From 306d4fa6f9f480fb70b099c7d6440d70aac38952 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Thu, 1 Aug 2013 16:30:12 -0700
Subject: [PATCH 01/13] Pluginizing the DNP3 analyzer, plus a basic script
 logging requests and replies.

Almost ready, but now 1 test fails again ...

[Note I broke git history by copying over the files into a new branch.]
---
 scripts/base/init-default.bro                 |    1 +
 scripts/base/protocols/dnp3/__load__.bro      |    3 +
 scripts/base/protocols/dnp3/consts.bro        |   49 +
 scripts/base/protocols/dnp3/dpd.sig           |   15 +
 scripts/base/protocols/dnp3/main.bro          |   73 +
 src/analyzer/protocol/CMakeLists.txt          |    1 +
 src/analyzer/protocol/dnp3/CMakeLists.txt     |   10 +
 src/analyzer/protocol/dnp3/DNP3.cc            |  375 +++++
 src/analyzer/protocol/dnp3/DNP3.h             |   56 +
 src/analyzer/protocol/dnp3/Plugin.cc          |   10 +
 src/analyzer/protocol/dnp3/dnp3-analyzer.pac  |  969 +++++++++++
 src/analyzer/protocol/dnp3/dnp3-objects.pac   | 1451 +++++++++++++++++
 src/analyzer/protocol/dnp3/dnp3-protocol.pac  |  257 +++
 src/analyzer/protocol/dnp3/dnp3.pac           |   16 +
 src/analyzer/protocol/dnp3/events.bif         |  241 +++
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   10 +
 .../output                                    |    7 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   10 +
 .../output                                    |    7 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   10 +
 .../output                                    |    9 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   14 +
 .../output                                    |   45 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   12 +
 .../output                                    |   29 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   10 +
 .../output                                    |   88 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   10 +
 .../output                                    |    4 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   11 +
 .../output                                    |   22 +
 .../coverage                                  |    1 +
 .../dnp3.log                                  |   10 +
 .../output                                    |    6 +
 .../coverage                                  |    1 +
 .../scripts.base.protocols.dnp3.events/output |  574 +++++++
 testing/btest/Traces/dnp3/dnp3.trace          |  Bin 0 -> 18790 bytes
 .../btest/Traces/dnp3/dnp3_del_measure.pcap   |  Bin 0 -> 804 bytes
 testing/btest/Traces/dnp3/dnp3_en_spon.pcap   |  Bin 0 -> 807 bytes
 testing/btest/Traces/dnp3/dnp3_file_del.pcap  |  Bin 0 -> 920 bytes
 testing/btest/Traces/dnp3/dnp3_file_read.pcap |  Bin 0 -> 3489 bytes
 .../btest/Traces/dnp3/dnp3_file_write.pcap    |  Bin 0 -> 2868 bytes
 testing/btest/Traces/dnp3/dnp3_read.pcap      |  Bin 0 -> 928 bytes
 .../btest/Traces/dnp3/dnp3_read_p20001.pcap   |  Bin 0 -> 928 bytes
 testing/btest/Traces/dnp3/dnp3_rec_time.pcap  |  Bin 0 -> 798 bytes
 .../Traces/dnp3/dnp3_select_operate.pcap      |  Bin 0 -> 1120 bytes
 testing/btest/Traces/dnp3/dnp3_write.pcap     |  Bin 0 -> 808 bytes
 .../base/protocols/dnp3/dnp3_del_measure.bro  |    9 +
 .../base/protocols/dnp3/dnp3_en_spon.bro      |    9 +
 .../base/protocols/dnp3/dnp3_file_del.bro     |    9 +
 .../base/protocols/dnp3/dnp3_file_read.bro    |    9 +
 .../base/protocols/dnp3/dnp3_file_write.bro   |    9 +
 .../scripts/base/protocols/dnp3/dnp3_read.bro |    9 +
 .../base/protocols/dnp3/dnp3_rec_time.bro     |    9 +
 .../protocols/dnp3/dnp3_select_operate.bro    |    9 +
 .../base/protocols/dnp3/dnp3_write.bro        |    9 +
 .../scripts/base/protocols/dnp3/events.bro    |  266 +++
 65 files changed, 4772 insertions(+)
 create mode 100644 scripts/base/protocols/dnp3/__load__.bro
 create mode 100644 scripts/base/protocols/dnp3/consts.bro
 create mode 100644 scripts/base/protocols/dnp3/dpd.sig
 create mode 100644 scripts/base/protocols/dnp3/main.bro
 create mode 100644 src/analyzer/protocol/dnp3/CMakeLists.txt
 create mode 100644 src/analyzer/protocol/dnp3/DNP3.cc
 create mode 100644 src/analyzer/protocol/dnp3/DNP3.h
 create mode 100644 src/analyzer/protocol/dnp3/Plugin.cc
 create mode 100644 src/analyzer/protocol/dnp3/dnp3-analyzer.pac
 create mode 100644 src/analyzer/protocol/dnp3/dnp3-objects.pac
 create mode 100644 src/analyzer/protocol/dnp3/dnp3-protocol.pac
 create mode 100644 src/analyzer/protocol/dnp3/dnp3.pac
 create mode 100644 src/analyzer/protocol/dnp3/events.bif
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/dnp3.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/output
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.events/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.events/output
 create mode 100644 testing/btest/Traces/dnp3/dnp3.trace
 create mode 100644 testing/btest/Traces/dnp3/dnp3_del_measure.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_en_spon.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_file_del.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_file_read.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_file_write.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_read.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_read_p20001.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_rec_time.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_select_operate.pcap
 create mode 100644 testing/btest/Traces/dnp3/dnp3_write.pcap
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/events.bro

diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index 6e348cfffd..749bd0a024 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -39,6 +39,7 @@
 @load base/frameworks/tunnels
 
 @load base/protocols/conn
+@load base/protocols/dnp3
 @load base/protocols/dns
 @load base/protocols/ftp
 @load base/protocols/http
diff --git a/scripts/base/protocols/dnp3/__load__.bro b/scripts/base/protocols/dnp3/__load__.bro
new file mode 100644
index 0000000000..0f41578f8a
--- /dev/null
+++ b/scripts/base/protocols/dnp3/__load__.bro
@@ -0,0 +1,3 @@
+@load ./main
+
+@load-sigs ./dpd.sig
diff --git a/scripts/base/protocols/dnp3/consts.bro b/scripts/base/protocols/dnp3/consts.bro
new file mode 100644
index 0000000000..1b2a6206ef
--- /dev/null
+++ b/scripts/base/protocols/dnp3/consts.bro
@@ -0,0 +1,49 @@
+
+module DNP3;
+
+export {
+	## Standard defined Modbus function codes.
