- /dev/null
+++ b/scripts/base/protocols/radius/README
@@ -0,0 +1 @@
+Support for RADIUS protocol analysis.
diff --git a/scripts/base/protocols/rdp/README b/scripts/base/protocols/rdp/README
new file mode 100644
index 0000000000..19903d094c
--- /dev/null
+++ b/scripts/base/protocols/rdp/README
@@ -0,0 +1 @@
+Support for Remote Desktop Protocol (RDP) analysis.
diff --git a/scripts/base/protocols/sip/README b/scripts/base/protocols/sip/README
new file mode 100644
index 0000000000..6de9e6c9e9
--- /dev/null
+++ b/scripts/base/protocols/sip/README
@@ -0,0 +1 @@
+Support for Session Initiation Protocol (SIP) analysis.
diff --git a/scripts/base/protocols/ssh/README b/scripts/base/protocols/ssh/README
new file mode 100644
index 0000000000..54357e1fe6
--- /dev/null
+++ b/scripts/base/protocols/ssh/README
@@ -0,0 +1 @@
+Support for SSH protocol analysis.
diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro
index d8c0425ba5..2381c96fe8 100644
--- a/scripts/base/protocols/ssl/mozilla-ca-list.bro
+++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro
@@ -1,5 +1,5 @@
 # Don't edit!  This file is automatically generated.
-# Generated at: 2015-04-14 16:19:55 -0700
+# Generated at: 2015-06-02 11:50:31 -0400
 # Generated from: http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
 #
 # The original source file comes with this licensing statement:
@@ -11,6 +11,7 @@
 @load base/protocols/ssl
 module SSL;
 redef root_certs += {
+	["OU=Equifax Secure Certificate Authority,O=Equifax,C=US"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xA0\x03\x02\x01\x02\x02\x04\x35\xDE\xF4\xCF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x17\x0D\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC1\x5D\xB1\x58\x67\x08\x62\xEE\xA0\x9A\x2D\x1F\x08\x6D\x91\x14\x68\x98\x0A\x1E\xFE\xDA\x04\x6F\x13\x84\x62\x21\xC3\xD1\x7C\xCE\x9F\x05\xE0\xB8\x01\xF0\x4E\x34\xEC\xE2\x8A\x95\x04\x64\xAC\xF1\x6B\x53\x5F\x05\xB3\xCB\x67\x80\xBF\x42\x02\x8E\xFE\xDD\x01\x09\xEC\xE1\x00\x14\x4F\xFC\xFB\xF0\x0C\xDD\x43\xBA\x5B\x2B\xE1\x1F\x80\x70\x99\x15\x57\x93\x16\xF1\x0F\x97\x6A\xB7\xC2\x68\x23\x1C\xCC\x4D\x59\x30\xAC\x51\x1E\x3B\xAF\x2B\xD6\xEE\x63\x45\x7B\xC5\xD9\x5F\x50\xD2\xE3\x50\x0F\x3A\x88\xE7\xBF\x14\xFD\xE0\xC7\xB9\x02\x03\x01\x00\x01\xA3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1D\x1F\x04\x69\x30\x67\x30\x65\xA0\x63\xA0\x61\xA4\x5F\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x1A\x06\x03\x55\x1D\x10\x04\x13\x30\x11\x81\x0F\x32\x30\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1A\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0D\x30\x0B\x1B\x05\x56\x33\x2E\x30\x63\x03\x02\x06\xC0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x58\xCE\x29\xEA\xFC\xF7\xDE\xB5\xCE\x02\xB9\x17\xB5\x85\xD1\xB9\xE3\xE0\x95\xCC\x25\x31\x0D\x00\xA6\x92\x6E\x7F\xB6\x92\x63\x9E\x50\x95\xD1\x9A\x6F\xE4\x11\xDE\x63\x85\x6E\x98\xEE\xA8\xFF\x5A\xC8\xD3\x55\xB2\x66\x71\x57\xDE\xC0\x21\xEB\x3D\x2A\xA7\x23\x49\x01\x04\x86\x42\x7B\xFC\xEE\x7F\xA2\x16\x52\xB5\x67\x67\xD3\x40\xDB\x3B\x26\x58\xB2\x28\x77\x3D\xAE\x14\x77\x61\xD6\xFA\x2A\x66\x27\xA0\x0D\xFA\xA7\x73\x5C\xEA\x70\xF1\x94\x21\x65\x44\x5F\xFA\xFC\xEF\x29\x68\xA9\xA2\x87\x79\xEF\x79\xEF\x4F\xAC\x07\x77\x38",
 	["CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE"] = "\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0",
 	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x0F\x86\x26\xE6\x0D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x17\x0D\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA6\xCF\x24\x0E\xBE\x2E\x6F\x28\x99\x45\x42\xC4\xAB\x3E\x21\x54\x9B\x0B\xD3\x7F\x84\x70\xFA\x12\xB3\xCB\xBF\x87\x5F\xC6\x7F\x86\xD3\xB2\x30\x5C\xD6\xFD\xAD\xF1\x7B\xDC\xE5\xF8\x60\x96\x09\x92\x10\xF5\xD0\x53\xDE\xFB\x7B\x7E\x73\x88\xAC\x52\x88\x7B\x4A\xA6\xCA\x49\xA6\x5E\xA8\xA7\x8C\x5A\x11\xBC\x7A\x82\xEB\xBE\x8C\xE9\xB3\xAC\x96\x25\x07\x97\x4A\x99\x2A\x07\x2F\xB4\x1E\x77\xBF\x8A\x0F\xB5\x02\x7C\x1B\x96\xB8\xC5\xB9\x3A\x2C\xBC\xD6\x12\xB9\xEB\x59\x7D\xE2\xD0\x06\x86\x5F\x5E\x49\x6A\xB5\x39\x5E\x88\x34\xEC\xBC\x78\x0C\x08\x98\x84\x6C\xA8\xCD\x4B\xB4\xA0\x7D\x0C\x79\x4D\xF0\xB8\x2D\xCB\x21\xCA\xD5\x6C\x5B\x7D\xE1\xA0\x29\x84\xA1\xF9\xD3\x94\x49\xCB\x24\x62\x91\x20\xBC\xDD\x0B\xD5\xD9\xCC\xF9\xEA\x27\x0A\x2B\x73\x91\xC6\x9D\x1B\xAC\xC8\xCB\xE8\xE0\xA0\xF4\x2F\x90\x8B\x4D\xFB\xB0\x36\x1B\xF6\x19\x7A\x85\xE0\x6D\xF2\x61\x13\x88\x5C\x9F\xE0\x93\x0A\x51\x97\x8A\x5A\xCE\xAF\xAB\xD5\xF7\xAA\x09\xAA\x60\xBD\xDC\xD9\x5F\xDF\x72\xA9\x60\x13\x5E\x00\x01\xC9\x4A\xFA\x3F\xA4\xEA\x07\x03\x21\x02\x8E\x82\xCA\x03\xC2\x9B\x8F\x02\x03\x01\x00\x01\xA3\x81\x9C\x30\x81\x99\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x36\x06\x03\x55\x1D\x1F\x04\x2F\x30\x2D\x30\x2B\xA0\x29\xA0\x27\x86\x25\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x67\x6C\x6F\x62\x61\x6C\x73\x69\x67\x6E\x2E\x6E\x65\x74\x2F\x72\x6F\x6F\x74\x2D\x72\x32\x2E\x63\x72\x6C\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x99\x81\x53\x87\x1C\x68\x97\x86\x91\xEC\xE0\x4A\xB8\x44\x0B\xAB\x81\xAC\x27\x4F\xD6\xC1\xB8\x1C\x43\x78\xB3\x0C\x9A\xFC\xEA\x2C\x3C\x6E\x61\x1B\x4D\x4B\x29\xF5\x9F\x05\x1D\x26\xC1\xB8\xE9\x83\x00\x62\x45\xB6\xA9\x08\x93\xB9\xA9\x33\x4B\x18\x9A\xC2\xF8\x87\x88\x4E\xDB\xDD\x71\x34\x1A\xC1\x54\xDA\x46\x3F\xE0\xD3\x2A\xAB\x6D\x54\x22\xF5\x3A\x62\xCD\x20\x6F\xBA\x29\x89\xD7\xDD\x91\xEE\xD3\x5C\xA2\x3E\xA1\x5B\x41\xF5\xDF\xE5\x64\x43\x2D\xE9\xD5\x39\xAB\xD2\xA2\xDF\xB7\x8B\xD0\xC0\x80\x19\x1C\x45\xC0\x2D\x8C\xE8\xF8\x2D\xA4\x74\x56\x49\xC5\x05\xB5\x4F\x15\xDE\x6E\x44\x78\x39\x87\xA8\x7E\xBB\xF3\x79\x18\x91\xBB\xF4\x6F\x9D\xC1\xF0\x8C\x35\x8C\x5D\x01\xFB\xC3\x6D\xB9\xEF\x44\x6D\x79\x46\x31\x7E\x0A\xFE\xA9\x82\xC1\xFF\xEF\xAB\x6E\x20\xC4\x50\xC9\x5F\x9D\x4D\x9B\x17\x8C\x0C\xE5\x01\xC9\xA0\x41\x6A\x73\x53\xFA\xA5\x50\xB4\x6E\x25\x0F\xFB\x4C\x18\xF4\xFD\x52\xD9\x8E\x69\xB1\xE8\x11\x0F\xDE\x88\xD8\xFB\x1D\x49\xF7\xAA\xDE\x95\xCF\x20\x78\xC2\x60\x12\xDB\x25\x40\x8C\x6A\xFC\x7E\x42\x38\x40\x64\x12\xF7\x9E\x81\xE1\x93\x2E",
 	["CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\x9B\x7E\x06\x49\xA3\x3E\x62\xB9\xD5\xEE\x90\x48\x71\x29\xEF\x57\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCB\xBA\x9C\x52\xFC\x78\x1F\x1A\x1E\x6F\x1B\x37\x73\xBD\xF8\xC9\x6B\x94\x12\x30\x4F\xF0\x36\x47\xF5\xD0\x91\x0A\xF5\x17\xC8\xA5\x61\xC1\x16\x40\x4D\xFB\x8A\x61\x90\xE5\x76\x20\xC1\x11\x06\x7D\xAB\x2C\x6E\xA6\xF5\x11\x41\x8E\xFA\x2D\xAD\x2A\x61\x59\xA4\x67\x26\x4C\xD0\xE8\xBC\x52\x5B\x70\x20\x04\x58\xD1\x7A\xC9\xA4\x69\xBC\x83\x17\x64\xAD\x05\x8B\xBC\xD0\x58\xCE\x8D\x8C\xF5\xEB\xF0\x42\x49\x0B\x9D\x97\x27\x67\x32\x6E\xE1\xAE\x93\x15\x1C\x70\xBC\x20\x4D\x2F\x18\xDE\x92\x88\xE8\x6C\x85\x57\x11\x1A\xE9\x7E\xE3\x26\x11\x54\xA2\x45\x96\x55\x83\xCA\x30\x89\xE8\xDC\xD8\xA3\xED\x2A\x80\x3F\x7F\x79\x65\x57\x3E\x15\x20\x66\x08\x2F\x95\x93\xBF\xAA\x47\x2F\xA8\x46\x97\xF0\x12\xE2\xFE\xC2\x0A\x2B\x51\xE6\x76\xE6\xB7\x46\xB7\xE2\x0D\xA6\xCC\xA8\xC3\x4C\x59\x55\x89\xE6\xE8\x53\x5C\x1C\xEA\x9D\xF0\x62\x16\x0B\xA7\xC9\x5F\x0C\xF0\xDE\xC2\x76\xCE\xAF\xF7\x6A\xF2\xFA\x41\xA6\xA2\x33\x14\xC9\xE5\x7A\x63\xD3\x9E\x62\x37\xD5\x85\x65\x9E\x0E\xE6\x53\x24\x74\x1B\x5E\x1D\x12\x53\x5B\xC7\x2C\xE7\x83\x49\x3B\x15\xAE\x8A\x68\xB9\x57\x97\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x11\x14\x96\xC1\xAB\x92\x08\xF7\x3F\x2F\xC9\xB2\xFE\xE4\x5A\x9F\x64\xDE\xDB\x21\x4F\x86\x99\x34\x76\x36\x57\xDD\xD0\x15\x2F\xC5\xAD\x7F\x15\x1F\x37\x62\x73\x3E\xD4\xE7\x5F\xCE\x17\x03\xDB\x35\xFA\x2B\xDB\xAE\x60\x09\x5F\x1E\x5F\x8F\x6E\xBB\x0B\x3D\xEA\x5A\x13\x1E\x0C\x60\x6F\xB5\xC0\xB5\x23\x22\x2E\x07\x0B\xCB\xA9\x74\xCB\x47\xBB\x1D\xC1\xD7\xA5\x6B\xCC\x2F\xD2\x42\xFD\x49\xDD\xA7\x89\xCF\x53\xBA\xDA\x00\x5A\x28\xBF\x82\xDF\xF8\xBA\x13\x1D\x50\x86\x82\xFD\x8E\x30\x8F\x29\x46\xB0\x1E\x3D\x35\xDA\x38\x62\x16\x18\x4A\xAD\xE6\xB6\x51\x6C\xDE\xAF\x62\xEB\x01\xD0\x1E\x24\xFE\x7A\x8F\x12\x1A\x12\x68\xB8\xFB\x66\x99\x14\x14\x45\x5C\xAE\xE7\xAE\x69\x17\x81\x2B\x5A\x37\xC9\x5E\x2A\xF4\xC6\xE2\xA1\x5C\x54\x9B\xA6\x54\x00\xCF\xF0\xF1\xC1\xC7\x98\x30\x1A\x3B\x36\x16\xDB\xA3\x6E\xEA\xFD\xAD\xB2\xC2\xDA\xEF\x02\x47\x13\x8A\xC0\xF1\xB3\x31\xAD\x4F\x1C\xE1\x4F\x9C\xAF\x0F\x0C\x9D\xF7\x78\x0D\xD8\xF4\x35\x56\x80\xDA\xB7\x6D\x17\x8F\x9D\x1E\x81\x64\xE1\xFE\xC5\x45\xBA\xAD\x6B\xB9\x0A\x7A\x4E\x4F\x4B\x84\xEE\x4B\xF1\x7D\xDD\x11",
@@ -100,7 +101,6 @@ redef root_certs += {
 	["CN=SecureSign RootCA11,O=Japan Certification Services\, Inc.,C=JP"] = "\x30\x82\x03\x6D\x30\x82\x02\x55\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x13\x22\x4A\x61\x70\x61\x6E\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x31\x30\x1E\x17\x0D\x30\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5A\x17\x0D\x32\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5A\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x13\x22\x4A\x61\x70\x61\x6E\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xFD\x77\xAA\xA5\x1C\x90\x05\x3B\xCB\x4C\x9B\x33\x8B\x5A\x14\x45\xA4\xE7\x90\x16\xD1\xDF\x57\xD2\x21\x10\xA4\x17\xFD\xDF\xAC\xD6\x1F\xA7\xE4\xDB\x7C\xF7\xEC\xDF\xB8\x03\xDA\x94\x58\xFD\x5D\x72\x7C\x8C\x3F\x5F\x01\x67\x74\x15\x96\xE3\x02\x3C\x87\xDB\xAE\xCB\x01\x8E\xC2\xF3\x66\xC6\x85\x45\xF4\x02\xC6\x3A\xB5\x62\xB2\xAF\xFA\x9C\xBF\xA4\xE6\xD4\x80\x30\x98\xF3\x0D\xB6\x93\x8F\xA9\xD4\xD8\x36\xF2\xB0\xFC\x8A\xCA\x2C\xA1\x15\x33\x95\x31\xDA\xC0\x1B\xF2\xEE\x62\x99\x86\x63\x3F\xBF\xDD\x93\x2A\x83\xA8\x76\xB9\x13\x1F\xB7\xCE\x4E\x42\x85\x8F\x22\xE7\x2E\x1A\xF2\x95\x09\xB2\x05\xB5\x44\x4E\x77\xA1\x20\xBD\xA9\xF2\x4E\x0A\x7D\x50\xAD\xF5\x05\x0D\x45\x4F\x46\x71\xFD\x28\x3E\x53\xFB\x04\xD8\x2D\xD7\x65\x1D\x4A\x1B\xFA\xCF\x3B\xB0\x31\x9A\x35\x6E\xC8\x8B\x06\xD3\x00\x91\xF2\x94\x08\x65\x4C\xB1\x34\x06\x00\x7A\x89\xE2\xF0\xC7\x03\x59\xCF\xD5\xD6\xE8\xA7\x32\xB3\xE6\x98\x40\x86\xC5\xCD\x27\x12\x8B\xCC\x7B\xCE\xB7\x11\x3C\x62\x60\x07\x23\x3E\x2B\x40\x6E\x94\x80\x09\x6D\xB6\xB3\x6F\x77\x6F\x35\x08\x50\xFB\x02\x87\xC5\x3E\x89\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x5B\xF8\x4D\x4F\xB2\xA5\x86\xD4\x3A\xD2\xF1\x63\x9A\xA0\xBE\x09\xF6\x57\xB7\xDE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA0\xA1\x38\x16\x66\x2E\xA7\x56\x1F\x21\x9C\x06\xFA\x1D\xED\xB9\x22\xC5\x38\x26\xD8\x4E\x4F\xEC\xA3\x7F\x79\xDE\x46\x21\xA1\x87\x77\x8F\x07\x08\x9A\xB2\xA4\xC5\xAF\x0F\x32\x98\x0B\x7C\x66\x29\xB6\x9B\x7D\x25\x52\x49\x43\xAB\x4C\x2E\x2B\x6E\x7A\x70\xAF\x16\x0E\xE3\x02\x6C\xFB\x42\xE6\x18\x9D\x45\xD8\x55\xC8\xE8\x3B\xDD\xE7\xE1\xF4\x2E\x0B\x1C\x34\x5C\x6C\x58\x4A\xFB\x8C\x88\x50\x5F\x95\x1C\xBF\xED\xAB\x22\xB5\x65\xB3\x85\xBA\x9E\x0F\xB8\xAD\xE5\x7A\x1B\x8A\x50\x3A\x1D\xBD\x0D\xBC\x7B\x54\x50\x0B\xB9\x42\xAF\x55\xA0\x18\x81\xAD\x65\x99\xEF\xBE\xE4\x9C\xBF\xC4\x85\xAB\x41\xB2\x54\x6F\xDC\x25\xCD\xED\x78\xE2\x8E\x0C\x8D\x09\x49\xDD\x63\x7B\x5A\x69\x96\x02\x21\xA8\xBD\x52\x59\xE9\x7D\x35\xCB\xC8\x52\xCA\x7F\x81\xFE\xD9\x6B\xD3\xF7\x11\xED\x25\xDF\xF8\xE7\xF9\xA4\xFA\x72\x97\x84\x53\x0D\xA5\xD0\x32\x18\x51\x76\x59\x14\x6C\x0F\xEB\xEC\x5F\x80\x8C\x75\x43\x83\xC3\x85\x98\xFF\x4C\x9E\x2D\x0D\xE4\x77\x83\x93\x4E\xB5\x96\x07\x8B\x28\x13\x9B\x8C\x19\x8D\x41\x27\x49\x40\xEE\xDE\xE6\x23\x44\x39\xDC\xA1\x22\xD6\xBA\x03\xF2",