+	const function_codes = {
+		# Requests.
+		[0x00] = "CONFIRM",
+		[0x01] = "READ",
+		[0x02] = "WRITE",
+		[0x03] = "SELECT",
+		[0x04] = "OPERATE",
+		[0x05] = "DIRECT_OPERATE",
+		[0x06] = "DIRECT_OPERATE_NR",
+		[0x07] = "IMMED_FREEZE",
+		[0x08] = "IMMED_FREEZE_NR",
+		[0x09] = "FREEZE_CLEAR",
+		[0x0a] = "FREEZE_CLEAR_NR",
+		[0x0b] = "FREEZE_AT_TIME",
+		[0x0c] = "FREEZE_AT_TIME_NR",
+		[0x0d] = "COLD_RESTART",
+		[0x0e] = "WARM_RESTART",
+		[0x0f] = "INITIALIZE_DATA",
+		[0x10] = "INITIALIZE_APPL",
+		[0x11] = "START_APPL",
+		[0x12] = "STOP_APPL",
+		[0x13] = "SAVE_CONFIG",
+		[0x14] = "ENABLE_UNSOLICITED",
+		[0x15] = "DISABLE_UNSOLICITED",
+		[0x16] = "ASSIGN_CLASS",
+		[0x17] = "DELAY_MEASURE",
+		[0x18] = "RECORD_CURRENT_TIME",
+		[0x19] = "OPEN_FILE",
+		[0x1a] = "CLOSE_FILE",
+		[0x1b] = "DELETE_FILE",
+		[0x1c] = "GET_FILE_INFO",
+		[0x1d] = "AUTHENTICATE_FILE",
+		[0x1e] = "ABORT_FILE",
+		[0x1f] = "ACTIVATE_CONFIG",
+		[0x20] = "AUTHENTICATE_REQ",
+		[0x21] = "AUTHENTICATE_ERR",
+
+		# Responses.
+		[0x81] = "RESPONSE",
+		[0x82] = "UNSOLICITED_RESPONSE",
+		[0x83] = "AUTHENTICATE_RESP",
+	} &default=function(i: count):string { return fmt("unknown-%d", i); } &redef;
+}
+
diff --git a/scripts/base/protocols/dnp3/dpd.sig b/scripts/base/protocols/dnp3/dpd.sig
new file mode 100644
index 0000000000..691c47d0a9
--- /dev/null
+++ b/scripts/base/protocols/dnp3/dpd.sig
@@ -0,0 +1,15 @@
+
+signature dpd_dnp3_client {
+	ip-proto == tcp
+	# dnp3 packets always starts with 0x05 0x64 .
+	payload /\x05\0x64/
+	tcp-state originator
+}
+
+signature dpd_dnp3_server {
+	ip-proto == tcp
+	# dnp3 packets always starts with 0x05 0x64 .
+	payload /\x05\x64/
+	tcp-state responder
+ 	enable "dnp3"
+}
diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.bro
new file mode 100644
index 0000000000..2b014bcc67
--- /dev/null
+++ b/scripts/base/protocols/dnp3/main.bro
@@ -0,0 +1,73 @@
+##! A very basic DNP3 analysis script that just logs requests and replies.
+
+module DNP3;
+
+@load ./consts
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		## Time of the request.
+		ts:         time           &log;
+		## Unique identifier for the connnection.
+		uid:        string         &log;
+		## Identifier for the connection.
+		id:         conn_id        &log;
+		## The name of the function message in the request.
+		fc_request: string         &log &optional;
+		## The name of the function message in the reply.
+		fc_reply:   string         &log &optional;
+		## The response's "internal indication number".
+		iin:        count          &log &optional;
+	};
+
+	## Event that can be handled to access the DNP3 record as it is sent on
+	## to the logging framework.
+	global log_dnp3: event(rec: Info);
+}
+
+redef record connection += {
+	dnp3: Info &optional;
+};
+
+const ports = { 502/tcp };
+redef likely_server_ports += { ports };
+
+event bro_init() &priority=5
+	{
+	Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3]);
+	Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3, ports);
+	}
+
+event dnp3_application_request_header(c: connection, is_orig: bool, fc: count)
+	{
+	if ( ! c?$dnp3 )
+		c$dnp3 = [$ts=network_time(), $uid=c$uid, $id=c$id];
+
+	c$dnp3$ts = network_time();
+	c$dnp3$fc_request = function_codes[fc];
+	}
+
+event dnp3_application_response_header(c: connection, is_orig: bool, fc: count, iin: count)
+	{
+	if ( ! c?$dnp3 )
+		c$dnp3 = [$ts=network_time(), $uid=c$uid, $id=c$id];
+
+	c$dnp3$ts = network_time();
+	c$dnp3$fc_reply = function_codes[fc];
+	c$dnp3$iin = iin;
+	
+	Log::write(LOG, c$dnp3);
+
+	delete c$dnp3;
+	}
+
+event connection_state_remove(c: connection) &priority=-5
+	{
+	if ( ! c?$dnp3 )
+		return;
+
+	Log::write(LOG, c$dnp3);
+	delete c$dnp3;
+	}
diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt
index a4e170f52b..fc63aa4b66 100644
--- a/src/analyzer/protocol/CMakeLists.txt
+++ b/src/analyzer/protocol/CMakeLists.txt
@@ -6,6 +6,7 @@ add_subdirectory(bittorrent)
 add_subdirectory(conn-size)
 add_subdirectory(dce-rpc)
 add_subdirectory(dhcp)
+add_subdirectory(dnp3)
 add_subdirectory(dns)
 add_subdirectory(file)
 add_subdirectory(finger)
diff --git a/src/analyzer/protocol/dnp3/CMakeLists.txt b/src/analyzer/protocol/dnp3/CMakeLists.txt
new file mode 100644
index 0000000000..b1c0f0b760
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/CMakeLists.txt
@@ -0,0 +1,10 @@
+
+include(BroPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
+
+bro_plugin_begin(Bro DNP3)
+bro_plugin_cc(DNP3.cc Plugin.cc)
+bro_plugin_bif(events.bif)
+bro_plugin_pac(dnp3.pac dnp3-analyzer.pac dnp3-protocol.pac dnp3-objects.pac)
+bro_plugin_end()
diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc
new file mode 100644
index 0000000000..ec0b02ba37
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@@ -0,0 +1,375 @@
+//
+// DNP3 was initially used over serial links; it defined its own application
+// layer, transport layer, and data link layer. This hierarchy cannot be
+// mapped to the TCP/IP stack directly. As a result, all three DNP3 layers
+// are packed together as a single application layer payload over the TCP
+// layer. Each DNP3 packet in the application layer may look like this DNP3
+// Packet:
+//
+//    DNP3 Link Layer | DNP3 Transport Layer | DNP3 Application Layer
+//
+//    (This hierarchy can be viewed in the Wireshark visually.)
+//
+// === Background on DNP3
+//
+// 1. Basic structure of DNP3 Protocol over serial links. This information
+//    can be found in detail in
+//
+//        DNP3 Specification Volume 2, Part 1 Basic, Application Layer
+//        DNP3 Specification Volume 4, Data Link Layer
+//
+//    Traditionally, the DNP3 Application Layer in serial links contains a
+//    "DNP3 Application Layer Fragment". The data that is parsed by the end
+//    device and then executed. As the "DNP3 Application Layer Fragment" can
+//    be long (>255 bytes), it may be trunkcated and carried in different
+//    DNP3 Application Layer of more than one DNP3 packets.
+//
+//    So we may find a long DNP3 Application Layer Fragment to be transmitted in the following format
+//
+//        DNP3 Packet #1 : DNP3 Link Layer | DNP3 Transport Layer | DNP3 Application Layer #1
+//        DNP3 Packet #2 : DNP3 Link Layer | DNP3 Transport Layer | DNP3 Application Layer #2
+//        ....
+//        DNP3 Packet #n : DNP3 Link Layer | DNP3 Transport Layer | DNP3 Application Layer #n
+//
+//    So to get the whole DNP3 application layer fragment, we concatenate
+//    each DNP3 Application Layer Data into a logic DNP3 Application Layer
+//    Fragment:
+//
+//       DNP3 Application Layer #1 + DNP3 Application Layer #2 + ... + DNP3 Application Layer #n
+//
+// 2. Packing DNP3 Network Packet into TCP/IP stack
+//
+// We will call the original DNP3 Link Layer, Transport Layer and Application
+// Layer used in serial link as Pseudo Link Layer, Pseudo Transport Layer and
+// Pseudo Application Layer.
+//
+// For a long DNP3 application layer fragment, we may find it tramistted
+// over IP network in the following format:
+//
+//     Network Packet #1 : TCP Header | DNP3 Pseudo Link Layer | DNP3 Pseudo Transport Layer | DNP3 Pseudo Application Layer #1
+//     Network Packet #2 : TCP Header | DNP3 Pseudo Link Layer | DNP3 Pseudo Transport Layer | DNP3 Pseudo Application Layer #2
+//     ....