 	["C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root"] = "\x30\x82\x05\xB5\x30\x82\x03\x9D\xA0\x03\x02\x01\x02\x02\x08\x61\x8D\xC7\x86\x3B\x01\x82\x05\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0C\x0D\x41\x43\x45\x44\x49\x43\x4F\x4D\x20\x52\x6F\x6F\x74\x31\x0C\x30\x0A\x06\x03\x55\x04\x0B\x0C\x03\x50\x4B\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x0C\x06\x45\x44\x49\x43\x4F\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x1E\x17\x0D\x30\x38\x30\x34\x31\x38\x31\x36\x32\x34\x32\x32\x5A\x17\x0D\x32\x38\x30\x34\x31\x33\x31\x36\x32\x34\x32\x32\x5A\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0C\x0D\x41\x43\x45\x44\x49\x43\x4F\x4D\x20\x52\x6F\x6F\x74\x31\x0C\x30\x0A\x06\x03\x55\x04\x0B\x0C\x03\x50\x4B\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x0C\x06\x45\x44\x49\x43\x4F\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xFF\x92\x95\xE1\x68\x06\x76\xB4\x2C\xC8\x58\x48\xCA\xFD\x80\x54\x29\x55\x63\x24\xFF\x90\x65\x9B\x10\x75\x7B\xC3\x6A\xDB\x62\x02\x01\xF2\x18\x86\xB5\x7C\x5A\x38\xB1\xE4\x58\xB9\xFB\xD3\xD8\x2D\x9F\xBD\x32\x37\xBF\x2C\x15\x6D\xBE\xB5\xF4\x21\xD2\x13\x91\xD9\x07\xAD\x01\x05\xD6\xF3\xBD\x77\xCE\x5F\x42\x81\x0A\xF9\x6A\xE3\x83\x00\xA8\x2B\x2E\x55\x13\x63\x81\xCA\x47\x1C\x7B\x5C\x16\x57\x7A\x1B\x83\x60\x04\x3A\x3E\x65\xC3\xCD\x01\xDE\xDE\xA4\xD6\x0C\xBA\x8E\xDE\xD9\x04\xEE\x17\x56\x22\x9B\x8F\x63\xFD\x4D\x16\x0B\xB7\x7B\x77\x8C\xF9\x25\xB5\xD1\x6D\x99\x12\x2E\x4F\x1A\xB8\xE6\xEA\x04\x92\xAE\x3D\x11\xB9\x51\x42\x3D\x87\xB0\x31\x85\xAF\x79\x5A\x9C\xFE\xE7\x4E\x5E\x92\x4F\x43\xFC\xAB\x3A\xAD\xA5\x12\x26\x66\xB9\xE2\x0C\xD7\x98\xCE\xD4\x58\xA5\x95\x40\x0A\xB7\x44\x9D\x13\x74\x2B\xC2\xA5\xEB\x22\x15\x98\x10\xD8\x8B\xC5\x04\x9F\x1D\x8F\x60\xE5\x06\x1B\x9B\xCF\xB9\x79\xA0\x3D\xA2\x23\x3F\x42\x3F\x6B\xFA\x1C\x03\x7B\x30\x8D\xCE\x6C\xC0\xBF\xE6\x1B\x5F\xBF\x67\xB8\x84\x19\xD5\x15\xEF\x7B\xCB\x90\x36\x31\x62\xC9\xBC\x02\xAB\x46\x5F\x9B\xFE\x1A\x68\x94\x34\x3D\x90\x8E\xAD\xF6\xE4\x1D\x09\x7F\x4A\x88\x38\x3F\xBE\x67\xFD\x34\x96\xF5\x1D\xBC\x30\x74\xCB\x38\xEE\xD5\x6C\xAB\xD4\xFC\xF4\x00\xB7\x00\x5B\x85\x32\x16\x76\x33\xE9\xD8\xA3\x99\x9D\x05\x00\xAA\x16\xE6\xF3\x81\x7D\x6F\x7D\xAA\x86\x6D\xAD\x15\x74\xD3\xC4\xA2\x71\xAA\xF4\x14\x7D\xE7\x32\xB8\x1F\xBC\xD5\xF1\x4E\xBD\x6F\x17\x02\x39\xD7\x0E\x95\x42\x3A\xC7\x00\x3E\xE9\x26\x63\x11\xEA\x0B\xD1\x4A\xFF\x18\x9D\xB2\xD7\x7B\x2F\x3A\xD9\x96\xFB\xE8\x1E\x92\xAE\x13\x55\xC8\xD9\x27\xF6\xDC\x48\x1B\xB0\x24\xC1\x85\xE3\x77\x9D\x9A\xA4\xF3\x0C\x11\x1D\x0D\xC8\xB4\x14\xEE\xB5\x82\x57\x09\xBF\x20\x58\x7F\x2F\x22\x23\xD8\x70\xCB\x79\x6C\xC9\x4B\xF2\xA9\x2A\xC8\xFC\x87\x2B\xD7\x1A\x50\xF8\x27\xE8\x2F\x43\xE3\x3A\xBD\xD8\x57\x71\xFD\xCE\xA6\x52\x5B\xF9\xDD\x4D\xED\xE5\xF6\x6F\x89\xED\xBB\x93\x9C\x76\x21\x75\xF0\x92\x4C\x29\xF7\x2F\x9C\x01\x2E\xFE\x50\x46\x9E\x64\x0C\x14\xB3\x07\x5B\xC5\xC2\x73\x6C\xF1\x07\x5C\x45\x24\x14\x35\xAE\x83\xF1\x6A\x4D\x89\x7A\xFA\xB3\xD8\x2D\x66\xF0\x36\x87\xF5\x2B\x53\x02\x03\x01\x00\x01\xA3\x81\xAA\x30\x81\xA7\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xA6\xB3\xE1\x2B\x2B\x49\xB6\xD7\x73\xA1\xAA\x94\xF5\x01\xE7\x73\x65\x4C\xAC\x50\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA6\xB3\xE1\x2B\x2B\x49\xB6\xD7\x73\xA1\xAA\x94\xF5\x01\xE7\x73\x65\x4C\xAC\x50\x30\x44\x06\x03\x55\x1D\x20\x04\x3D\x30\x3B\x30\x39\x06\x04\x55\x1D\x20\x00\x30\x31\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x61\x63\x65\x64\x69\x63\x6F\x6D\x2E\x65\x64\x69\x63\x6F\x6D\x67\x72\x6F\x75\x70\x2E\x63\x6F\x6D\x2F\x64\x6F\x63\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\xCE\x2C\x0B\x52\x51\x62\x26\x7D\x0C\x27\x83\x8F\xC5\xF6\xDA\xA0\x68\x7B\x4F\x92\x5E\xEA\xA4\x73\x32\x11\x53\x44\xB2\x44\xCB\x9D\xEC\x0F\x79\x42\xB3\x10\xA6\xC7\x0D\x9D\xCB\xB6\xFA\x3F\x3A\x7C\xEA\xBF\x88\x53\x1B\x3C\xF7\x82\xFA\x05\x35\x33\xE1\x35\xA8\x57\xC0\xE7\xFD\x8D\x4F\x3F\x93\x32\x4F\x78\x66\x03\x77\x07\x58\xE9\x95\xC8\x7E\x3E\xD0\x79\x00\x8C\xF2\x1B\x51\x33\x9B\xBC\x94\xE9\x3A\x7B\x6E\x52\x2D\x32\x9E\x23\xA4\x45\xFB\xB6\x2E\x13\xB0\x8B\x18\xB1\xDD\xCE\xD5\x1D\xA7\x42\x7F\x55\xBE\xFB\x5B\xBB\x47\xD4\xFC\x24\xCD\x04\xAE\x96\x05\x15\xD6\xAC\xCE\x30\xF3\xCA\x0B\xC5\xBA\xE2\x22\xE0\xA6\xAD\x22\xE4\x02\xEE\x74\x11\x7F\x4C\xFF\x78\x1D\x35\xDA\xE6\x02\x34\xEB\x18\x12\x61\x77\x06\x09\x16\x63\xEA\x18\xAD\xA2\x87\x1F\xF2\xC7\x80\x09\x09\x75\x4E\x10\xA8\x8F\x3D\x86\xB8\x75\x11\xC0\x24\x62\x8A\x96\x7B\x4A\x45\xE9\xEC\x59\xC5\xBE\x6B\x83\xE6\xE1\xE8\xAC\xB5\x30\x1E\xFE\x05\x07\x80\xF9\xE1\x23\x0D\x50\x8F\x05\x98\xFF\x2C\x5F\xE8\x3B\xB6\xAD\xCF\x81\xB5\x21\x87\xCA\x08\x2A\x23\x27\x30\x20\x2B\xCF\xED\x94\x5B\xAC\xB2\x7A\xD2\xC7\x28\xA1\x8A\x0B\x9B\x4D\x4A\x2C\x6D\x85\x3F\x09\x72\x3C\x67\xE2\xD9\xDC\x07\xBA\xEB\x65\x7B\x5A\x01\x63\xD6\x90\x5B\x4F\x17\x66\x3D\x7F\x0B\x19\xA3\x93\x63\x10\x52\x2A\x9F\x14\x16\x58\xE2\xDC\xA5\xF4\xA1\x16\x8B\x0E\x91\x8B\x81\xCA\x9B\x59\xFA\xD8\x6B\x91\x07\x65\x55\x5F\x52\x1F\xAF\x3A\xFB\x90\xDD\x69\xA5\x5B\x9C\x6D\x0E\x2C\xB6\xFA\xCE\xAC\xA5\x7C\x32\x4A\x67\x40\xDC\x30\x34\x23\xDD\xD7\x04\x23\x66\xF0\xFC\x55\x80\xA7\xFB\x66\x19\x82\x35\x67\x62\x70\x39\x5E\x6F\xC7\xEA\x90\x40\x44\x08\x1E\xB8\xB2\xD6\xDB\xEE\x59\xA7\x0D\x18\x79\x34\xBC\x54\x18\x5E\x53\xCA\x34\x51\xED\x45\x0A\xE6\x8E\xC7\x82\x36\x3E\xA7\x38\x63\xA9\x30\x2C\x17\x10\x60\x92\x9F\x55\x87\x12\x59\x10\xC2\x0F\x67\x69\x11\xCC\x4E\x1E\x7E\x4A\x9A\xAD\xAF\x40\xA8\x75\xAC\x56\x90\x74\xB8\xA0\x9C\xA5\x79\x6F\xDC\xE9\x1A\xC8\x69\x05\xE9\xBA\xFA\x03\xB3\x7C\xE4\xE0\x4E\xC2\xCE\x9D\xE8\xB6\x46\x0D\x6E\x7E\x57\x3A\x67\x94\xC2\xCB\x1F\x9C\x77\x4A\x67\x4E\x69\x86\x43\x93\x38\xFB\xB6\xDB\x4F\x83\x91\xD4\x60\x7E\x4B\x3E\x2B\x38\x07\x55\x98\x5E\xA4",
 	["emailAddress=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU"] = "\x30\x82\x04\x0A\x30\x82\x02\xF2\xA0\x03\x02\x01\x02\x02\x09\x00\xC2\x7E\x43\x04\x4E\x47\x3F\x19\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x0C\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1F\x30\x1D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x1E\x17\x0D\x30\x39\x30\x36\x31\x36\x31\x31\x33\x30\x31\x38\x5A\x17\x0D\x32\x39\x31\x32\x33\x30\x31\x31\x33\x30\x31\x38\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x0C\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1F\x30\x1D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE9\xF8\x8F\xF3\x63\xAD\xDA\x86\xD8\xA7\xE0\x42\xFB\xCF\x91\xDE\xA6\x26\xF8\x99\xA5\x63\x70\xAD\x9B\xAE\xCA\x33\x40\x7D\x6D\x96\x6E\xA1\x0E\x44\xEE\xE1\x13\x9D\x94\x42\x52\x9A\xBD\x75\x85\x74\x2C\xA8\x0E\x1D\x93\xB6\x18\xB7\x8C\x2C\xA8\xCF\xFB\x5C\x71\xB9\xDA\xEC\xFE\xE8\x7E\x8F\xE4\x2F\x1D\xB2\xA8\x75\x87\xD8\xB7\xA1\xE5\x3B\xCF\x99\x4A\x46\xD0\x83\x19\x7D\xC0\xA1\x12\x1C\x95\x6D\x4A\xF4\xD8\xC7\xA5\x4D\x33\x2E\x85\x39\x40\x75\x7E\x14\x7C\x80\x12\x98\x50\xC7\x41\x67\xB8\xA0\x80\x61\x54\xA6\x6C\x4E\x1F\xE0\x9D\x0E\x07\xE9\xC9\xBA\x33\xE7\xFE\xC0\x55\x28\x2C\x02\x80\xA7\x19\xF5\x9E\xDC\x55\x53\x03\x97\x7B\x07\x48\xFF\x99\xFB\x37\x8A\x24\xC4\x59\xCC\x50\x10\x63\x8E\xAA\xA9\x1A\xB0\x84\x1A\x86\xF9\x5F\xBB\xB1\x50\x6E\xA4\xD1\x0A\xCC\xD5\x71\x7E\x1F\xA7\x1B\x7C\xF5\x53\x6E\x22\x5F\xCB\x2B\xE6\xD4\x7C\x5D\xAE\xD6\xC2\xC6\x4C\xE5\x05\x01\xD9\xED\x57\xFC\xC1\x23\x79\xFC\xFA\xC8\x24\x83\x95\xF3\xB5\x6A\x51\x01\xD0\x77\xD6\xE9\x12\xA1\xF9\x1A\x83\xFB\x82\x1B\xB9\xB0\x97\xF4\x76\x06\x33\x43\x49\xA0\xFF\x0B\xB5\xFA\xB5\x02\x03\x01\x00\x01\xA3\x81\x80\x30\x7E\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xCB\x0F\xC6\xDF\x42\x43\xCC\x3D\xCB\xB5\x48\x23\xA1\x1A\x7A\xA6\x2A\xBB\x34\x68\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xCB\x0F\xC6\xDF\x42\x43\xCC\x3D\xCB\xB5\x48\x23\xA1\x1A\x7A\xA6\x2A\xBB\x34\x68\x30\x1B\x06\x03\x55\x1D\x11\x04\x14\x30\x12\x81\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\xC9\xD1\x0E\x5E\x2E\xD5\xCC\xB3\x7C\x3E\xCB\xFC\x3D\xFF\x0D\x28\x95\x93\x04\xC8\xBF\xDA\xCD\x79\xB8\x43\x90\xF0\xA4\xBE\xEF\xF2\xEF\x21\x98\xBC\xD4\xD4\x5D\x06\xF6\xEE\x42\xEC\x30\x6C\xA0\xAA\xA9\xCA\xF1\xAF\x8A\xFA\x3F\x0B\x73\x6A\x3E\xEA\x2E\x40\x7E\x1F\xAE\x54\x61\x79\xEB\x2E\x08\x37\xD7\x23\xF3\x8C\x9F\xBE\x1D\xB1\xE1\xA4\x75\xDB\xA0\xE2\x54\x14\xB1\xBA\x1C\x29\xA4\x18\xF6\x12\xBA\xA2\x14\x14\xE3\x31\x35\xC8\x40\xFF\xB7\xE0\x05\x76\x57\xC1\x1C\x59\xF2\xF8\xBF\xE4\xED\x25\x62\x5C\x84\xF0\x7E\x7E\x1F\xB3\xBE\xF9\xB7\x21\x11\xCC\x03\x01\x56\x70\xA7\x10\x92\x1E\x1B\x34\x81\x1E\xAD\x9C\x1A\xC3\x04\x3C\xED\x02\x61\xD6\x1E\x06\xF3\x5F\x3A\x87\xF2\x2B\xF1\x45\x87\xE5\x3D\xAC\xD1\xC7\x57\x84\xBD\x6B\xAE\xDC\xD8\xF9\xB6\x1B\x62\x70\x0B\x3D\x36\xC9\x42\xF2\x32\xD7\x7A\x61\xE6\xD2\xDB\x3D\xCF\xC8\xA9\xC9\x9B\xDC\xDB\x58\x44\xD7\x6F\x38\xAF\x7F\x78\xD3\xA3\xAD\x1A\x75\xBA\x1C\xC1\x36\x7C\x8F\x1E\x6D\x1C\xC3\x75\x46\xAE\x35\x05\xA6\xF6\x5C\x3D\x21\xEE\x56\xF0\xC9\x82\x22\x2D\x7A\x54\xAB\x70\xC3\x7D\x22\x65\x82\x70\x96",
-	["CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi,O=Elektronik Bilgi Guvenligi A.S.,C=TR"] = "\x30\x82\x03\xB6\x30\x82\x02\x9E\xA0\x03\x02\x01\x02\x02\x10\x44\x99\x8D\x3C\xC0\x03\x27\xBD\x9C\x76\x95\xB9\xEA\xDB\xAC\xB5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0A\x13\x1F\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x42\x69\x6C\x67\x69\x20\x47\x75\x76\x65\x6E\x6C\x69\x67\x69\x20\x41\x2E\x53\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x03\x13\x33\x65\x2D\x47\x75\x76\x65\x6E\x20\x4B\x6F\x6B\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\x67\x6C\x61\x79\x69\x63\x69\x73\x69\x30\x1E\x17\x0D\x30\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5A\x17\x0D\x31\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0A\x13\x1F\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x42\x69\x6C\x67\x69\x20\x47\x75\x76\x65\x6E\x6C\x69\x67\x69\x20\x41\x2E\x53\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x03\x13\x33\x65\x2D\x47\x75\x76\x65\x6E\x20\x4B\x6F\x6B\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\x67\x6C\x61\x79\x69\x63\x69\x73\x69\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC3\x12\x20\x9E\xB0\x5E\x00\x65\x8D\x4E\x46\xBB\x80\x5C\xE9\x2C\x06\x97\xD5\xF3\x72\xC9\x70\xB9\xE7\x4B\x65\x80\xC1\x4B\xBE\x7E\x3C\xD7\x54\x31\x94\xDE\xD5\x12\xBA\x53\x16\x02\xEA\x58\x63\xEF\x5B\xD8\xF3\xED\x2A\x1A\xAA\x71\x48\xA3\xDC\x10\x2D\x5F\x5F\xEB\x5C\x4B\x9C\x96\x08\x42\x25\x28\x11\xCC\x8A\x5A\x62\x01\x50\xD5\xEB\x09\x53\x2F\xF8\xC3\x8F\xFE\xB3\xFC\xFD\x9D\xA2\xE3\x5F\x7D\xBE\xED\x0B\xE0\x60\xEB\x69\xEC\x33\xED\xD8\x8D\xFB\x12\x49\x83\x00\xC9\x8B\x97\x8C\x3B\x73\x2A\x32\xB3\x12\xF7\xB9\x4D\xF2\xF4\x4D\x6D\xC7\xE6\xD6\x26\x37\x08\xF2\xD9\xFD\x6B\x5C\xA3\xE5\x48\x5C\x58\xBC\x42\xBE\x03\x5A\x81\xBA\x1C\x35\x0C\x00\xD3\xF5\x23\x7E\x71\x30\x08\x26\x38\xDC\x25\x11\x47\x2D\xF3\xBA\x23\x10\xA5\xBF\xBC\x02\xF7\x43\x5E\xC7\xFE\xB0\x37\x50\x99\x7B\x0F\x93\xCE\xE6\x43\x2C\xC3\x7E\x0D\xF2\x1C\x43\x66\x60\xCB\x61\x31\x47\x87\xA3\x4F\xAE\xBD\x56\x6C\x4C\xBC\xBC\xF8\x05\xCA\x64\xF4\xE9\x34\xA1\x2C\xB5\x73\xE1\xC2\x3E\xE8\xC8\xC9\x34\x25\x08\x5C\xF3\xED\xA6\xC7\x94\x9F\xAD\x88\x43\x25\xD7\xE1\x39\x60\xFE\xAC\x39\x59\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9F\xEE\x44\xB3\x94\xD5\xFA\x91\x4F\x2E\xD9\x55\x9A\x04\x56\xDB\x2D\xC4\xDB\xA5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7F\x5F\xB9\x53\x5B\x63\x3D\x75\x32\xE7\xFA\xC4\x74\x1A\xCB\x46\xDF\x46\x69\x1C\x52\xCF\xAA\x4F\xC2\x68\xEB\xFF\x80\xA9\x51\xE8\x3D\x62\x77\x89\x3D\x0A\x75\x39\xF1\x6E\x5D\x17\x87\x6F\x68\x05\xC1\x94\x6C\xD9\x5D\xDF\xDA\xB2\x59\xCB\xA5\x10\x8A\xCA\xCC\x39\xCD\x9F\xEB\x4E\xDE\x52\xFF\x0C\xF0\xF4\x92\xA9\xF2\x6C\x53\xAB\x9B\xD2\x47\xA0\x1F\x74\xF7\x9B\x9A\xF1\x2F\x15\x9F\x7A\x64\x30\x18\x07\x3C\x2A\x0F\x67\xCA\xFC\x0F\x89\x61\x9D\x65\xA5\x3C\xE5\xBC\x13\x5B\x08\xDB\xE3\xFF\xED\xBB\x06\xBB\x6A\x06\xB1\x7A\x4F\x65\xC6\x82\xFD\x1E\x9C\x8B\xB5\x0D\xEE\x48\xBB\xB8\xBD\xAA\x08\xB4\xFB\xA3\x7C\xCB\x9F\xCD\x90\x76\x5C\x86\x96\x78\x57\x0A\x66\xF9\x58\x1A\x9D\xFD\x97\x29\x60\xDE\x11\xA6\x90\x1C\x19\x1C\xEE\x01\x96\x22\x34\x34\x2E\x91\xF9\xB7\xC4\x27\xD1\x7B\xE6\xBF\xFB\x80\x44\x5A\x16\xE5\xEB\xE0\xD4\x0A\x38\xBC\xE4\x91\xE3\xD5\xEB\x5C\xC1\xAC\xDF\x1B\x6A\x7C\x9E\xE5\x75\xD2\xB6\x97\x87\xDB\xCC\x87\x2B\x43\x3A\x84\x08\xAF\xAB\x3C\xDB\xF7\x3C\x66\x31\x86\xB0\x9D\x53\x79\xED\xF8\x23\xDE\x42\xE3\x2D\x82\xF1\x0F\xE5\xFA\x97",
 	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3"] = "\x30\x82\x03\x5F\x30\x82\x02\x47\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x21\x58\x53\x08\xA2\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCC\x25\x76\x90\x79\x06\x78\x22\x16\xF5\xC0\x83\xB6\x84\xCA\x28\x9E\xFD\x05\x76\x11\xC5\xAD\x88\x72\xFC\x46\x02\x43\xC7\xB2\x8A\x9D\x04\x5F\x24\xCB\x2E\x4B\xE1\x60\x82\x46\xE1\x52\xAB\x0C\x81\x47\x70\x6C\xDD\x64\xD1\xEB\xF5\x2C\xA3\x0F\x82\x3D\x0C\x2B\xAE\x97\xD7\xB6\x14\x86\x10\x79\xBB\x3B\x13\x80\x77\x8C\x08\xE1\x49\xD2\x6A\x62\x2F\x1F\x5E\xFA\x96\x68\xDF\x89\x27\x95\x38\x9F\x06\xD7\x3E\xC9\xCB\x26\x59\x0D\x73\xDE\xB0\xC8\xE9\x26\x0E\x83\x15\xC6\xEF\x5B\x8B\xD2\x04\x60\xCA\x49\xA6\x28\xF6\x69\x3B\xF6\xCB\xC8\x28\x91\xE5\x9D\x8A\x61\x57\x37\xAC\x74\x14\xDC\x74\xE0\x3A\xEE\x72\x2F\x2E\x9C\xFB\xD0\xBB\xBF\xF5\x3D\x00\xE1\x06\x33\xE8\x82\x2B\xAE\x53\xA6\x3A\x16\x73\x8C\xDD\x41\x0E\x20\x3A\xC0\xB4\xA7\xA1\xE9\xB2\x4F\x90\x2E\x32\x60\xE9\x57\xCB\xB9\x04\x92\x68\x68\xE5\x38\x26\x60\x75\xB2\x9F\x77\xFF\x91\x14\xEF\xAE\x20\x49\xFC\xAD\x40\x15\x48\xD1\x02\x31\x61\x19\x5E\xB8\x97\xEF\xAD\x77\xB7\x64\x9A\x7A\xBF\x5F\xC1\x13\xEF\x9B\x62\xFB\x0D\x6C\xE0\x54\x69\x16\xA9\x03\xDA\x6E\xE9\x83\x93\x71\x76\xC6\x69\x85\x82\x17\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x8F\xF0\x4B\x7F\xA8\x2E\x45\x24\xAE\x4D\x50\xFA\x63\x9A\x8B\xDE\xE2\xDD\x1B\xBC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4B\x40\xDB\xC0\x50\xAA\xFE\xC8\x0C\xEF\xF7\x96\x54\x45\x49\xBB\x96\x00\x09\x41\xAC\xB3\x13\x86\x86\x28\x07\x33\xCA\x6B\xE6\x74\xB9\xBA\x00\x2D\xAE\xA4\x0A\xD3\xF5\xF1\xF1\x0F\x8A\xBF\x73\x67\x4A\x83\xC7\x44\x7B\x78\xE0\xAF\x6E\x6C\x6F\x03\x29\x8E\x33\x39\x45\xC3\x8E\xE4\xB9\x57\x6C\xAA\xFC\x12\x96\xEC\x53\xC6\x2D\xE4\x24\x6C\xB9\x94\x63\xFB\xDC\x53\x68\x67\x56\x3E\x83\xB8\xCF\x35\x21\xC3\xC9\x68\xFE\xCE\xDA\xC2\x53\xAA\xCC\x90\x8A\xE9\xF0\x5D\x46\x8C\x95\xDD\x7A\x58\x28\x1A\x2F\x1D\xDE\xCD\x00\x37\x41\x8F\xED\x44\x6D\xD7\x53\x28\x97\x7E\xF3\x67\x04\x1E\x15\xD7\x8A\x96\xB4\xD3\xDE\x4C\x27\xA4\x4C\x1B\x73\x73\x76\xF4\x17\x99\xC2\x1F\x7A\x0E\xE3\x2D\x08\xAD\x0A\x1C\x2C\xFF\x3C\xAB\x55\x0E\x0F\x91\x7E\x36\xEB\xC3\x57\x49\xBE\xE1\x2E\x2D\x7C\x60\x8B\xC3\x41\x51\x13\x23\x9D\xCE\xF7\x32\x6B\x94\x01\xA8\x99\xE7\x2C\x33\x1F\x3A\x3B\x25\xD2\x86\x40\xCE\x3B\x2C\x86\x78\xC9\x61\x2F\x14\xBA\xEE\xDB\x55\x6F\xDF\x84\xEE\x05\x09\x4D\xBD\x28\xD8\x72\xCE\xD3\x62\x50\x65\x1E\xEB\x92\x97\x83\x31\xD9\xB3\xB5\xCA\x47\x58\x3F\x5F",