+//     Network Packet #n : TCP Header | DNP3 Pseudo Link Layer | DNP3 Pseudo Transport Layer | DNP3 Pseudo Application Layer #n
+//
+// === Challenges of Writing DNP3 Analyzer on Binpac ===
+//
+// The detailed structure of the DNP3 Link Layer is:
+//
+//     0x05 0x64 Len Ctrl Dest_LSB Dest_MSB Src_LSB Src_MSB CRC_LSB CRC_MSB
+//
+//     Each field is a byte; LSB: least significant byte; MSB: most significatn byte.
+//
+//     "Len" indicates the length of the byte stream right after this field
+//     (excluding CRC fields) in the current DNP3 packet.
+//
+// Since "Len" is of size one byte, the largest length it can represent is
+// 255 bytes. The larget DNP3 Application Layer size is "255 - 5 + size of
+// all CRC fields". "minus 5" is coming from the 5 bytes after "Len" field in
+// the DNP3 Link Layer, i.e. Ctrl Dest_LSB Dest_MSB Src_LSB Src_MSB Hence,
+// the largest size of a DNP3 Packet (DNP3 Data Link Layer : DNP3 Transport
+// Layer : DNP3 Application Layer) can only be 292 bytes.
+//
+// The "Len" field indicates the length of of a single chunk of DNP3 Psuedo
+// Application Layer data instead of the whole DNP3 Application Layer
+// Fragment. However, we can not know the whole length of the DNP3
+// Application Layer Fragment (which Binpac would normally need) until all
+// chunks of Pseudo Application Layer Data are received.
+//
+// We hence exploit the internal flow_buffer class used in Binpac to buffer
+// the application layer data until all chunk are received. The trick that I
+// used require in-depth understanding on how Binpac parse the application
+// layer data and perform incremental parsing. The codes that exploits
+// flow_buffer class to buffer the application layer data is included in
+// DNP3_ProcessData class.
+//
+// The binpac analyzer parses the DNP3 Application Layer Fragment. However,
+// we manually add the original Pseudo Link Layer data as an additional
+// header before the DNP3 Application Fragment. This helps to know how many
+// bytes are in the current chunk of DNP3 application layer data (not the
+// whole Application Layer Fragment).
+//
+// Graphically, the procedure is:
+//
+// DNP3 Packet :  DNP3 Pseudo Data Link Layer : DNP3 Pseudo Transport Layer : DNP3 Pseudo Application Layer
+//                                   ||                                    ||
+//                                   || (length field)                     || (original paylad byte stream)
+//                                   \/                                    \/
+//                DNP3 Additional Header              :                  Reassembled DNP3 Pseudo Application Layer Data
+//                                                   ||
+//                                                   \/
+//                                            Binpac DNP3 Analyzer
+
+#include "DNP3.h"
+#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "events.bif.h"
+
+using namespace analyzer::dnp3;
+
+const unsigned int PSEUDO_LENGTH_INDEX = 2;		// index of len field of DNP3 Pseudo Link Layer
+const unsigned int PSEUDO_CONTROL_FIELD_INDEX = 3;	// index of ctrl field of DNP3 Pseudo Link Layer
+const unsigned int PSEUDO_TRANSPORT_INDEX = 10;		// index of DNP3 Pseudo Transport Layer
+const unsigned int PSEUDO_APP_LAYER_INDEX = 11;		// index of first DNP3 app-layer byte.
+const unsigned int PSEUDO_TRANSPORT_LEN = 1;		// length of DNP3 Transport Layer
+const unsigned int PSEUDO_LINK_LAYER_LEN = 8;		// length of DNP3 Pseudo Link Layer
+
+bool DNP3_Analyzer::crc_table_initialized = false;
+unsigned int DNP3_Analyzer::crc_table[256];
+
+DNP3_Analyzer::DNP3_Analyzer(Connection* c) : TCP_ApplicationAnalyzer("DNP3", c)
+	{
+	interp = new binpac::DNP3::DNP3_Conn(this);
+
+	ClearEndpointState(true);
+	ClearEndpointState(false);
+
+	if ( ! crc_table_initialized )
+		PrecomputeCRCTable();
+	}
+
+DNP3_Analyzer::~DNP3_Analyzer()
+	{
+	delete interp;
+	}
+
+void DNP3_Analyzer::Done()
+	{
+	TCP_ApplicationAnalyzer::Done();
+
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	}
+
+void DNP3_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
+
+	try
+		{
+		if ( ! ProcessData(len, data, orig) )
+			SetSkip(1);
+		}
+
+	catch ( const binpac::Exception& e )
+		{
+		SetSkip(1);
+		throw;
+		}
+
+	}
+
+void DNP3_Analyzer::Undelivered(int seq, int len, bool orig)
+	{
+	TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	interp->NewGap(orig, len);
+	}
+
+void DNP3_Analyzer::EndpointEOF(tcp::TCP_Reassembler* endp)
+	{
+	TCP_ApplicationAnalyzer::EndpointEOF(endp);
+	interp->FlowEOF(endp->IsOrig());
+	}
+
+bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
+	{
+	Endpoint* endp = orig ? &orig_state : &resp_state;
+
+	while ( len )
+		{
+		if ( endp->in_hdr )
+			{
+			// We're parsing the DNP3 header and link layer, get that in full.
+			if ( ! AddToBuffer(endp, PSEUDO_APP_LAYER_INDEX, &data, &len) )
+				return true;
+
+			// The first two bytes must always be 0x0564.
+			if( endp->buffer[0] != 0x05 || endp->buffer[1] != 0x64 )
+				{
+				Weird("dnp3_header_lacks_magic");
+				return false;
+				}
+
+			// Make sure header checksum is correct.
+			if ( ! CheckCRC(PSEUDO_LINK_LAYER_LEN, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN, "header") ) 
+				{
+				ProtocolViolation("broken_checksum");
+				return false;
+				}
+
+			// If the checksum works out, we're pretty certainly DNP3.
+			ProtocolConfirmation();
+
+			// Double check the direction in case the first
+			// received packet is a response.
+			u_char ctrl = endp->buffer[PSEUDO_CONTROL_FIELD_INDEX];
+
+			if ( orig != (bool)(ctrl & 0x80) )
+				Weird("dnp3_unexpected_flow_direction");
+
+			// Update state.
+			endp->pkt_length = endp->buffer[PSEUDO_LENGTH_INDEX];
+			endp->tpflags = endp->buffer[PSEUDO_TRANSPORT_INDEX];
+			endp->in_hdr = false; // Now parsing application layer.
+
+			// For the first packet, we submit the header to
+			// BinPAC.
+			if ( ++endp->pkt_cnt == 1 )
+				interp->NewData(orig, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN);
+
+			}
+
+		if ( ! endp->in_hdr )
+			{
+			assert(endp->pkt_length);
+
+			// We're parsing the DNP3 application layer, get that
+			// in full now as well. We calculate the number of
+			// raw bytes the application layer consists of from
+			// the packet length by determining how much 16-byte
+			// chunks fit in there, and then add 2 bytes CRC for
+			// each.
+			int n = PSEUDO_APP_LAYER_INDEX + (endp->pkt_length - 5) + ((endp->pkt_length - 5) / 16) * 2 + 2 - 1;
+
+			if ( ! AddToBuffer(endp, n, &data, &len) )
+				return true;
+
+			// Parse the the application layer data.
+			if ( ! ParseAppLayer(endp) )
+				return false;
+
+			// Done with this packet, prepare for next.
+			endp->buffer_len = 0;
+			endp->in_hdr = true;
+			}
+		}
+
+	return true;
+	}
+
+bool DNP3_Analyzer::AddToBuffer(Endpoint* endp, int target_len, const u_char** data, int* len)
+	{
+	if ( ! target_len )
+		return true;
+
+	int to_copy = min(*len, target_len - endp->buffer_len);
+
+	memcpy(endp->buffer + endp->buffer_len, *data, to_copy);
+	*data += to_copy;
+	*len -= to_copy;
+	endp->buffer_len += to_copy;
+
+	return endp->buffer_len == target_len;
+	}
+
+bool DNP3_Analyzer::ParseAppLayer(Endpoint* endp)
+	{
+	bool orig = (endp == &orig_state);
+	binpac::DNP3::DNP3_Flow* flow = orig ? interp->upflow() : interp->downflow();
+
+	u_char* data = endp->buffer + PSEUDO_TRANSPORT_INDEX; // The transport layer byte counts as app-layer it seems.
+	int len = endp->pkt_length - 5;
+
+	//// DNP3 Packet :  DNP3 Pseudo Link Layer | DNP3 Pseudo Transport Layer | DNP3 Pseudo Application Layer
+	//// DNP3 Serial Transport Layer data is always 1 byte.
+	//// Get FIN FIR seq field in transport header
+	//// FIR indicate whether the following DNP3 Serial Application Layer is first chunk of bytes or not
+	//// FIN indicate whether the following DNP3 Serial Application Layer is last chunk of bytes or not
+
+	//// Get FIR and FIN field from the DNP3 Pseudo Transport Layer
+
+	int is_first = (endp->tpflags & 0x40) >> 6; // Initial chunk of data in this packet.
+	int is_last = (endp->tpflags & 0x80) >> 7; // Last chunk of data in this packet.
+
+	int transport = PSEUDO_TRANSPORT_LEN;
+
+	int i = 0;
+	while ( len > 0 )
+		{
+		int n = min(len, 16);
+
+		// Make sure chunk has a correct checksum.
+		if ( ! CheckCRC(n, data, data + n, "app_chunk") )
+			return false;
+
+		// Pass on to BinPAC.
+		assert(data + n < endp->buffer + endp->buffer_len);
+		flow->flow_buffer()->BufferData(data + transport, data + n);
+		transport = 0;
+
+		data += n + 2;
+		len -= n;
+		}
+
+	if ( is_first )
+		endp->encountered_first_chunk = true;
+
+	if ( ! is_first && ! endp->encountered_first_chunk )
+		{
+		// We lost the first chunk.