 	["CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES"] = "\x30\x82\x06\x14\x30\x82\x03\xFC\xA0\x03\x02\x01\x02\x02\x08\x53\xEC\x3B\xEE\xFB\xB2\x48\x5F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0C\x39\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x46\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x1E\x17\x0D\x30\x39\x30\x35\x32\x30\x30\x38\x33\x38\x31\x35\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x30\x38\x33\x38\x31\x35\x5A\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0C\x39\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x46\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCA\x96\x6B\x8E\xEA\xF8\xFB\xF1\xA2\x35\xE0\x7F\x4C\xDA\xE0\xC3\x52\xD7\x7D\xB6\x10\xC8\x02\x5E\xB3\x43\x2A\xC4\x4F\x6A\xB2\xCA\x1C\x5D\x28\x9A\x78\x11\x1A\x69\x59\x57\xAF\xB5\x20\x42\xE4\x8B\x0F\xE6\xDF\x5B\xA6\x03\x92\x2F\xF5\x11\xE4\x62\xD7\x32\x71\x38\xD9\x04\x0C\x71\xAB\x3D\x51\x7E\x0F\x07\xDF\x63\x05\x5C\xE9\xBF\x94\x6F\xC1\x29\x82\xC0\xB4\xDA\x51\xB0\xC1\x3C\xBB\xAD\x37\x4A\x5C\xCA\xF1\x4B\x36\x0E\x24\xAB\xBF\xC3\x84\x77\xFD\xA8\x50\xF4\xB1\xE7\xC6\x2F\xD2\x2D\x59\x8D\x7A\x0A\x4E\x96\x69\x52\x02\xAA\x36\x98\xEC\xFC\xFA\x14\x83\x0C\x37\x1F\xC9\x92\x37\x7F\xD7\x81\x2D\xE5\xC4\xB9\xE0\x3E\x34\xFE\x67\xF4\x3E\x66\xD1\xD3\xF4\x40\xCF\x5E\x62\x34\x0F\x70\x06\x3E\x20\x18\x5A\xCE\xF7\x72\x1B\x25\x6C\x93\x74\x14\x93\xA3\x73\xB1\x0E\xAA\x87\x10\x23\x59\x5F\x20\x05\x19\x47\xED\x68\x8E\x92\x12\xCA\x5D\xFC\xD6\x2B\xB2\x92\x3C\x20\xCF\xE1\x5F\xAF\x20\xBE\xA0\x76\x7F\x76\xE5\xEC\x1A\x86\x61\x33\x3E\xE7\x7B\xB4\x3F\xA0\x0F\x8E\xA2\xB9\x6A\x6F\xB9\x87\x26\x6F\x41\x6C\x88\xA6\x50\xFD\x6A\x63\x0B\xF5\x93\x16\x1B\x19\x8F\xB2\xED\x9B\x9B\xC9\x90\xF5\x01\x0C\xDF\x19\x3D\x0F\x3E\x38\x23\xC9\x2F\x8F\x0C\xD1\x02\xFE\x1B\x55\xD6\x4E\xD0\x8D\x3C\xAF\x4F\xA4\xF3\xFE\xAF\x2A\xD3\x05\x9D\x79\x08\xA1\xCB\x57\x31\xB4\x9C\xC8\x90\xB2\x67\xF4\x18\x16\x93\x3A\xFC\x47\xD8\xD1\x78\x96\x31\x1F\xBA\x2B\x0C\x5F\x5D\x99\xAD\x63\x89\x5A\x24\x20\x76\xD8\xDF\xFD\xAB\x4E\xA6\x22\xAA\x9D\x5E\xE6\x27\x8A\x7D\x68\x29\xA3\xE7\x8A\xB8\xDA\x11\xBB\x17\x2D\x99\x9D\x13\x24\x46\xF7\xC5\xE2\xD8\x9F\x8E\x7F\xC7\x8F\x74\x6D\x5A\xB2\xE8\x72\xF5\xAC\xEE\x24\x10\xAD\x2F\x14\xDA\xFF\x2D\x9A\x46\x71\x47\xBE\x42\xDF\xBB\x01\xDB\xF4\x7F\xD3\x28\x8F\x31\x59\x5B\xD3\xC9\x02\xA6\xB4\x52\xCA\x6E\x97\xFB\x43\xC5\x08\x26\x6F\x8A\xF4\xBB\xFD\x9F\x28\xAA\x0D\xD5\x45\xF3\x13\x3A\x1D\xD8\xC0\x78\x8F\x41\x67\x3C\x1E\x94\x64\xAE\x7B\x0B\xC5\xE8\xD9\x01\x88\x39\x1A\x97\x86\x64\x41\xD5\x3B\x87\x0C\x6E\xFA\x0F\xC6\xBD\x48\x14\xBF\x39\x4D\xD4\x9E\x41\xB6\x8F\x96\x1D\x63\x96\x93\xD9\x95\x06\x78\x31\x68\x9E\x37\x06\x3B\x80\x89\x45\x61\x39\x23\xC7\x1B\x44\xA3\x15\xE5\x1C\xF8\x92\x30\xBB\x02\x03\x01\x00\x01\xA3\x81\xEF\x30\x81\xEC\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x01\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x65\xCD\xEB\xAB\x35\x1E\x00\x3E\x7E\xD5\x74\xC0\x1C\xB4\x73\x47\x0E\x1A\x64\x2F\x30\x81\xA6\x06\x03\x55\x1D\x20\x04\x81\x9E\x30\x81\x9B\x30\x81\x98\x06\x04\x55\x1D\x20\x00\x30\x81\x8F\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x2E\x63\x6F\x6D\x2F\x63\x70\x73\x30\x5C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x50\x1E\x4E\x00\x50\x00\x61\x00\x73\x00\x65\x00\x6F\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x42\x00\x6F\x00\x6E\x00\x61\x00\x6E\x00\x6F\x00\x76\x00\x61\x00\x20\x00\x34\x00\x37\x00\x20\x00\x42\x00\x61\x00\x72\x00\x63\x00\x65\x00\x6C\x00\x6F\x00\x6E\x00\x61\x00\x20\x00\x30\x00\x38\x00\x30\x00\x31\x00\x37\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x17\x7D\xA0\xF9\xB4\xDD\xC5\xC5\xEB\xAD\x4B\x24\xB5\xA1\x02\xAB\xDD\xA5\x88\x4A\xB2\x0F\x55\x4B\x2B\x57\x8C\x3B\xE5\x31\xDD\xFE\xC4\x32\xF1\xE7\x5B\x64\x96\x36\x32\x18\xEC\xA5\x32\x77\xD7\xE3\x44\xB6\xC0\x11\x2A\x80\xB9\x3D\x6A\x6E\x7C\x9B\xD3\xAD\xFC\xC3\xD6\xA3\xE6\x64\x29\x7C\xD1\xE1\x38\x1E\x82\x2B\xFF\x27\x65\xAF\xFB\x16\x15\xC4\x2E\x71\x84\xE5\xB5\xFF\xFA\xA4\x47\xBD\x64\x32\xBB\xF6\x25\x84\xA2\x27\x42\xF5\x20\xB0\xC2\x13\x10\x11\xCD\x10\x15\xBA\x42\x90\x2A\xD2\x44\xE1\x96\x26\xEB\x31\x48\x12\xFD\x2A\xDA\xC9\x06\xCF\x74\x1E\xA9\x4B\xD5\x87\x28\xF9\x79\x34\x92\x3E\x2E\x44\xE8\xF6\x8F\x4F\x8F\x35\x3F\x25\xB3\x39\xDC\x63\x2A\x90\x6B\x20\x5F\xC4\x52\x12\x4E\x97\x2C\x2A\xAC\x9D\x97\xDE\x48\xF2\xA3\x66\xDB\xC2\xD2\x83\x95\xA6\x66\xA7\x9E\x25\x0F\xE9\x0B\x33\x91\x65\x0A\x5A\xC3\xD9\x54\x12\xDD\xAF\xC3\x4E\x0E\x1F\x26\x5E\x0D\xDC\xB3\x8D\xEC\xD5\x81\x70\xDE\xD2\x4F\x24\x05\xF3\x6C\x4E\xF5\x4C\x49\x66\x8D\xD1\xFF\xD2\x0B\x25\x41\x48\xFE\x51\x84\xC6\x42\xAF\x80\x04\xCF\xD0\x7E\x64\x49\xE4\xF2\xDF\xA2\xEC\xB1\x4C\xC0\x2A\x1D\xE7\xB4\xB1\x65\xA2\xC4\xBC\xF1\x98\xF4\xAA\x70\x07\x63\xB4\xB8\xDA\x3B\x4C\xFA\x40\x22\x30\x5B\x11\xA6\xF0\x05\x0E\xC6\x02\x03\x48\xAB\x86\x9B\x85\xDD\xDB\xDD\xEA\xA2\x76\x80\x73\x7D\xF5\x9C\x04\xC4\x45\x8D\xE7\xB9\x1C\x8B\x9E\xEA\xD7\x75\xD1\x72\xB1\xDE\x75\x44\xE7\x42\x7D\xE2\x57\x6B\x7D\xDC\x99\xBC\x3D\x83\x28\xEA\x80\x93\x8D\xC5\x4C\x65\xC1\x70\x81\xB8\x38\xFC\x43\x31\xB2\xF6\x03\x34\x47\xB2\xAC\xFB\x22\x06\xCB\x1E\xDD\x17\x47\x1C\x5F\x66\xB9\xD3\x1A\xA2\xDA\x11\xB1\xA4\xBC\x23\xC9\xE4\xBE\x87\xFF\xB9\x94\xB6\xF8\x5D\x20\x4A\xD4\x5F\xE7\xBD\x68\x7B\x65\xF2\x15\x1E\xD2\x3A\xA9\x2D\xE9\xD8\x6B\x24\xAC\x97\x58\x44\x47\xAD\x59\x18\xF1\x21\x65\x70\xDE\xCE\x34\x60\xA8\x40\xF1\xF3\x3C\xA4\xC3\x28\x23\x8C\xFE\x27\x33\x43\x40\xA0\x17\x3C\xEB\xEA\x3B\xB0\x72\xA6\xA3\xB9\x4A\x4B\x5E\x16\x48\xF4\xB2\xBC\xC8\x8C\x92\xC5\x9D\x9F\xAC\x72\x36\xBC\x34\x80\x34\x6B\xA9\x8B\x92\xC0\xB8\x17\xED\xEC\x76\x53\xF5\x24\x01\x8C\xB3\x22\xE8\x4B\x7C\x55\xC6\x9D\xFA\xA3\x14\xBB\x65\x85\x6E\x6E\x4F\x12\x7E\x0A\x3C\x9D\x95",
 	["CN=Izenpe.com,O=IZENPE S.A.,C=ES"] = "\x30\x82\x05\xF1\x30\x82\x03\xD9\xA0\x03\x02\x01\x02\x02\x10\x00\xB0\xB7\x5A\x16\x48\x5F\xBF\xE1\xCB\xF5\x8B\xD7\x19\xE6\x7D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x38\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0C\x0A\x49\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x30\x37\x31\x32\x31\x33\x31\x33\x30\x38\x32\x38\x5A\x17\x0D\x33\x37\x31\x32\x31\x33\x30\x38\x32\x37\x32\x35\x5A\x30\x38\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0C\x0A\x49\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC9\xD3\x7A\xCA\x0F\x1E\xAC\xA7\x86\xE8\x16\x65\x6A\xB1\xC2\x1B\x45\x32\x71\x95\xD9\xFE\x10\x5B\xCC\xAF\xE7\xA5\x79\x01\x8F\x89\xC3\xCA\xF2\x55\x71\xF7\x77\xBE\x77\x94\xF3\x72\xA4\x2C\x44\xD8\x9E\x92\x9B\x14\x3A\xA1\xE7\x24\x90\x0A\x0A\x56\x8E\xC5\xD8\x26\x94\xE1\xD9\x48\xE1\x2D\x3E\xDA\x0A\x72\xDD\xA3\x99\x15\xDA\x81\xA2\x87\xF4\x7B\x6E\x26\x77\x89\x58\xAD\xD6\xEB\x0C\xB2\x41\x7A\x73\x6E\x6D\xDB\x7A\x78\x41\xE9\x08\x88\x12\x7E\x87\x2E\x66\x11\x63\x6C\x54\xFB\x3C\x9D\x72\xC0\xBC\x2E\xFF\xC2\xB7\xDD\x0D\x76\xE3\x3A\xD7\xF7\xB4\x68\xBE\xA2\xF5\xE3\x81\x6E\xC1\x46\x6F\x5D\x8D\xE0\x4D\xC6\x54\x55\x89\x1A\x33\x31\x0A\xB1\x57\xB9\xA3\x8A\x98\xC3\xEC\x3B\x34\xC5\x95\x41\x69\x7E\x75\xC2\x3C\x20\xC5\x61\xBA\x51\x47\xA0\x20\x90\x93\xA1\x90\x4B\xF3\x4E\x7C\x85\x45\x54\x9A\xD1\x05\x26\x41\xB0\xB5\x4D\x1D\x33\xBE\xC4\x03\xC8\x25\x7C\xC1\x70\xDB\x3B\xF4\x09\x2D\x54\x27\x48\xAC\x2F\xE1\xC4\xAC\x3E\xC8\xCB\x92\x4C\x53\x39\x37\x23\xEC\xD3\x01\xF9\xE0\x09\x44\x4D\x4D\x64\xC0\xE1\x0D\x5A\x87\x22\xBC\xAD\x1B\xA3\xFE\x26\xB5\x15\xF3\xA7\xFC\x84\x19\xE9\xEC\xA1\x88\xB4\x44\x69\x84\x83\xF3\x89\xD1\x74\x06\xA9\xCC\x0B\xD6\xC2\xDE\x27\x85\x50\x26\xCA\x17\xB8\xC9\x7A\x87\x56\x2C\x1A\x01\x1E\x6C\xBE\x13\xAD\x10\xAC\xB5\x24\xF5\x38\x91\xA1\xD6\x4B\xDA\xF1\xBB\xD2\xDE\x47\xB5\xF1\xBC\x81\xF6\x59\x6B\xCF\x19\x53\xE9\x8D\x15\xCB\x4A\xCB\xA9\x6F\x44\xE5\x1B\x41\xCF\xE1\x86\xA7\xCA\xD0\x6A\x9F\xBC\x4C\x8D\x06\x33\x5A\xA2\x85\xE5\x90\x35\xA0\x62\x5C\x16\x4E\xF0\xE3\xA2\xFA\x03\x1A\xB4\x2C\x71\xB3\x58\x2C\xDE\x7B\x0B\xDB\x1A\x0F\xEB\xDE\x21\x1F\x06\x77\x06\x03\xB0\xC9\xEF\x99\xFC\xC0\xB9\x4F\x0B\x86\x28\xFE\xD2\xB9\xEA\xE3\xDA\xA5\xC3\x47\x69\x12\xE0\xDB\xF0\xF6\x19\x8B\xED\x7B\x70\xD7\x02\xD6\xED\x87\x18\x28\x2C\x04\x24\x4C\x77\xE4\x48\x8A\x1A\xC6\x3B\x9A\xD4\x0F\xCA\xFA\x75\xD2\x01\x40\x5A\x8D\x79\xBF\x8B\xCF\x4B\xCF\xAA\x16\xC1\x95\xE4\xAD\x4C\x8A\x3E\x17\x91\xD4\xB1\x62\xE5\x82\xE5\x80\x04\xA4\x03\x7E\x8D\xBF\xDA\x7F\xA2\x0F\x97\x4F\x0C\xD3\x0D\xFB\xD7\xD1\xE5\x72\x7E\x1C\xC8\x77\xFF\x5B\x9A\x0F\xB7\xAE\x05\x46\xE5\xF1\xA8\x16\xEC\x47\xA4\x17\x02\x03\x01\x00\x01\xA3\x81\xF6\x30\x81\xF3\x30\x81\xB0\x06\x03\x55\x1D\x11\x04\x81\xA8\x30\x81\xA5\x81\x0F\x69\x6E\x66\x6F\x40\x69\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\xA4\x81\x91\x30\x81\x8E\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x20\x2D\x20\x43\x49\x46\x20\x41\x30\x31\x33\x33\x37\x32\x36\x30\x2D\x52\x4D\x65\x72\x63\x2E\x56\x69\x74\x6F\x72\x69\x61\x2D\x47\x61\x73\x74\x65\x69\x7A\x20\x54\x31\x30\x35\x35\x20\x46\x36\x32\x20\x53\x38\x31\x43\x30\x41\x06\x03\x55\x04\x09\x0C\x3A\x41\x76\x64\x61\x20\x64\x65\x6C\x20\x4D\x65\x64\x69\x74\x65\x72\x72\x61\x6E\x65\x6F\x20\x45\x74\x6F\x72\x62\x69\x64\x65\x61\x20\x31\x34\x20\x2D\x20\x30\x31\x30\x31\x30\x20\x56\x69\x74\x6F\x72\x69\x61\x2D\x47\x61\x73\x74\x65\x69\x7A\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1D\x1C\x65\x0E\xA8\xF2\x25\x7B\xB4\x91\xCF\xE4\xB1\xB1\xE6\xBD\x55\x74\x6C\x05\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x78\xA6\x0C\x16\x4A\x9F\x4C\x88\x3A\xC0\xCB\x0E\xA5\x16\x7D\x9F\xB9\x48\x5F\x18\x8F\x0D\x62\x36\xF6\xCD\x19\x6B\xAC\xAB\xD5\xF6\x91\x7D\xAE\x71\xF3\x3F\xB3\x0E\x78\x85\x9B\x95\xA4\x27\x21\x47\x42\x4A\x7C\x48\x3A\xF5\x45\x7C\xB3\x0C\x8E\x51\x78\xAC\x95\x13\xDE\xC6\xFD\x7D\xB8\x1A\x90\x4C\xAB\x92\x03\xC7\xED\x42\x01\xCE\x0F\xD8\xB1\xFA\xA2\x92\xE1\x60\x6D\xAE\x7A\x6B\x09\xAA\xC6\x29\xEE\x68\x49\x67\x30\x80\x24\x7A\x31\x16\x39\x5B\x7E\xF1\x1C\x2E\xDD\x6C\x09\xAD\xF2\x31\xC1\x82\x4E\xB9\xBB\xF9\xBE\xBF\x2A\x85\x3F\xC0\x40\xA3\x3A\x59\xFC\x59\x4B\x3C\x28\x24\xDB\xB4\x15\x75\xAE\x0D\x88\xBA\x2E\x73\xC0\xBD\x58\x87\xE5\x42\xF2\xEB\x5E\xEE\x1E\x30\x22\x99\xCB\x37\xD1\xC4\x21\x6C\x81\xEC\xBE\x6D\x26\xE6\x1C\xE4\x42\x20\x9E\x47\xB0\xAC\x83\x59\x70\x2C\x35\xD6\xAF\x36\x34\xB4\xCD\x3B\xF8\x32\xA8\xEF\xE3\x78\x89\xFB\x8D\x45\x2C\xDA\x9C\xB8\x7E\x40\x1C\x61\xE7\x3E\xA2\x92\x2C\x4B\xF2\xCD\xFA\x98\xB6\x29\xFF\xF3\xF2\x7B\xA9\x1F\x2E\xA0\x93\x57\x2B\xDE\x85\x03\xF9\x69\x37\xCB\x9E\x78\x6A\x05\xB4\xC5\x31\x78\x89\xEC\x7A\xA7\x85\xE1\xB9\x7B\x3C\xDE\xBE\x1E\x79\x84\xCE\x9F\x70\x0E\x59\xC2\x35\x2E\x90\x2A\x31\xD9\xE4\x45\x7A\x41\xA4\x2E\x13\x9B\x34\x0E\x66\x7B\x49\xAB\x64\x97\xD0\x46\xC3\x79\x9D\x72\x50\x63\xA6\x98\x5B\x06\xBD\x48\x6D\xD8\x39\x83\x70\xE8\x35\xF0\x05\xD1\xAA\xBC\xE3\xDB\xC8\x02\xEA\x7C\xFD\x82\xDA\xC2\x5B\x52\x35\xAE\x98\x3A\xAD\xBA\x35\x93\x23\xA7\x1F\x48\xDD\x35\x46\x98\xB2\x10\x68\xE4\xA5\x31\xC2\x0A\x58\x2E\x19\x81\x10\xC9\x50\x75\xFC\xEA\x5A\x16\xCE\x11\xD7\xEE\xEF\x50\x88\x2D\x61\xFF\x3F\x42\x73\x05\x94\x43\xD5\x8E\x3C\x4E\x01\x3A\x19\xA5\x1F\x46\x4E\x77\xD0\x5D\xE5\x81\x22\x21\x87\xFE\x94\x7D\x84\xD8\x93\xAD\xD6\x68\x43\x48\xB2\xDB\xEB\x73\x24\xE7\x91\x7F\x54\xA4\xB6\x80\x3E\x9D\xA3\x3C\x4C\x72\xC2\x57\xC4\xA0\xD4\xCC\x38\x27\xCE\xD5\x06\x9E\xA2\x48\xD9\xE9\x9F\xCE\x82\x70\x36\x93\x9A\x3B\xDF\x96\x21\xE3\x59\xB7\x0C\xDA\x91\x37\xF0\xFD\x59\x5A\xB3\x99\xC8\x69\x6C\x43\x26\x01\x35\x63\x60\x55\x89\x03\x3A\x75\xD8\xBA\x4A\xD9\x54\xFF\xEE\xDE\x80\xD8\x2D\xD1\x38\xD5\x5E\x2D\x0B\x98\x7D\x3E\x6C\xDB\xFC\x26\x88\xC7",
diff --git a/scripts/base/utils/urls.bro b/scripts/base/utils/urls.bro
index 41a2ab5639..a34b6a02c1 100644
--- a/scripts/base/utils/urls.bro
+++ b/scripts/base/utils/urls.bro
@@ -6,23 +6,23 @@ const url_regex = /^([a-zA-Z\-]{3,5})(:\/\/[^\/?#"'\r\n><]*)([^?#"'\r\n><]*)([^[
 ## A URI, as parsed by :bro:id:`decompose_uri`.
 type URI: record {
 	## The URL's scheme..
-	scheme:		string &optional;
+	scheme:       string &optional;
 	## The location, which could be a domain name or an IP address. Left empty if not
 	## specified.
-	netlocation:	string;
+	netlocation:  string;
 	## Port number, if included in URI.
-	portnum:	count &optional;
+	portnum:      count &optional;
 	## Full including the file name. Will be '/' if there's not path given.
-	path:		string;
+	path:         string;
 	## Full file name, including extension, if there is a file name.
-	file_name:	string &optional;
+	file_name:    string &optional;
 	## The base filename, without extension, if there is a file name.
-	file_base:	string &optional;
+	file_base:    string &optional;
 	## The filename's extension, if there is a file name.
-	file_ext:	string &optional;
+	file_ext:     string &optional;
 	## A table of all query parameters, mapping their keys to values, if there's a
 	## query.
-	params:	table[string] of string &optional;
+	params:       table[string] of string &optional;
 };
 