+		Weird("dnp3_first_application_layer_chunk_missing");
+		return false;
+		}
+
+	if ( is_last )
+		{
+		flow->flow_buffer()->FinishBuffer();
+		flow->FlowEOF();
+		ClearEndpointState(orig);
+		}
+
+	return true;
+	}
+
+void DNP3_Analyzer::ClearEndpointState(bool orig)
+	{
+	Endpoint* endp = orig ? &orig_state : &resp_state;
+	binpac::DNP3::DNP3_Flow* flow = orig ? interp->upflow() : interp->downflow();
+
+	endp->in_hdr = true;
+	endp->encountered_first_chunk = false;
+	endp->buffer_len = 0;
+	endp->pkt_length = 0;
+	endp->tpflags = 0;
+	endp->pkt_cnt = 0;
+	}
+
+bool DNP3_Analyzer::CheckCRC(int len, const u_char* data, const u_char* crc16, const char* where)
+	{
+	unsigned int crc = CalcCRC(len, data);
+
+	if ( crc16[0] == (crc & 0xff) && crc16[1] == (crc & 0xff00) >> 8 )
+		return true;
+
+	Weird(fmt("dnp3_corrupt_%s_checksum", where));
+	return false;
+	}
+
+void DNP3_Analyzer::PrecomputeCRCTable()
+	{
+	for( unsigned int i = 0; i < 256; i++)
+		{
+		unsigned int crc = i;
+
+		for ( unsigned int j = 0; j < 8; ++j )
+			{
+			if ( crc & 0x0001 )
+				crc = (crc >> 1) ^ 0xA6BC; // Generating polynomial.
+			else
+				crc >>= 1;
+			}
+
+		crc_table[i] = crc;
+		}
+	}
+
+unsigned int DNP3_Analyzer::CalcCRC(int len, const u_char* data)
+	{
+	unsigned int crc = 0x0000;
+
+	for ( int i = 0; i < len; i++ )
+		{
+		unsigned int index = (crc ^ data[i]) & 0xFF;
+		crc = crc_table[index] ^ (crc >> 8);
+		}
+
+	return ~crc & 0xFFFF;
+	}
diff --git a/src/analyzer/protocol/dnp3/DNP3.h b/src/analyzer/protocol/dnp3/DNP3.h
new file mode 100644
index 0000000000..d758c2e35a
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/DNP3.h
@@ -0,0 +1,56 @@
+#ifndef ANALYZER_PROTOCOL_DNP3_DNP3_H
+#define ANALYZER_PROTOCOL_DNP3_DNP3_H
+
+#include "analyzer/protocol/tcp/TCP.h"
+#include "dnp3_pac.h"
+
+namespace analyzer { namespace dnp3 {
+
+class DNP3_Analyzer : public tcp::TCP_ApplicationAnalyzer {
+public:
+	DNP3_Analyzer(Connection* conn);
+	virtual ~DNP3_Analyzer();
+
+	virtual void Done();
+	virtual void DeliverStream(int len, const u_char* data, bool orig);
+	virtual void Undelivered(int seq, int len, bool orig);
+	virtual void EndpointEOF(tcp::TCP_Reassembler* endp);
+
+	static Analyzer* InstantiateAnalyzer(Connection* conn)
+		{ return new DNP3_Analyzer(conn); }
+
+private:
+	static const int MAX_BUFFER_SIZE = 300;
+
+	struct Endpoint
+		{
+		u_char buffer[MAX_BUFFER_SIZE];
+		int buffer_len;
+		bool in_hdr;
+		int tpflags;
+		int pkt_length;
+		int pkt_cnt;
+		bool encountered_first_chunk;
+		};
+
+	bool ProcessData(int len, const u_char* data, bool orig);
+	void ClearEndpointState(bool orig);
+	bool AddToBuffer(Endpoint* endp, int target_len, const u_char** data, int* len);
+	bool ParseAppLayer(Endpoint* endp);
+	bool CheckCRC(int len, const u_char* data, const u_char* crc16, const char* where);
+	unsigned int CalcCRC(int len, const u_char* data);
+
+	binpac::DNP3::DNP3_Conn* interp;
+
+	Endpoint orig_state;
+	Endpoint resp_state;
+
+	static void PrecomputeCRCTable();
+
+	static bool crc_table_initialized;
+	static unsigned int crc_table[256];
+};
+
+} } // namespace analyzer::* 
+
+#endif
diff --git a/src/analyzer/protocol/dnp3/Plugin.cc b/src/analyzer/protocol/dnp3/Plugin.cc
new file mode 100644
index 0000000000..d86413b388
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/Plugin.cc
@@ -0,0 +1,10 @@
+
+#include "plugin/Plugin.h"
+
+#include "DNP3.h"
+
+BRO_PLUGIN_BEGIN(Bro, DNP3)
+	BRO_PLUGIN_DESCRIPTION("DNP3 analyzer");
+	BRO_PLUGIN_ANALYZER("DNP3", dnp3::DNP3_Analyzer);
+	BRO_PLUGIN_BIF_FILE(events);
+BRO_PLUGIN_END
diff --git a/src/analyzer/protocol/dnp3/dnp3-analyzer.pac b/src/analyzer/protocol/dnp3/dnp3-analyzer.pac
new file mode 100644
index 0000000000..2ae783c82e
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/dnp3-analyzer.pac
@@ -0,0 +1,969 @@
+
+connection DNP3_Conn(bro_analyzer: BroAnalyzer) {
+	upflow = DNP3_Flow(true);
+	downflow = DNP3_Flow(false);
+};
+
+flow DNP3_Flow(is_orig: bool) {
+	flowunit = DNP3_PDU(is_orig) withcontext (connection, this);
+
+	function get_dnp3_header_block(start: uint16, len: uint16, ctrl: uint8, dest_addr: uint16, src_addr: uint16): bool
+		%{
+		if ( ::dnp3_header_block )
+			{
+			BifEvent::generate_dnp3_header_block(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), start, len, ctrl, dest_addr, src_addr);
+			}
+
+		return true;
+		%}
+
+	function get_dnp3_application_request_header(fc: uint8): bool
+		%{
+		if ( ::dnp3_application_request_header )
+			{
+			BifEvent::generate_dnp3_application_request_header(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(),
+				fc
+				);
+			}
+		return true;
+		%}
+
+	function get_dnp3_application_response_header(fc: uint8, iin: uint16): bool
+		%{
+		if ( ::dnp3_application_response_header )
+			{
+			BifEvent::generate_dnp3_application_response_header(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(),
+				fc,
+				iin
+				);
+			}
+		return true;
+		%}
+
+	function get_dnp3_object_header(obj_type: uint16, qua_field: uint8, number: uint32, rf_low: uint32, rf_high: uint32 ): bool
+		%{
+		if ( ::dnp3_object_header )
+			{
+			BifEvent::generate_dnp3_object_header(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), obj_type, qua_field, number, rf_low, rf_high);
+			}
+
+		return true;
+		%}
+
+	function get_dnp3_object_prefix(prefix_value: uint32): bool
+		%{
+		if ( ::dnp3_object_prefix )
+			{
+			BifEvent::generate_dnp3_object_prefix(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), prefix_value);
+			}
+
+		return true;
+		%}
+
+	function get_dnp3_response_data_object(data_value: uint8): bool
+		%{
+		if ( ::dnp3_response_data_object )
+			{
+			BifEvent::generate_dnp3_response_data_object(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), data_value);
+			}
+
+		return true;
+		%}
+
+	#g0
+	function get_dnp3_attribute_common(data_type_code: uint8, leng: uint8, attribute_obj: const_bytestring): bool
+		%{
+		if ( ::dnp3_attribute_common )
+			{
+			BifEvent::generate_dnp3_attribute_common(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), data_type_code, leng, bytestring_to_val(attribute_obj) );
+			}
+
+		return true;
+		%}
+
+	#g12v1
+	function get_dnp3_crob(control_code: uint8, count8: uint8, on_time: uint32, off_time: uint32, status_code: uint8): bool
+		%{
+		if ( ::dnp3_crob )
+			{
+			BifEvent::generate_dnp3_crob(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), control_code, count8, on_time, off_time, status_code);
+			}
+
+		return true;
+		%}
+
+	#g12v2
+	function get_dnp3_pcb(control_code: uint8, count8: uint8, on_time: uint32, off_time: uint32, status_code: uint8): bool
+		%{
+		if ( ::dnp3_pcb )
+			{
+			BifEvent::generate_dnp3_pcb(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), control_code, count8, on_time, off_time, status_code);
+			}
+
+		return true;
+		%}
+
+	# g20v1
+	function get_dnp3_counter_32wFlag(flag: uint8, count_value: uint32): bool
+		%{
+		if ( ::dnp3_counter_32wFlag )
+			{
+			BifEvent::generate_dnp3_counter_32wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, count_value);
+			}
+
+		return true;
+		%}
+
+	# g20v2
+	function get_dnp3_counter_16wFlag(flag: uint8, count_value: uint16): bool
+		%{
+		if ( ::dnp3_counter_16wFlag )
+			{
+			BifEvent::generate_dnp3_counter_16wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, count_value);
+			}
+
+		return true;
+		%}
+
+	# g20v5
+	function get_dnp3_counter_32woFlag(count_value: uint32): bool
+		%{
+		if ( ::dnp3_counter_32woFlag )
+			{
+			BifEvent::generate_dnp3_counter_32woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), count_value);
+			}
+
+		return true;
+		%}
+
+	# g20v6
+	function get_dnp3_counter_16woFlag(count_value: uint16): bool
+		%{
+		if ( ::dnp3_counter_16woFlag )
+			{
+			BifEvent::generate_dnp3_counter_16woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), count_value);
+			}
+
+		return true;
+		%}
+
+	# g21v1
+	function get_dnp3_frozen_counter_32wFlag(flag: uint8, count_value: uint32): bool
+		%{
+		if ( ::dnp3_frozen_counter_32wFlag )
+			{
+			BifEvent::generate_dnp3_frozen_counter_32wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, count_value);
+			}
+
+		return true;
+		%}
+
+	# g21v2
+	function get_dnp3_frozen_counter_16wFlag(flag: uint8, count_value: uint16): bool
+		%{
+		if ( ::dnp3_frozen_counter_16wFlag )
+			{
+			BifEvent::generate_dnp3_frozen_counter_16wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, count_value);
+			}
+
+		return true;
+		%}
+
+	# g21v5
+	function get_dnp3_frozen_counter_32wFlagTime(flag: uint8, count_value: uint32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_counter_32wFlagTime )
+			{
+			BifEvent::generate_dnp3_frozen_counter_32wFlagTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, count_value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g21v6
+	function get_dnp3_frozen_counter_16wFlagTime(flag: uint8, count_value: uint16, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_counter_16wFlagTime )
+			{
+			BifEvent::generate_dnp3_frozen_counter_16wFlagTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, count_value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g21v9
+	function get_dnp3_frozen_counter_32woFlag(count_value: uint32): bool
+		%{
+		if ( ::dnp3_frozen_counter_32woFlag )
+			{
+			BifEvent::generate_dnp3_frozen_counter_32woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), count_value);
+			}
+
+		return true;
+		%}
+
+	# g21v10
+	function get_dnp3_frozen_counter_16woFlag(count_value: uint16): bool
+		%{
+		if ( ::dnp3_frozen_counter_16woFlag )
+			{
+			BifEvent::generate_dnp3_frozen_counter_16woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), count_value);
+			}
+
+		return true;
+		%}
+
+	# g30v1
+	function get_dnp3_analog_input_32wFlag(flag: uint8, value: int32): bool
+		%{
+		if ( ::dnp3_analog_input_32wFlag )
+			{
+			BifEvent::generate_dnp3_analog_input_32wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value);
+			}
+
+		return true;
+		%}
+
+	# g30v2
+	function get_dnp3_analog_input_16wFlag(flag: uint8, value: int16): bool
+		%{
+		if ( ::dnp3_analog_input_16wFlag )
+			{
+			BifEvent::generate_dnp3_analog_input_16wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value);
+			}
+
+		return true;
+		%}
+
+	# g30v3
+	function get_dnp3_analog_input_32woFlag(value: int32): bool
+		%{
+		if ( ::dnp3_analog_input_32woFlag )
+			{