 ## Extracts URLs discovered in arbitrary text.
@@ -46,19 +46,19 @@ function find_all_urls_without_scheme(s: string): string_set
 	return return_urls;
 	}
 
-function decompose_uri(s: string): URI
+function decompose_uri(uri: string): URI
 	{
 	local parts: string_vec;
-	local u: URI = [$netlocation="", $path="/"];
+	local u = URI($netlocation="", $path="/");
+	local s = uri;
 
-	if ( /\?/ in s)
+	if ( /\?/ in s )
 		{
-		# Parse query.
 		u$params = table();
 
 		parts = split_string1(s, /\?/);
 		s = parts[0];
-		local query: string = parts[1];
+		local query = parts[1];
 
 		if ( /&/ in query )
 			{
@@ -73,7 +73,7 @@ function decompose_uri(s: string): URI
 					}
 				}
 			}
-		else
+		else if ( /=/ in query )
 			{
 			parts = split_string1(query, /=/);
 			u$params[parts[0]] = parts[1];
@@ -97,14 +97,14 @@ function decompose_uri(s: string): URI
 
 		if ( |u$path| > 1 && u$path[|u$path| - 1] != "/" )
 			{
-			local last_token: string = find_last(u$path, /\/.+/);
+			local last_token = find_last(u$path, /\/.+/);
 			local full_filename = split_string1(last_token, /\//)[1];
 
 			if ( /\./ in full_filename )
 				{
 				u$file_name = full_filename;
 				u$file_base = split_string1(full_filename, /\./)[0];
-				u$file_ext = split_string1(full_filename, /\./)[1];
+				u$file_ext  = split_string1(full_filename, /\./)[1];
 				}
 			else
 				{
@@ -122,7 +122,9 @@ function decompose_uri(s: string): URI
 		u$portnum = to_count(parts[1]);
 		}
 	else
+		{
 		u$netlocation = s;
+		}
 
 	return u;
 	}
diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc
index 11fd258d09..99947e3531 100644
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@@ -1219,6 +1219,9 @@ void DNS_Mgr::IssueAsyncRequests()
 void DNS_Mgr::GetFds(iosource::FD_Set* read, iosource::FD_Set* write,
                      iosource::FD_Set* except)
 	{
+	if ( ! nb_dns )
+		return;
+
 	read->Insert(nb_dns_fd(nb_dns));
 	}
 
@@ -1358,6 +1361,9 @@ void DNS_Mgr::Process()
 
 void DNS_Mgr::DoProcess(bool flush)
 	{
+	if ( ! nb_dns )
+		return;
+
 	while ( asyncs_timeouts.size() > 0 )
 		{
 		AsyncRequest* req = asyncs_timeouts.top();
@@ -1422,6 +1428,9 @@ void DNS_Mgr::DoProcess(bool flush)
 
 int DNS_Mgr::AnswerAvailable(int timeout)
 	{
+	if ( ! nb_dns )
+		return -1;
+
 	int fd = nb_dns_fd(nb_dns);
 	if ( fd < 0 )
 		{
diff --git a/src/NetVar.cc b/src/NetVar.cc
index 123e947701..dc049005bb 100644
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@@ -49,6 +49,7 @@ double tcp_partial_close_delay;
 int tcp_max_initial_window;
 int tcp_max_above_hole_without_any_acks;
 int tcp_excessive_data_without_further_acks;
+int tcp_max_old_segments;
 
 RecordType* socks_address;
 
@@ -354,6 +355,7 @@ void init_net_var()
 		opt_internal_int("tcp_max_above_hole_without_any_acks");
 	tcp_excessive_data_without_further_acks =
 		opt_internal_int("tcp_excessive_data_without_further_acks");
+	tcp_max_old_segments = opt_internal_int("tcp_max_old_segments");
 
 	socks_address = internal_type("SOCKS::Address")->AsRecordType();
 
diff --git a/src/NetVar.h b/src/NetVar.h
index bf2d9a5712..efadaaad6d 100644
--- a/src/NetVar.h
+++ b/src/NetVar.h
@@ -52,6 +52,7 @@ extern double tcp_reset_delay;
 extern int tcp_max_initial_window;
 extern int tcp_max_above_hole_without_any_acks;
 extern int tcp_excessive_data_without_further_acks;
+extern int tcp_max_old_segments;
 
 extern RecordType* socks_address;
 
diff --git a/src/Reassem.cc b/src/Reassem.cc
index 8bf965427b..bfac7f7a07 100644
--- a/src/Reassem.cc
+++ b/src/Reassem.cc
@@ -34,12 +34,52 @@ uint64 Reassembler::total_size = 0;
 Reassembler::Reassembler(uint64 init_seq)
 	{
 	blocks = last_block = 0;
+	old_blocks = last_old_block = 0;
+	total_old_blocks = max_old_blocks = 0;
 	trim_seq = last_reassem_seq = init_seq;
 	}
 
 Reassembler::~Reassembler()
 	{
 	ClearBlocks();
+	ClearOldBlocks();
+	}
+
+void Reassembler::CheckOverlap(DataBlock *head, DataBlock *tail,
+					uint64 seq, uint64 len, const u_char* data)
+	{
+	if ( ! head || ! tail )
+		return;
+
+	uint64 upper = (seq + len);
+
+	for ( DataBlock* b = head; b; b = b->next )
+		{
+		uint64 nseq = seq;
+		uint64 nupper = upper;
+		const u_char* ndata = data;
+
+		if ( nupper <= b->seq )
+			continue;
+
+		if ( nseq >= b->upper )
+			continue;
+
+		if ( nseq < b->seq )
+			{
+			ndata += (b->seq - seq);
+			nseq = b->seq;
+			}
+
+		if ( nupper > b->upper )
+			nupper = b->upper;
+
+		uint64 overlap_offset = (nseq - b->seq);
+		uint64 overlap_len = (nupper - nseq);
+
+		if ( overlap_len )
+			Overlap(&b->block[overlap_offset], ndata, overlap_len);
+		}
 	}
 
 void Reassembler::NewBlock(double t, uint64 seq, uint64 len, const u_char* data)
@@ -49,10 +89,14 @@ void Reassembler::NewBlock(double t, uint64 seq, uint64 len, const u_char* data)
 
 	uint64 upper_seq = seq + len;
 
+	CheckOverlap(old_blocks, last_old_block, seq, len, data);
+
 	if ( upper_seq <= trim_seq )
 		// Old data, don't do any work for it.
 		return;
 
+	CheckOverlap(blocks, last_block, seq, len, data);
+
 	if ( seq < trim_seq )
 		{ // Partially old data, just keep the good stuff.
 		uint64 amount_old = trim_seq - seq;
@@ -119,7 +163,36 @@ uint64 Reassembler::TrimToSeq(uint64 seq)
 				num_missing += seq - blocks->upper;
 			}
 
-		delete blocks;
+		if ( max_old_blocks )
+			{
+			// Move block over to old_blocks queue.
+			blocks->next = 0;
+
+			if ( last_old_block )
+				{
+				blocks->prev = last_old_block;
+				last_old_block->next = blocks;
+				}
+			else
+				{
+				blocks->prev = 0;
+				old_blocks = blocks;
+				}
+
+			last_old_block = blocks;
+			total_old_blocks++;
+
+			while ( old_blocks && total_old_blocks > max_old_blocks )
+				{
+				DataBlock* next = old_blocks->next;
+				delete old_blocks;
+				old_blocks = next;
+				total_old_blocks--;
+				}
+			}
+
+		else
+			delete blocks;
 
 		blocks = b;
 		}
@@ -156,6 +229,18 @@ void Reassembler::ClearBlocks()
 	last_block = 0;
 	}
 
+void Reassembler::ClearOldBlocks()
+	{
+	while ( old_blocks )
+		{
+		DataBlock* b = old_blocks->next;
+		delete old_blocks;
+		old_blocks = b;
+		}
+
+	last_old_block = 0;
+	}
+
 uint64 Reassembler::TotalSize() const
 	{
 	uint64 size = 0;
@@ -218,7 +303,7 @@ DataBlock* Reassembler::AddAndCheck(DataBlock* b, uint64 seq, uint64 upper,
 		return new_b;
 		}
 
-	// The blocks overlap, complain.
+	// The blocks overlap.
 	if ( seq < b->seq )
 		{
 		// The new block has a prefix that comes before b.
@@ -239,8 +324,6 @@ DataBlock* Reassembler::AddAndCheck(DataBlock* b, uint64 seq, uint64 upper,
 	uint64 b_len = b->upper - overlap_start;
 	uint64 overlap_len = min(new_b_len, b_len);
 
-	Overlap(&b->block[overlap_offset], data, overlap_len);
-
 	if ( overlap_len < new_b_len )
 		{
 		// Recurse to resolve remainder of the new data.
diff --git a/src/Reassem.h b/src/Reassem.h
index 39617f7816..e55c809990 100644
--- a/src/Reassem.h
+++ b/src/Reassem.h
@@ -36,6 +36,7 @@ public:
 
 	// Delete all held blocks.
 	void ClearBlocks();
+	void ClearOldBlocks();
 
 	int HasBlocks() const		{ return blocks != 0; }
 	uint64 LastReassemSeq() const	{ return last_reassem_seq; }
@@ -50,6 +51,8 @@ public:
 	// Sum over all data buffered in some reassembler.
 	static uint64 TotalMemoryAllocation()	{ return total_size; }
 
+	void SetMaxOldBlocks(uint32 count)	{ max_old_blocks = count; }
+
 protected:
 	Reassembler()	{ }
 
@@ -65,10 +68,19 @@ protected:
 	DataBlock* AddAndCheck(DataBlock* b, uint64 seq,
 				uint64 upper, const u_char* data);
 
+	void CheckOverlap(DataBlock *head, DataBlock *tail,
+				uint64 seq, uint64 len, const u_char* data);
+
 	DataBlock* blocks;
 	DataBlock* last_block;
+
+	DataBlock* old_blocks;
+	DataBlock* last_old_block;
+
 	uint64 last_reassem_seq;
 	uint64 trim_seq;	// how far we've trimmed
+	uint32 max_old_blocks;
+	uint32 total_old_blocks;
 
 	static uint64 total_size;
 };
diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc
index f60d1372ac..ff72c6f350 100644
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@@ -1025,8 +1025,11 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 				}
 			else
 				{
-				ProtocolViolation("not a http reply line");
-				reply_state = EXPECT_REPLY_NOTHING;
+				if ( line != end_of_line )
+					{
+					ProtocolViolation("not a http reply line");
+					reply_state = EXPECT_REPLY_NOTHING;
+					}
 				}
 
 			break;
diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc
index a1759d97d0..cbc1abd17d 100644
--- a/src/analyzer/protocol/mime/MIME.cc
+++ b/src/analyzer/protocol/mime/MIME.cc
@@ -141,10 +141,9 @@ int fputs(data_chunk_t b, FILE* fp)
 
 void MIME_Mail::Undelivered(int len)
 	{
-	// is_orig param not available, doesn't matter as long as it's consistent
 	cur_entity_id = file_mgr->Gap(cur_entity_len, len,
 	                              analyzer->GetAnalyzerTag(), analyzer->Conn(),
-	                              false, cur_entity_id);
+	                              is_orig, cur_entity_id);
 	}
 
 int strcasecmp_n(data_chunk_t s, const char* t)
@@ -246,11 +245,16 @@ int MIME_get_field_name(int len, const char* data, data_chunk_t* name)
 	}
 
 // See RFC 2045, page 12.
-int MIME_is_tspecial (char ch)
+int MIME_is_tspecial (char ch, bool is_boundary = false)
 	{
-	return ch == '(' || ch == ')' || ch == '<' || ch == '>' || ch == '@' ||
-	       ch == ',' || ch == ';' || ch == ':' || ch == '\\' || ch == '"' ||
-	       ch == '/' || ch == '[' || ch == ']' || ch == '?' || ch == '=';
+	if ( is_boundary )
+		return ch == '(' || ch == ')' || ch == '@' ||
+		       ch == ',' || ch == ';' || ch == ':' || ch == '\\' || ch == '"' ||
+		       ch == '/' || ch == '[' || ch == ']' || ch == '?' || ch == '=';
+	else
+		return ch == '(' || ch == ')' || ch == '<' || ch == '>' || ch == '@' ||
+		       ch == ',' || ch == ';' || ch == ':' || ch == '\\' || ch == '"' ||
+		       ch == '/' || ch == '[' || ch == ']' || ch == '?' || ch == '=';
 	}
 
 int MIME_is_field_name_char (char ch)
@@ -258,26 +262,27 @@ int MIME_is_field_name_char (char ch)
 	return ch >= 33 && ch <= 126 && ch != ':';
 	}
 
-int MIME_is_token_char (char ch)
+int MIME_is_token_char (char ch, bool is_boundary = false)
 	{
-	return ch >= 33 && ch <= 126 && ! MIME_is_tspecial(ch);
+	return ch >= 33 && ch <= 126 && ! MIME_is_tspecial(ch, is_boundary);
 	}
 
 // See RFC 2045, page 12.
 // A token is composed of characters that are not SPACE, CTLs or tspecials
-int MIME_get_token(int len, const char* data, data_chunk_t* token)
+int MIME_get_token(int len, const char* data, data_chunk_t* token,
+                   bool is_boundary)
 	{
 	int i = MIME_skip_lws_comments(len, data);
 	while ( i < len )
 		{
 		int j;
 
-		if ( MIME_is_token_char(data[i]) )
+		if ( MIME_is_token_char(data[i], is_boundary) )
 			{
 			token->data = (data + i);
 			for ( j = i; j < len; ++j )
 				{
-				if ( ! MIME_is_token_char(data[j]) )
+				if ( ! MIME_is_token_char(data[j], is_boundary) )
 					break;
 				}
 
@@ -359,7 +364,7 @@ int MIME_get_quoted_string(int len, const char* data, data_chunk_t* str)
 	return -1;
 	}
 
-int MIME_get_value(int len, const char* data, BroString*& buf)
+int MIME_get_value(int len, const char* data, BroString*& buf, bool is_boundary)
 	{
 	int offset = MIME_skip_lws_comments(len, data);
 
@@ -380,7 +385,7 @@ int MIME_get_value(int len, const char* data, BroString*& buf)
 	else
 		{
 		data_chunk_t str;
-		int end = MIME_get_token(len, data, &str);
+		int end = MIME_get_token(len, data, &str, is_boundary);
 		if ( end < 0 )
 			return -1;
 
@@ -863,8 +868,22 @@ int MIME_Entity::ParseFieldParameters(int len, const char* data)
 		len -= offset;
 
 		BroString* val = 0;
-		// token or quoted-string
-		offset = MIME_get_value(len, data, val);
+
+		if ( current_field_type == MIME_CONTENT_TYPE &&
+		     content_type == CONTENT_TYPE_MULTIPART &&
+		     strcasecmp_n(attr, "boundary") == 0 )
+			{
+			// token or quoted-string (and some lenience for characters
+			// not explicitly allowed by the RFC, but encountered in the wild)
+			offset = MIME_get_value(len, data, val, true);
+			data_chunk_t vd = get_data_chunk(val);
+			multipart_boundary = new BroString((const u_char*)vd.data,
+			                                   vd.length, 1);
+			}
+		else
+			// token or quoted-string
+			offset = MIME_get_value(len, data, val);
+
 		if ( offset < 0 )
 			{
 			IllegalFormat("value not found in parameter specification");
@@ -874,8 +893,6 @@ int MIME_Entity::ParseFieldParameters(int len, const char* data)
 
 		data += offset;
 		len -= offset;
-
-		ParseParameter(attr, get_data_chunk(val));
 		delete val;
 		}
 
@@ -920,24 +937,6 @@ void MIME_Entity::ParseContentEncoding(data_chunk_t encoding_mechanism)
 	content_encoding = i;
 	}
 
-void MIME_Entity::ParseParameter(data_chunk_t attr, data_chunk_t val)
-	{
-	switch ( current_field_type ) {
-		case MIME_CONTENT_TYPE:
-			if ( content_type == CONTENT_TYPE_MULTIPART &&
-			     strcasecmp_n(attr, "boundary") == 0 )
-				multipart_boundary = new BroString((const u_char*)val.data, val.length, 1);
-			break;
-
-		case MIME_CONTENT_TRANSFER_ENCODING:
-			break;
-
-		default:
-			break;
-	}
-	}
-
-
 int MIME_Entity::CheckBoundaryDelimiter(int len, const char* data)
 	{
 	if ( ! multipart_boundary )
@@ -1286,13 +1285,15 @@ TableVal* MIME_Message::BuildHeaderTable(MIME_HeaderList& hlist)
 	return t;
 	}
 
-MIME_Mail::MIME_Mail(analyzer::Analyzer* mail_analyzer, int buf_size)
+MIME_Mail::MIME_Mail(analyzer::Analyzer* mail_analyzer, bool orig, int buf_size)
     : MIME_Message(mail_analyzer), md5_hash()
 	{
 	analyzer = mail_analyzer;
 
 	min_overlap_length = mime_segment_overlap_length;
 	max_chunk_length = mime_segment_length;
+	is_orig = orig;
+
 	int length = buf_size;
 
 	if ( min_overlap_length < 0 )
@@ -1456,9 +1457,8 @@ void MIME_Mail::SubmitData(int len, const char* buf)
 		analyzer->ConnectionEvent(mime_segment_data, vl);
 		}
 
-	// is_orig param not available, doesn't matter as long as it's consistent
 	cur_entity_id = file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len,
-	                 analyzer->GetAnalyzerTag(), analyzer->Conn(), false,
+	                 analyzer->GetAnalyzerTag(), analyzer->Conn(), is_orig,
 	                 cur_entity_id);
 
 	cur_entity_len += len;
diff --git a/src/analyzer/protocol/mime/MIME.h b/src/analyzer/protocol/mime/MIME.h
index a3ee45d071..8c7fdd4326 100644
--- a/src/analyzer/protocol/mime/MIME.h
+++ b/src/analyzer/protocol/mime/MIME.h
@@ -117,7 +117,6 @@ protected:
 
 	void ParseContentType(data_chunk_t type, data_chunk_t sub_type);
 	void ParseContentEncoding(data_chunk_t encoding_mechanism);
-	void ParseParameter(data_chunk_t attr, data_chunk_t val);
 
 	void BeginBody();
 	void NewDataLine(int len, const char* data, int trailing_CRLF);
@@ -231,7 +230,7 @@ protected:
 
 class MIME_Mail : public MIME_Message {
 public:
-	MIME_Mail(analyzer::Analyzer* mail_conn, int buf_size = 0);
+	MIME_Mail(analyzer::Analyzer* mail_conn, bool is_orig, int buf_size = 0);
 	~MIME_Mail();
 	void Done();
 
@@ -248,6 +247,7 @@ public:
 protected:
 	int min_overlap_length;
 	int max_chunk_length;
+	bool is_orig;
 	int buffer_start;
 	int data_start;
 	int compute_content_hash;
@@ -275,9 +275,11 @@ extern int MIME_count_leading_lws(int len, const char* data);
 extern int MIME_count_trailing_lws(int len, const char* data);
 extern int MIME_skip_comments(int len, const char* data);
 extern int MIME_skip_lws_comments(int len, const char* data);
-extern int MIME_get_token(int len, const char* data, data_chunk_t* token);
+extern int MIME_get_token(int len, const char* data, data_chunk_t* token,
+                          bool is_boundary = false);
 extern int MIME_get_slash_token_pair(int len, const char* data, data_chunk_t* first, data_chunk_t* second);
-extern int MIME_get_value(int len, const char* data, BroString*& buf);
+extern int MIME_get_value(int len, const char* data, BroString*& buf,
+                          bool is_boundary = false);
 extern int MIME_get_field_name(int len, const char* data, data_chunk_t* name);
 extern BroString* MIME_decode_quoted_pairs(data_chunk_t buf);
 
diff --git a/src/analyzer/protocol/modbus/modbus-analyzer.pac b/src/analyzer/protocol/modbus/modbus-analyzer.pac
index c9b0861428..5a862b7604 100644
--- a/src/analyzer/protocol/modbus/modbus-analyzer.pac
+++ b/src/analyzer/protocol/modbus/modbus-analyzer.pac
@@ -47,6 +47,42 @@
 
 	%}
 
+refine connection ModbusTCP_Conn += {
+	%member{
+		// Fields used to determine if the protocol has been confirmed or not.
+		bool confirmed;
+		bool orig_pdu;
+		bool resp_pdu;
+		%}
+
+	%init{
+		confirmed = false;
+		orig_pdu = false;
+		resp_pdu = false;
+		%}
+
+	function SetPDU(is_orig: bool): bool
+		%{
+		if ( is_orig )
+			orig_pdu = true;
+		else
+			resp_pdu = true;
+
+		return true;
+		%}
+
+	function SetConfirmed(): bool
+		%{
+		confirmed = true;
+		return true;
+		%}
+
+	function IsConfirmed(): bool
+		%{
+		return confirmed && orig_pdu && resp_pdu;
+		%}
+};
+
 refine flow ModbusTCP_Flow += {
 
 	function deliver_message(header: ModbusTCP_TransportHeader): bool
@@ -62,6 +98,21 @@ refine flow ModbusTCP_Flow += {
 		return true;
 		%}
 
+	function deliver_ModbusTCP_PDU(message: ModbusTCP_PDU): bool
+		%{
+		// We will assume that if an entire PDU from both sides
+		// is successfully parsed then this is definitely modbus.
+		connection()->SetPDU(${message.is_orig});
+
+		if ( ! connection()->IsConfirmed() )
+			{
+			connection()->SetConfirmed();
+			connection()->bro_analyzer()->ProtocolConfirmation();
+			}
+
+		return true;
+		%}
+
 	# EXCEPTION
 	function deliver_Exception(header: ModbusTCP_TransportHeader, message: Exception): bool
 		%{
diff --git a/src/analyzer/protocol/modbus/modbus-protocol.pac b/src/analyzer/protocol/modbus/modbus-protocol.pac
index a79e4dccf5..e5b92169b4 100644
--- a/src/analyzer/protocol/modbus/modbus-protocol.pac
+++ b/src/analyzer/protocol/modbus/modbus-protocol.pac
@@ -64,6 +64,8 @@ type ModbusTCP_PDU(is_orig: bool) = record {
 		true  -> request:  ModbusTCP_Request(header);
 		false -> response: ModbusTCP_Response(header);
 	};
+} &let {
+	deliver: bool = $context.flow.deliver_ModbusTCP_PDU(this);
 } &length=header.len+6, &byteorder=bigendian;
 
 type ModbusTCP_TransportHeader = record {
diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc
index 01ecaa3344..05ea4434d3 100644
--- a/src/analyzer/protocol/pop3/POP3.cc
+++ b/src/analyzer/protocol/pop3/POP3.cc
@@ -712,7 +712,8 @@ void POP3_Analyzer::ProcessReply(int length, const char* line)
 			{
 			int data_len = end_of_line - line;
 			if ( ! mail )
-				BeginData();
+				// ProcessReply is only called if orig == false
+				BeginData(false);
 			ProcessData(data_len, line);
 			if ( requestForMultiLine == true )
 				multiLine = true;
@@ -838,10 +839,10 @@ void POP3_Analyzer::AuthSuccessfull()
 				user.c_str(), password.c_str());
 	}
 
-void POP3_Analyzer::BeginData()
+void POP3_Analyzer::BeginData(bool orig)
 	{
 	delete mail;
-	mail = new mime::MIME_Mail(this);
+	mail = new mime::MIME_Mail(this, orig);
 	}
 
 void POP3_Analyzer::EndData()
diff --git a/src/analyzer/protocol/pop3/POP3.h b/src/analyzer/protocol/pop3/POP3.h
index 57cda24afd..7b4b592810 100644
--- a/src/analyzer/protocol/pop3/POP3.h
+++ b/src/analyzer/protocol/pop3/POP3.h
@@ -95,7 +95,7 @@ protected:
 	void NotAllowed(const char* cmd, const char* state);
 	void ProcessClientCmd();
 	void FinishClientCmd();
-	void BeginData();
+	void BeginData(bool orig);
 	void ProcessData(int length, const char* line);
 	void EndData();
 	void StartTLS();
diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc
index d2743817d5..614457dbca 100644
--- a/src/analyzer/protocol/smtp/SMTP.cc
+++ b/src/analyzer/protocol/smtp/SMTP.cc
@@ -45,7 +45,7 @@ SMTP_Analyzer::SMTP_Analyzer(Connection* conn)
 	orig_is_sender = true;
 	line_after_gap = 0;
 	mail = 0;
-	UpdateState(first_cmd, 0);
+	UpdateState(first_cmd, 0, true);
 	cl_orig = new tcp::ContentLine_Analyzer(conn, true);
 	cl_orig->SetIsNULSensitive(true);
 	cl_orig->SetSkipPartial(true);
@@ -214,7 +214,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 				// but are now processing packets sent
 				// afterwards (because, e.g., the RST was
 				// dropped or ignored).
-				BeginData();
+				BeginData(orig);
 
 			ProcessData(data_len, line);
 
@@ -264,7 +264,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 			// RequestEvent() in different orders for the
 			// two commands.
 			if ( cmd_code == SMTP_CMD_END_OF_DATA )
-				UpdateState(cmd_code, 0);
+				UpdateState(cmd_code, 0, orig);
 
 			if ( smtp_request )
 				{
@@ -273,7 +273,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 				}
 
 			if ( cmd_code != SMTP_CMD_END_OF_DATA )
-				UpdateState(cmd_code, 0);
+				UpdateState(cmd_code, 0, orig);
 			}
 		}
 
@@ -312,7 +312,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 
 			if ( ! pending_reply && reply_code >= 0 )
 				// It is not a continuation.
-				NewReply(reply_code);
+				NewReply(reply_code, orig);
 
 			// Update pending_reply.
 			if ( reply_code >= 0 && length > 3 && line[3] == '-' )
@@ -419,7 +419,7 @@ void SMTP_Analyzer::StartTLS()
 // we want to understand the behavior of SMTP and check how far it may
 // deviate from our knowledge.
 
-void SMTP_Analyzer::NewReply(const int reply_code)
+void SMTP_Analyzer::NewReply(const int reply_code, bool orig)
 	{
 	if ( state == SMTP_AFTER_GAP && reply_code > 0 )
 		{
@@ -447,7 +447,7 @@ void SMTP_Analyzer::NewReply(const int reply_code)
 		pending_cmd_q.pop_front();
 		}
 
-	UpdateState(cmd_code, reply_code);
+	UpdateState(cmd_code, reply_code, orig);
 	}
 
 // Note: reply_code == 0 means we haven't seen the reply, in which case we
@@ -457,7 +457,7 @@ void SMTP_Analyzer::NewReply(const int reply_code)
 // in the RPC), and as a result we have to update the state following
 // the commands in addition to the replies.
 
-void SMTP_Analyzer::UpdateState(const int cmd_code, const int reply_code)
+void SMTP_Analyzer::UpdateState(const int cmd_code, const int reply_code, bool orig)
 	{
 	const int st = state;
 
@@ -588,7 +588,7 @@ void SMTP_Analyzer::UpdateState(const int cmd_code, const int reply_code)
 			case 0:
 				if ( state != SMTP_RCPT_OK )
 					UnexpectedCommand(cmd_code, reply_code);
-				BeginData();
+				BeginData(orig);
 				break;
 
 			case 354:
@@ -786,7 +786,7 @@ void SMTP_Analyzer::UpdateState(const int cmd_code, const int reply_code)
 	default:
 		if ( st == SMTP_GAP_RECOVERY && reply_code == 354 )
 			{
-			BeginData();
+			BeginData(orig);
 			}
 		break;
 	}
@@ -890,7 +890,7 @@ void SMTP_Analyzer::ProcessData(int length, const char* line)
 	mail->Deliver(length, line, 1 /* trailing_CRLF */);
 	}
 
-void SMTP_Analyzer::BeginData()
+void SMTP_Analyzer::BeginData(bool orig)
 	{
 	state = SMTP_IN_DATA;
 	skip_data = 0; // reset the flag at the beginning of the mail
@@ -901,7 +901,7 @@ void SMTP_Analyzer::BeginData()
 		delete mail;
 		}
 
-	mail = new mime::MIME_Mail(this);
+	mail = new mime::MIME_Mail(this, orig);
 	}
 
 void SMTP_Analyzer::EndData()
diff --git a/src/analyzer/protocol/smtp/SMTP.h b/src/analyzer/protocol/smtp/SMTP.h
index ce8f379fb8..e8010d9aef 100644
--- a/src/analyzer/protocol/smtp/SMTP.h
+++ b/src/analyzer/protocol/smtp/SMTP.h
@@ -58,13 +58,13 @@ protected:
 
 	void ProcessLine(int length, const char* line, bool orig);
 	void NewCmd(const int cmd_code);
-	void NewReply(const int reply_code);
+	void NewReply(const int reply_code, bool orig);
 	void ProcessExtension(int ext_len, const char* ext);
 	void ProcessData(int length, const char* line);
 
-	void UpdateState(const int cmd_code, const int reply_code);
+	void UpdateState(const int cmd_code, const int reply_code, bool orig);
 
-	void BeginData();
+	void BeginData(bool orig);
 	void EndData();
 
 	int ParseCmd(int cmd_len, const char* cmd);
diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc
index 2e8d6e593b..846eb6d9d1 100644
--- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc
+++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc
@@ -201,13 +201,18 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen,
 	{
 	int status = 0;
 
-	if ( contents_processor && caplen >= len )
-		status = contents_processor->DataSent(t, seq, len, data);
+	if ( contents_processor )
+		{
+		if ( caplen >= len )
+			status = contents_processor->DataSent(t, seq, len, data);
+		else
+			TCP()->Weird("truncated_tcp_payload");
+		}
 
 	if ( caplen <= 0 )
 		return status;
 
-	if ( contents_file && ! contents_processor && 
+	if ( contents_file && ! contents_processor &&
 	     seq + len > contents_start_seq )
 		{
 		int64 under_seq = contents_start_seq - seq;
diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
index 16bb9cc56d..bbcd9cb43a 100644
--- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc
+++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
@@ -42,6 +42,9 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
 	seq_to_skip = 0;
 	in_delivery = false;
 
+	if ( tcp_max_old_segments )
+		SetMaxOldBlocks(tcp_max_old_segments);
+
 	if ( tcp_contents )
 		{
 		// Val dst_port_val(ntohs(Conn()->RespPort()), TYPE_PORT);
diff --git a/src/analyzer/protocol/zip/ZIP.cc b/src/analyzer/protocol/zip/ZIP.cc
index 132515f29a..d14df95673 100644
--- a/src/analyzer/protocol/zip/ZIP.cc
+++ b/src/analyzer/protocol/zip/ZIP.cc
@@ -22,10 +22,9 @@ ZIP_Analyzer::ZIP_Analyzer(Connection* conn, bool orig, Method arg_method)
 	zip->next_in = 0;
 	zip->avail_in = 0;
 
-	// "15" here means maximum compression.  "32" is a gross overload
-	// hack that means "check it for whether it's a gzip file".  Sheesh.
-	zip_status = inflateInit2(zip, 15 + 32);
-	if ( zip_status != Z_OK )
+	// "32" is a gross overload hack that means "check it
+	// for whether it's a gzip file".  Sheesh.
+	if ( inflateInit2(zip, MAX_WBITS + 32) != Z_OK )
 		{
 		Weird("inflate_init_failed");
 		delete zip;
@@ -56,38 +55,63 @@ void ZIP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 	static unsigned int unzip_size = 4096;
 	Bytef unzipbuf[unzip_size];
 
+	int allow_restart = 1;
+
 	zip->next_in = (Bytef*) data;
 	zip->avail_in = len;
 
-	do
+	Bytef *orig_next_in = zip->next_in;
+	size_t orig_avail_in = zip->avail_in;
+
+	while ( true )
 		{
 		zip->next_out = unzipbuf;
 		zip->avail_out = unzip_size;
 
 		zip_status = inflate(zip, Z_SYNC_FLUSH);
 
-		if ( zip_status != Z_STREAM_END &&
-		     zip_status != Z_OK &&
-		     zip_status != Z_BUF_ERROR )
+		if ( zip_status == Z_STREAM_END ||
+		     zip_status == Z_OK )
+			{
+			allow_restart = 0;
+
+			int have = unzip_size - zip->avail_out;
+			if ( have )
+				ForwardStream(have, unzipbuf, IsOrig());
+
+			if ( zip_status == Z_STREAM_END )
+				{
+				inflateEnd(zip);
+				return;
+				}
+
+			if ( zip->avail_in == 0 )
+				return;
+
+			}
+
+		else if ( allow_restart && zip_status == Z_DATA_ERROR )
+			{
+			// Some servers seem to not generate zlib headers,
+			// so this is an attempt to fix and continue anyway.
+			inflateEnd(zip);
+
+			if ( inflateInit2(zip, -MAX_WBITS) != Z_OK )
+				{
+				Weird("inflate_init_failed");
+				return;
+				}
+
+			zip->next_in = orig_next_in;
+			zip->avail_in = orig_avail_in;
+			allow_restart = 0;
+			continue;
+			}
+
+		else
 			{
 			Weird("inflate_failed");
-			inflateEnd(zip);
-			break;
+			return;
 			}
-
-		int have = unzip_size - zip->avail_out;
-		if ( have )
-			ForwardStream(have, unzipbuf, IsOrig());
-
-		if ( zip_status == Z_STREAM_END )
-			{
-			inflateEnd(zip);
-			delete zip;
-			zip = 0;
-			break;
-			}
-
-		zip_status = Z_OK;
 		}
-	while ( zip->avail_out == 0 );
 	}
diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc
index e467137c65..06ece6d6c1 100644
--- a/src/broker/Manager.cc
+++ b/src/broker/Manager.cc
@@ -24,6 +24,12 @@ int bro_broker::Manager::send_flags_self_idx;
 int bro_broker::Manager::send_flags_peers_idx;
 int bro_broker::Manager::send_flags_unsolicited_idx;
 
+bro_broker::Manager::Manager()
+	: iosource::IOSource(), next_timestamp(-1)
+	{
+	SetIdle(true);
+	}
+
 bro_broker::Manager::~Manager()
 	{
 	vector<decltype(data_stores)::key_type> stores_to_close;
@@ -560,8 +566,10 @@ void bro_broker::Manager::GetFds(iosource::FD_Set* read, iosource::FD_Set* write
 
 double bro_broker::Manager::NextTimestamp(double* local_network_time)
 	{
-	// TODO: do something better?
-	return timer_mgr->Time();
+	if ( next_timestamp < 0 )
+		next_timestamp = timer_mgr->Time();
+
+	return next_timestamp;
 	}
 
 struct response_converter {
@@ -619,7 +627,6 @@ static RecordVal* response_to_val(broker::store::response r)
 
 void bro_broker::Manager::Process()
 	{
-	bool idle = true;
 	auto outgoing_connection_updates =
 	        endpoint->outgoing_connection_status().want_pop();
 	auto incoming_connection_updates =
@@ -630,8 +637,6 @@ void bro_broker::Manager::Process()
 
 	for ( auto& u : outgoing_connection_updates )
 		{
-		idle = false;
-
 		switch ( u.status ) {
 		case broker::outgoing_connection_status::tag::established:
 			if ( BrokerComm::outgoing_connection_established )
@@ -677,8 +682,6 @@ void bro_broker::Manager::Process()
 
 	for ( auto& u : incoming_connection_updates )
 		{
-		idle = false;
-
 		switch ( u.status ) {
 		case broker::incoming_connection_status::tag::established:
 			if ( BrokerComm::incoming_connection_established )
@@ -714,7 +717,6 @@ void bro_broker::Manager::Process()
 			continue;
 
 		ps.second.received += print_messages.size();
-		idle = false;
 
 		if ( ! BrokerComm::print_handler )
 			continue;
@@ -751,7 +753,6 @@ void bro_broker::Manager::Process()
 			continue;
 
 		es.second.received += event_messages.size();
-		idle = false;
 
 		for ( auto& em : event_messages )
 			{
@@ -822,7 +823,6 @@ void bro_broker::Manager::Process()
 			continue;
 
 		ls.second.received += log_messages.size();
-		idle = false;
 
 		for ( auto& lm : log_messages )
 			{
@@ -890,7 +890,6 @@ void bro_broker::Manager::Process()
 			continue;
 
 		statistics.report_count += responses.size();
-		idle = false;
 
 		for ( auto& response : responses )
 			{
@@ -940,8 +939,6 @@ void bro_broker::Manager::Process()
 
 	for ( auto& report : reports )
 		{
-		idle = false;
-
 		if ( report.size() < 2 )
 			{
 			reporter->Warning("got broker report msg of size %zu, expect 4",
@@ -979,7 +976,7 @@ void bro_broker::Manager::Process()
 			}
 		}
 
-	SetIdle(idle);
+	next_timestamp = -1;
 	}
 
 bool bro_broker::Manager::AddStore(StoreHandleVal* handle)
diff --git a/src/broker/Manager.h b/src/broker/Manager.h
index 63fbba074a..9e1ac7a70b 100644
--- a/src/broker/Manager.h
+++ b/src/broker/Manager.h
@@ -50,6 +50,11 @@ class Manager : public iosource::IOSource {
 friend class StoreHandleVal;
 public:
 
+	/**
+	 * Constructor.
+	 */
+	Manager();
+
 	/**
 	 * Destructor.  Any still-pending data store queries are aborted.
 	 */
@@ -351,6 +356,7 @@ private:
 	std::unordered_set<StoreQueryCallback*> pending_queries;
 
 	Stats statistics;
+	double next_timestamp;
 
 	static VectorType* vector_of_data_type;
 	static EnumType* log_id_type;
diff --git a/src/event.bif b/src/event.bif
index 6531bef6d8..dc6388fbb5 100644
--- a/src/event.bif
+++ b/src/event.bif
@@ -282,7 +282,8 @@ event packet_contents%(c: connection, contents: string%);
 ## reassembling a TCP stream, Bro buffers all payload until it sees the
 ## responder acking it. If during that time, the sender resends a chunk of
 ## payload but with different content than originally, this event will be
-## raised.
+## raised. In addition, if :bro:id:`tcp_max_old_segments` is larger than zero,
+## mismatches with that older still-buffered data will likewise trigger the event.
 ##
 ## c: The connection showing the inconsistency.
 ##
diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac
index ad55d30c55..5454704f94 100644
--- a/src/file_analysis/analyzer/pe/pe-analyzer.pac
+++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac
@@ -5,14 +5,14 @@
 %}
 
 %header{
-VectorVal* process_rvas(const RVAS* rvas, const uint16 size);
+VectorVal* process_rvas(const RVAS* rvas);
 %}
 
 %code{
-VectorVal* process_rvas(const RVAS* rva_table, const uint16 size)
+VectorVal* process_rvas(const RVAS* rva_table)
 	{
 	VectorVal* rvas = new VectorVal(internal_type("index_vec")->AsVectorType());
-	for ( uint16 i=0; i < size; ++i )
+	for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
 		rvas->Assign(i, new Val((*rva_table->rvas())[i]->size(), TYPE_COUNT));
 
 	return rvas;
@@ -149,7 +149,7 @@ refine flow File += {
 			oh->Assign(21, new Val(${h.subsystem}, TYPE_COUNT));
 			oh->Assign(22, characteristics_to_bro(${h.dll_characteristics}, 16));
 
-			oh->Assign(23, process_rvas(${h.rvas}, ${h.number_of_rva_and_sizes}));
+			oh->Assign(23, process_rvas(${h.rvas}));
 
 			BifEvent::generate_pe_optional_header((analyzer::Analyzer *) connection()->bro_analyzer(),
 			                                      connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
diff --git a/src/input/readers/sqlite/SQLite.h b/src/input/readers/sqlite/SQLite.h
index f4cae7d01f..5d82bc55f1 100644
--- a/src/input/readers/sqlite/SQLite.h
+++ b/src/input/readers/sqlite/SQLite.h
@@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#ifndef INPUT_READERS_POSTGRES_H
-#define INPUT_READERS_POSTGRES_H
+#ifndef INPUT_READERS_SQLITE_H
+#define INPUT_READERS_SQLITE_H
 
 #include "config.h"
 
@@ -50,5 +50,5 @@ private:
 }
 }
 
-#endif /* INPUT_READERS_POSTGRES_H */
+#endif /* INPUT_READERS_SQLITE_H */
 
diff --git a/src/iosource/Manager.cc b/src/iosource/Manager.cc
index fccdbadb4a..80fa5fe860 100644
--- a/src/iosource/Manager.cc
+++ b/src/iosource/Manager.cc
@@ -118,9 +118,6 @@ IOSource* Manager::FindSoonest(double* ts)
 
 		src->Clear();
 		src->src->GetFds(&src->fd_read, &src->fd_write, &src->fd_except);
-		if ( src->fd_read.Empty() ) src->fd_read.Insert(0);
-		if ( src->fd_write.Empty() ) src->fd_write.Insert(0);
-		if ( src->fd_except.Empty() ) src->fd_except.Insert(0);
 		src->SetFds(&fd_read, &fd_write, &fd_except, &maxx);
 		}
 
diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc
index 5612c32e51..84929b08d0 100644
--- a/src/iosource/PktSrc.cc
+++ b/src/iosource/PktSrc.cc
@@ -240,6 +240,18 @@ void PktSrc::GetFds(iosource::FD_Set* read, iosource::FD_Set* write,
 
 	if ( IsOpen() && props.selectable_fd >= 0 )
 		read->Insert(props.selectable_fd);
+
+	// TODO: This seems like a hack that should be removed, but doing so
+	// causes the main run loop to spin more frequently and increase cpu usage.
+	// See also commit 9cd85be308.
+	if ( read->Empty() )
+		read->Insert(0);
+
+	if ( write->Empty() )
+		write->Insert(0);
+
+	if ( except->Empty() )
+		except->Insert(0);
 	}
 
 double PktSrc::NextTimestamp(double* local_network_time)
diff --git a/src/main.cc b/src/main.cc
index 61cc35f198..425269b713 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -179,8 +179,8 @@ void usage()
 	fprintf(stderr, "    -r|--readfile <readfile>       | read from given tcpdump file\n");
 	fprintf(stderr, "    -s|--rulefile <rulefile>       | read rules from given file\n");
 	fprintf(stderr, "    -t|--tracefile <tracefile>     | activate execution tracing\n");
-	fprintf(stderr, "    -w|--writefile <writefile>     | write to given tcpdump file\n");
 	fprintf(stderr, "    -v|--version                   | print version and exit\n");
+	fprintf(stderr, "    -w|--writefile <writefile>     | write to given tcpdump file\n");
 	fprintf(stderr, "    -x|--print-state <file.bst>    | print contents of state file\n");
 	fprintf(stderr, "    -z|--analyze <analysis>        | run the specified policy file analysis\n");
 #ifdef DEBUG
@@ -188,6 +188,8 @@ void usage()
 #endif
 	fprintf(stderr, "    -C|--no-checksums              | ignore checksums\n");
 	fprintf(stderr, "    -F|--force-dns                 | force DNS\n");
+	fprintf(stderr, "    -G|--load-seeds <file>         | load seeds from given file\n");
+	fprintf(stderr, "    -H|--save-seeds <file>         | save seeds to given file\n");
 	fprintf(stderr, "    -I|--print-id <ID name>        | print out given ID\n");
 	fprintf(stderr, "    -J|--set-seed <seed>           | set the random number seed\n");
 	fprintf(stderr, "    -K|--md5-hashkey <hashkey>     | set key for MD5-keyed hashing\n");
@@ -209,8 +211,6 @@ void usage()
 	fprintf(stderr, "    -X <file.bst>                  | print contents of state file as XML\n");
 #endif
 	fprintf(stderr, "    --pseudo-realtime[=<speedup>]  | enable pseudo-realtime for performance evaluation (default 1)\n");
-	fprintf(stderr, "    --load-seeds <file>            | load seeds from given file\n");
-	fprintf(stderr, "    --save-seeds <file>            | save seeds to given file\n");
 
 #ifdef USE_IDMEF
 	fprintf(stderr, "    -n|--idmef-dtd <idmef-msg.dtd> | specify path to IDMEF DTD file\n");
@@ -547,7 +547,7 @@ int main(int argc, char** argv)
 	opterr = 0;
 
 	char opts[256];
-	safe_strncpy(opts, "B:e:f:I:i:J:K:n:p:R:r:s:T:t:U:w:x:X:z:CFNPSWabdghvQ",
+	safe_strncpy(opts, "B:e:f:G:H:I:i:J:K:n:p:R:r:s:T:t:U:w:x:X:z:CFNPQSWabdghv",
 		     sizeof(opts));
 
 #ifdef USE_PERFTOOLS_DEBUG
@@ -582,6 +582,10 @@ int main(int argc, char** argv)
 			dump_cfg = true;
 			break;
 
+		case 'h':
+			usage();
+			break;
+
 		case 'i':
 			interfaces.append(optarg);
 			break;
@@ -603,10 +607,19 @@ int main(int argc, char** argv)
 			g_trace_state.TraceOn();
 			break;
 
+		case 'v':
+			fprintf(stderr, "%s version %s\n", prog, bro_version());
+			exit(0);
+			break;
+
 		case 'w':
 			writefile = optarg;
 			break;
 
+		case 'x':
+			bst_file = optarg;
+			break;
+
 		case 'z':
 			if ( streq(optarg, "notice") )
 				do_notice_analysis = 1;
@@ -617,6 +630,10 @@ int main(int argc, char** argv)
 				}
 			break;
 
+		case 'B':
+			debug_streams = optarg;
+			break;
+
 		case 'C':
 			override_ignore_checksums = 1;
 			break;
@@ -688,13 +705,8 @@ int main(int argc, char** argv)
 			do_watchdog = 1;
 			break;
 
-		case 'h':
-			usage();
-			break;
-
-		case 'v':
-			fprintf(stderr, "%s version %s\n", prog, bro_version());
-			exit(0);
+		case 'X':
+			broxygen_config = optarg;
 			break;
 
 #ifdef USE_PERFTOOLS_DEBUG
@@ -707,9 +719,6 @@ int main(int argc, char** argv)
 			break;
 #endif
 
-		case 'x':
-			bst_file = optarg;
-			break;
 #if 0 // broken
 		case 'X':
 			bst_file = optarg;
@@ -717,10 +726,6 @@ int main(int argc, char** argv)
 			break;
 #endif
 
-		case 'X':
-			broxygen_config = optarg;
-			break;
-
 #ifdef USE_IDMEF
 		case 'n':
 			fprintf(stderr, "Using IDMEF XML DTD from %s\n", optarg);
@@ -728,10 +733,6 @@ int main(int argc, char** argv)
 			break;
 #endif
 
-		case 'B':
-			debug_streams = optarg;
-			break;
-
 		case 0:
 			// This happens for long options that don't have
 			// a short-option equivalent.
diff --git a/src/strings.bif b/src/strings.bif
index 2ae1aae215..80b60a57d0 100644
--- a/src/strings.bif
+++ b/src/strings.bif
@@ -700,7 +700,7 @@ function split_n%(str: string, re: pattern,
 ##
 ## Returns: An array of strings where, if *incl_sep* is true, each two
 ##          successive elements correspond to a substring in *str* of the part
-##          not matching *re* (event-indexed) and the part that matches *re*
+##          not matching *re* (even-indexed) and the part that matches *re*
 ##          (odd-indexed).
 ##
 ## .. bro:see:: split_string split_string1 split_string_all str_split
diff --git a/testing/btest/Baseline/broker.enable-and-exit/output b/testing/btest/Baseline/broker.enable-and-exit/output
new file mode 100644
index 0000000000..6df9e9b67f
--- /dev/null
+++ b/testing/btest/Baseline/broker.enable-and-exit/output
@@ -0,0 +1,3 @@
+1
+2
+terminating
diff --git a/testing/btest/Baseline/core.reassembly/output b/testing/btest/Baseline/core.reassembly/output
new file mode 100644
index 0000000000..79922b43c4
--- /dev/null
+++ b/testing/btest/Baseline/core.reassembly/output
@@ -0,0 +1,32 @@
+----------------------
+flow weird, excessively_small_fragment, 164.1.123.163, 164.1.123.61
+flow weird, fragment_size_inconsistency, 164.1.123.163, 164.1.123.61
+flow weird, fragment_inconsistency, 164.1.123.163, 164.1.123.61
+flow weird, fragment_inconsistency, 164.1.123.163, 164.1.123.61
+flow weird, dns_unmatched_msg, 164.1.123.163, 164.1.123.61
+----------------------
+flow weird, excessively_small_fragment, 164.1.123.163, 164.1.123.61
+flow weird, excessively_small_fragment, 164.1.123.163, 164.1.123.61
+flow weird, fragment_overlap, 164.1.123.163, 164.1.123.61
+----------------------
+flow weird, fragment_with_DF, 210.54.213.247, 131.243.1.10
+flow weird, fragment_with_DF, 210.54.213.247, 131.243.1.10
+flow weird, fragment_with_DF, 210.54.213.247, 131.243.1.10
+flow weird, fragment_with_DF, 210.54.213.247, 131.243.1.10
+flow weird, fragment_with_DF, 210.54.213.247, 131.243.1.10
+----------------------
+flow weird, excessively_small_fragment, 128.32.46.142, 10.0.0.1
+flow weird, excessively_small_fragment, 128.32.46.142, 10.0.0.1
+flow weird, fragment_inconsistency, 128.32.46.142, 10.0.0.1
+----------------------
+net_weird, truncated_IP
+net_weird, truncated_IP
+net_weird, truncated_IP
+net_weird, truncated_IP
+rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd
+rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], dgphrodofqhq, orgmmpelofil
+rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], lenhfdqhqfgs, dfpqssidkpdg
+rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr
+rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml
+net_weird, truncated_IP
+rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?>\x0d\x0a<g:searchrequest xmlns:g=, OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?igplqgeqsonkllfshdjplhjspmde
diff --git a/testing/btest/Baseline/core.tcp.quantum-insert/.stdout b/testing/btest/Baseline/core.tcp.quantum-insert/.stdout
new file mode 100644
index 0000000000..3f2c5fad1b
--- /dev/null
+++ b/testing/btest/Baseline/core.tcp.quantum-insert/.stdout
@@ -0,0 +1,4 @@
+----- rexmit_inconsistency -----
+1429652006.683290 c: [orig_h=178.200.100.200, orig_p=39976/tcp, resp_h=96.126.98.124, resp_p=80/tcp]
+1429652006.683290 t1: HTTP/1.1 200 OK\x0d\x0aContent-Length: 5\x0d\x0a\x0d\x0aBANG!
+1429652006.683290 t2: HTTP/1.1 200 OK\x0d\x0aServer: nginx/1.4.4\x0d\x0aDate:
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log b/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log
new file mode 100644
index 0000000000..c4c96b7fb9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	http
+#open	2015-05-12-16-26-53
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	orig_fuids	orig_mime_types	resp_fuids	resp_mime_types
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]
+1232039472.314927	CXWv6p3arKYeMETxOg	237.244.174.255	1905	79.218.110.244	80	1	GET	ads1.msn.com	/library/dap.js	http://zone.msn.com/en/root/default.htm	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)	0	13249	200	OK	-	-	-	(empty)	-	-	-	-	-	FBcNS3RwceOxW15xg	text/plain
+1232039472.446194	CXWv6p3arKYeMETxOg	237.244.174.255	1905	79.218.110.244	80	2	GET	ads1.msn.com	/library/dap.js	http://zone.msn.com/en/root/default.htm	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)	0	13249	200	OK	-	-	-	(empty)	-	-	-	-	-	FDWU85N0DpedJPh93	text/plain
+#close	2015-05-12-16-26-53
diff --git a/testing/btest/Baseline/scripts.base.protocols.modbus.events/conn.log b/testing/btest/Baseline/scripts.base.protocols.modbus.events/conn.log
new file mode 100644
index 0000000000..484c5a0223
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.modbus.events/conn.log
@@ -0,0 +1,18 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2015-06-19-21-05-46
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
+1093521678.945447	CXWv6p3arKYeMETxOg	10.0.0.57	2387	10.0.0.3	502	tcp	-	0.000493	0	0	SF	-	-	0	FafA	2	80	2	80	(empty)
+1093521953.490353	CCvvfg3TEfuqmmG4bh	10.0.0.57	2579	10.0.0.8	502	tcp	modbus	23.256631	24	0	SF	-	-	0	ShADaFf	6	272	5	208	(empty)
+1093521681.696827	CjhGID4nQcgTWjvg4c	10.0.0.57	2578	10.0.0.3	502	tcp	modbus	385.694948	112	138	S3	-	-	0	ShADdf	20	920	12	626	(empty)
+1093522326.102435	CsRx2w45OKnoww6xl4	10.0.0.9	3082	10.0.0.3	502	tcp	modbus	177.095534	72	69	SF	-	-	0	ShADdFaf	16	720	9	437	(empty)
+1093522946.554059	CRJuHdVW0XPVINV8a	10.0.0.57	2585	10.0.0.8	502	tcp	-	76.561880	926	0	SF	-	-	0	ShADafF	8	1254	7	288	(empty)
+1093523065.562221	CPbrpk1qSsw6ESzHV4	10.0.0.8	502	10.0.0.57	4446	tcp	-	155.114237	128	0	SF	-	-	0	ShADaFf	16	776	15	608	(empty)
+1153491879.610371	C6pKV8GSxOnSLghOa	192.168.66.235	2582	166.161.16.230	502	tcp	-	2.905078	0	0	S0	-	-	0	S	2	96	0	0	(empty)
+1153491888.530306	CIPOse170MGiRM1Qf4	192.168.66.235	2582	166.161.16.230	502	tcp	modbus	85.560847	1692	1278	S1	-	-	0	ShADad	167	8380	181	8522	(empty)
+1342774499.588269	C7XEbhP654jzLoe3a	10.1.1.234	51411	10.10.5.85	502	tcp	modbus	2100.811351	237936	4121200	S2	-	-	0	ShADdaF	39659	2300216	20100	5166412	(empty)
+#close	2015-06-19-21-05-51
diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/files.log b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/files.log
new file mode 100644
index 0000000000..7c8015d94b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/files.log
@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	files
+#open	2015-06-02-01-46-30
+#fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid
+#types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string
+1254722770.692743	Fel9gs4OtNEV6gUJZ5	10.10.1.4	74.53.140.153	CXWv6p3arKYeMETxOg	SMTP	3	(empty)	text/plain	-	0.000000	-	T	77	-	0	0	F	-
+1254722770.692743	Ft4M3f2yMvLlmwtbq9	10.10.1.4	74.53.140.153	CXWv6p3arKYeMETxOg	SMTP	4	(empty)	text/html	-	0.000061	-	T	1868	-	0	0	F	-
+1254722770.692804	FL9Y0d45OI4LpS6fmh	10.10.1.4	74.53.140.153	CXWv6p3arKYeMETxOg	SMTP	5	(empty)	text/plain	NEWS.txt	1.165512	-	T	10809	-	0	0	F	-
+#close	2015-06-02-01-46-31
diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/smtp.log
new file mode 100644
index 0000000000..e82d323f52
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/smtp.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	smtp
+#open	2015-06-02-01-46-30
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	helo	mailfrom	rcptto	date	from	to	reply_to	msg_id	in_reply_to	subject	x_originating_ip	first_received	second_received	last_reply	path	user_agent	tls	fuids
+#types	time	string	addr	port	addr	port	count	string	string	set[string]	string	string	set[string]	string	string	string	string	addr	string	string	string	vector[addr]	string	bool	vector[string]
+1254722768.219663	CXWv6p3arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	GP	<gurpartap@patriots.in>	<raj_deol2002in@yahoo.co.in>	Mon, 5 Oct 2009 11:36:07 +0530	"Gurpartap Singh" <gurpartap@patriots.in>	<raj_deol2002in@yahoo.co.in>	-	<000301ca4581$ef9e57f0$cedb07d0$@in>	-	SMTP	-	-	-	250 OK id=1Mugho-0003Dg-Un	74.53.140.153,10.10.1.4	Microsoft Office Outlook 12.0	F	Fel9gs4OtNEV6gUJZ5,Ft4M3f2yMvLlmwtbq9,FL9Y0d45OI4LpS6fmh
+#close	2015-06-02-01-46-31
diff --git a/testing/btest/Baseline/scripts.base.utils.urls/output b/testing/btest/Baseline/scripts.base.utils.urls/output
new file mode 100644
index 0000000000..2d8f5b2c4d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.urls/output
@@ -0,0 +1,11 @@
+[scheme=https, netlocation=www.example.com, portnum=<uninitialized>, path=/, file_name=<uninitialized>, file_base=<uninitialized>, file_ext=<uninitialized>, params=<uninitialized>]
+[scheme=http, netlocation=example.com, portnum=99, path=/test//, file_name=<uninitialized>, file_base=<uninitialized>, file_ext=<uninitialized>, params={
+[foo] = bar
+}]
+[scheme=ftp, netlocation=1.2.3.4, portnum=<uninitialized>, path=/pub/files/something.exe, file_name=something.exe, file_base=something, file_ext=exe, params=<uninitialized>]
+[scheme=http, netlocation=hyphen-example.com, portnum=<uninitialized>, path=/index.asp, file_name=index.asp, file_base=index, file_ext=asp, params={
+[q] = 123
+}]
+[scheme=<uninitialized>, netlocation=dfasjdfasdfasdf, portnum=<uninitialized>, path=/, file_name=<uninitialized>, file_base=<uninitialized>, file_ext=<uninitialized>, params={
+
+}]
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
index 01e584b047..7f6a68e1f6 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
@@ -294,15 +294,15 @@
 1254722770.692743 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
                   [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+                  [2] is_orig: bool      = T
 
 1254722770.692743 file_new
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692743 file_over_new_connection
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
                   [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+                  [2] is_orig: bool      = T
 
 1254722770.692743 mime_end_entity
                   [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
@@ -313,11 +313,11 @@
                   [2] is_orig: bool      = T
 
 1254722770.692743 file_sniff
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
                   [1] meta: fa_metadata  = [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]]]
 
 1254722770.692743 file_state_remove
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692743 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
@@ -338,15 +338,15 @@
 1254722770.692743 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
                   [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+                  [2] is_orig: bool      = T
 
 1254722770.692743 file_new
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692743 file_over_new_connection
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
                   [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+                  [2] is_orig: bool      = T
 
 1254722770.692804 mime_end_entity
                   [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
@@ -357,11 +357,11 @@
                   [2] is_orig: bool      = T
 
 1254722770.692804 file_sniff
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a  <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a  <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
                   [1] meta: fa_metadata  = [mime_type=text/html, mime_types=[[strength=100, mime=text/html], [strength=20, mime=text/html], [strength=-20, mime=text/plain]]]
 
 1254722770.692804 file_state_remove
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a  <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=text/html, filename=<uninitialized>, duration=61.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a  <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=text/html, filename=<uninitialized>, duration=61.0 usecs, local_orig=<uninitialized>, is_orig=T, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692804 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
@@ -399,21 +399,21 @@
 1254722770.692804 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
                   [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+                  [2] is_orig: bool      = T
 
 1254722770.692804 file_new
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692804 file_over_new_connection
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
                   [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+                  [2] is_orig: bool      = T
 
 1254722770.695115 new_connection
                   [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.0, service={\x0a\x0a}, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722771.494181 file_sniff
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.494181, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" keyword\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker options: \x0d\x0a  - Strip executable\x0d\x0a  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0d\x0a  include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d\x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an alternate configuration file in Environment Options \x0d\x0a  (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "watch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a  compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h file containing version\x0d\x0a  information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "External programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Added "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=NEWS.txt, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.494181, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" keyword\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker options: \x0d\x0a  - Strip executable\x0d\x0a  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0d\x0a  include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d\x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an alternate configuration file in Environment Options \x0d\x0a  (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "watch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a  compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h file containing version\x0d\x0a  information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "External programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Added "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=NEWS.txt, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
                   [1] meta: fa_metadata  = [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]]]
 
 1254722771.858334 mime_end_entity
@@ -425,7 +425,7 @@
                   [2] is_orig: bool      = T
 
 1254722771.858334 file_state_remove
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.858316, seen_bytes=10809, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" keyword\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker options: \x0d\x0a  - Strip executable\x0d\x0a  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0d\x0a  include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d\x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an alternate configuration file in Environment Options \x0d\x0a  (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "watch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a  compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h file containing version\x0d\x0a  information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "External programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Added "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=text/plain, filename=NEWS.txt, duration=801.0 msecs 376.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.858316, seen_bytes=10809, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" keyword\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker options: \x0d\x0a  - Strip executable\x0d\x0a  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0d\x0a  include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d\x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an alternate configuration file in Environment Options \x0d\x0a  (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "watch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a  compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h file containing version\x0d\x0a  information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "External programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Added "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=text/plain, filename=NEWS.txt, duration=801.0 msecs 376.0 usecs, local_orig=<uninitialized>, is_orig=T, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722771.858334 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
diff --git a/testing/btest/Traces/http/missing-zlib-header.pcap b/testing/btest/Traces/http/missing-zlib-header.pcap
new file mode 100644
index 0000000000..66406a9a40
Binary files /dev/null and b/testing/btest/Traces/http/missing-zlib-header.pcap differ
diff --git a/testing/btest/Traces/ipv4/fragmented-1.pcap b/testing/btest/Traces/ipv4/fragmented-1.pcap
new file mode 100644
index 0000000000..b5a8c7470c
Binary files /dev/null and b/testing/btest/Traces/ipv4/fragmented-1.pcap differ
diff --git a/testing/btest/Traces/ipv4/fragmented-2.pcap b/testing/btest/Traces/ipv4/fragmented-2.pcap
new file mode 100644
index 0000000000..ea10076a09
Binary files /dev/null and b/testing/btest/Traces/ipv4/fragmented-2.pcap differ
diff --git a/testing/btest/Traces/ipv4/fragmented-3.pcap b/testing/btest/Traces/ipv4/fragmented-3.pcap
new file mode 100644
index 0000000000..16696c8aaf
Binary files /dev/null and b/testing/btest/Traces/ipv4/fragmented-3.pcap differ
diff --git a/testing/btest/Traces/ipv4/fragmented-4.pcap b/testing/btest/Traces/ipv4/fragmented-4.pcap
new file mode 100644
index 0000000000..ddcef18f18
Binary files /dev/null and b/testing/btest/Traces/ipv4/fragmented-4.pcap differ
diff --git a/testing/btest/Traces/tcp/qi_internet_SYNACK_curl_jsonip.pcap b/testing/btest/Traces/tcp/qi_internet_SYNACK_curl_jsonip.pcap
new file mode 100644
index 0000000000..d906d9cac9
Binary files /dev/null and b/testing/btest/Traces/tcp/qi_internet_SYNACK_curl_jsonip.pcap differ
diff --git a/testing/btest/Traces/tcp/reassembly.pcap b/testing/btest/Traces/tcp/reassembly.pcap
new file mode 100644
index 0000000000..f387c3fbba
Binary files /dev/null and b/testing/btest/Traces/tcp/reassembly.pcap differ
diff --git a/testing/btest/broker/enable-and-exit.bro b/testing/btest/broker/enable-and-exit.bro
new file mode 100644
index 0000000000..9f45672bb6
--- /dev/null
+++ b/testing/btest/broker/enable-and-exit.bro
@@ -0,0 +1,19 @@
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+redef exit_only_after_terminate = T;
+
+event terminate_me() {
+        print "terminating";
+        terminate();
+}
+
+event bro_init() {
+        BrokerComm::enable();
+
+        print "1";
+        schedule 1sec { terminate_me() };
+        print "2";
+}
diff --git a/testing/btest/core/leaks/smtp_attachment.test b/testing/btest/core/leaks/smtp_attachment.test
new file mode 100644
index 0000000000..3094deb65c
--- /dev/null
+++ b/testing/btest/core/leaks/smtp_attachment.test
@@ -0,0 +1,10 @@
+# Needs perftools support.
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/smtp.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@load base/protocols/smtp
diff --git a/testing/btest/core/reassembly.bro b/testing/btest/core/reassembly.bro
new file mode 100644
index 0000000000..cb04ace71b
--- /dev/null
+++ b/testing/btest/core/reassembly.bro
@@ -0,0 +1,26 @@
+# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output
+# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output
+# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output
+# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output
+# @TEST-EXEC: bro -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output
+# @TEST-EXEC: btest-diff output
+
+event bro_init()
+	{
+	print "----------------------";
+	}
+
+event flow_weird(name: string, src: addr, dst: addr)
+	{
+	print "flow weird", name, src, dst;
+	}
+
+event net_weird(name: string)
+	{
+	print "net_weird", name;
+	}
+
+event rexmit_inconsistency(c: connection, t1: string, t2: string)
+	{
+	print "rexmit_inconsistency", c$id, t1, t2 ;
+	}
diff --git a/testing/btest/core/tcp/quantum-insert.bro b/testing/btest/core/tcp/quantum-insert.bro
new file mode 100644
index 0000000000..3fff5cd911
--- /dev/null
+++ b/testing/btest/core/tcp/quantum-insert.bro
@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro -b -r $TRACES/tcp/qi_internet_SYNACK_curl_jsonip.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+# Quantum Insert like attack, overlapping TCP packet with different content
+redef tcp_max_old_segments = 10;
+event rexmit_inconsistency(c: connection, t1: string, t2: string)
+    {
+    print "----- rexmit_inconsistency -----";
+    print fmt("%.6f c: %s", network_time(), c$id);
+    print fmt("%.6f t1: %s", network_time(), t1);
+    print fmt("%.6f t2: %s", network_time(), t2);
+    }
diff --git a/testing/btest/scripts/base/protocols/http/missing-zlib-header.bro b/testing/btest/scripts/base/protocols/http/missing-zlib-header.bro
new file mode 100644
index 0000000000..25923f70da
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/http/missing-zlib-header.bro
@@ -0,0 +1,6 @@
+# This tests an issue where some web servers don't 
+# include an appropriate ZLIB header on deflated 
+# content.
+#
+# @TEST-EXEC: bro -r $TRACES/http/missing-zlib-header.pcap %INPUT
+# @TEST-EXEC: btest-diff http.log
diff --git a/testing/btest/scripts/base/protocols/modbus/events.bro b/testing/btest/scripts/base/protocols/modbus/events.bro
index a5fe26be9c..fe748fa3dc 100644
--- a/testing/btest/scripts/base/protocols/modbus/events.bro
+++ b/testing/btest/scripts/base/protocols/modbus/events.bro
@@ -5,6 +5,8 @@
 # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif  | grep "^event modbus_" | wc -l >total
 # @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
 # @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff conn.log
+
 
 event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
 {
diff --git a/testing/btest/scripts/base/protocols/smtp/attachment.test b/testing/btest/scripts/base/protocols/smtp/attachment.test
new file mode 100644
index 0000000000..49602f00c1
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/smtp/attachment.test
@@ -0,0 +1,5 @@
+# @TEST-EXEC: bro -b -r $TRACES/smtp.trace %INPUT
+# @TEST-EXEC: btest-diff smtp.log
+# @TEST-EXEC: btest-diff files.log
+
+@load base/protocols/smtp
diff --git a/testing/btest/scripts/base/utils/urls.test b/testing/btest/scripts/base/utils/urls.test
new file mode 100644
index 0000000000..fd8c0a8622
--- /dev/null
+++ b/testing/btest/scripts/base/utils/urls.test
@@ -0,0 +1,19 @@
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+# This is loaded by default.
+#@load base/utils/urls
+
+print decompose_uri("https://www.example.com/");
+print decompose_uri("http://example.com:99/test//?foo=bar");
+print decompose_uri("ftp://1.2.3.4/pub/files/something.exe");
+print decompose_uri("http://hyphen-example.com/index.asp?q=123");
+
+# This is mostly undefined behavior but it doesn't give any 
+# reporter messages at least.
+print decompose_uri("dfasjdfasdfasdf?asd");
+
+# These aren't supported yet.
+#print decompose_uri("mailto:foo@bar.com?subject=test!");
+#print decompose_uri("http://example.com/?test=ampersand&amp;test");
+#print decompose_uri("http://user:password@example.com/");
\ No newline at end of file
diff --git a/testing/external/subdir-btest.cfg b/testing/external/subdir-btest.cfg
index f79c432445..b2b36bf84f 100644
--- a/testing/external/subdir-btest.cfg
+++ b/testing/external/subdir-btest.cfg
@@ -19,3 +19,5 @@ DIST=%(testbase)s/../../..
 BUILD=%(testbase)s/../../../build
 BRO_PROFILER_FILE=%(testbase)s/.tmp/script-coverage.XXXXXX
 BRO_DNS_FAKE=1
+# For fedora 21 - they disable MD5 for certificate verification and need setting an environment variable to permit it.
+OPENSSL_ENABLE_MD5_VERIFY=1