+			BifEvent::generate_dnp3_analog_input_32woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), value);
+			}
+
+		return true;
+		%}
+
+	#g30v4
+	function get_dnp3_analog_input_16woFlag(value: int16): bool
+		%{
+		if ( ::dnp3_analog_input_16woFlag )
+			{
+			BifEvent::generate_dnp3_analog_input_16woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), value);
+			}
+
+		return true;
+		%}
+
+	# g30v5
+	function get_dnp3_analog_input_SPwFlag(flag: uint8, value: uint32): bool
+		%{
+		if ( ::dnp3_analog_input_SPwFlag )
+			{
+			BifEvent::generate_dnp3_analog_input_SPwFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value);
+			}
+
+		return true;
+		%}
+
+	# g30v6
+	function get_dnp3_analog_input_DPwFlag(flag: uint8, value_low: uint32, value_high: uint32): bool
+		%{
+		if ( ::dnp3_analog_input_DPwFlag )
+			{
+			BifEvent::generate_dnp3_analog_input_DPwFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value_low, value_high);
+			}
+
+		return true;
+		%}
+
+	# g31v1
+	function get_dnp3_frozen_analog_input_32wFlag(flag: uint8, frozen_value: int32): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_32wFlag )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_32wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g31v2
+	function get_dnp3_frozen_analog_input_16wFlag(flag: uint8, frozen_value: int16): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_16wFlag )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_16wFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g31v3
+	function get_dnp3_frozen_analog_input_32wTime(flag: uint8, frozen_value: int32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_32wTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_32wTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g31v4
+	function get_dnp3_frozen_analog_input_16wTime(flag: uint8, frozen_value: int16, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_16wTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_16wTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g31v5
+	function get_dnp3_frozen_analog_input_32woFlag(frozen_value: int32): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_32woFlag )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_32woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g31v6
+	function get_dnp3_frozen_analog_input_16woFlag(frozen_value: int16): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_16woFlag )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_16woFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g31v7
+	function get_dnp3_frozen_analog_input_SPwFlag(flag: uint8, frozen_value: uint32): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_SPwFlag )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_SPwFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g31v8
+	function get_dnp3_frozen_analog_input_DPwFlag(flag: uint8, frozen_value_low: uint32, frozen_value_high: uint32): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_DPwFlag )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_DPwFlag(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value_low, frozen_value_high);
+			}
+
+		return true;
+		%}
+
+	# g32v1
+	function get_dnp3_analog_input_event_32woTime(flag: uint8, value: int32): bool
+		%{
+		if ( ::dnp3_analog_input_event_32woTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_32woTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value);
+			}
+
+		return true;
+		%}
+
+	# g32v2
+	function get_dnp3_analog_input_event_16woTime(flag: uint8, value: int16): bool
+		%{
+		if ( ::dnp3_analog_input_event_16woTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_16woTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value);
+			}
+
+		return true;
+		%}
+
+	# g32v3
+	function get_dnp3_analog_input_event_32wTime(flag: uint8, value: int32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_analog_input_event_32wTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_32wTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g32v4
+	function get_dnp3_analog_input_event_16wTime(flag: uint8, value: int16, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_analog_input_event_16wTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_16wTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g32v5
+	function get_dnp3_analog_input_event_SPwoTime(flag: uint8, value: uint32): bool
+		%{
+		if ( ::dnp3_analog_input_event_SPwoTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_SPwoTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value);
+			}
+
+		return true;
+		%}
+
+	# g32v6
+	function get_dnp3_analog_input_event_DPwoTime(flag: uint8, value_low: uint32, value_high: uint32): bool
+		%{
+		if ( ::dnp3_analog_input_event_DPwoTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_DPwoTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value_low, value_high);
+			}
+
+		return true;
+		%}
+
+	# g32v7
+	function get_dnp3_analog_input_event_SPwTime(flag: uint8, value: uint32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_analog_input_event_SPwTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_SPwTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g32v8
+	function get_dnp3_analog_input_event_DPwTime(flag: uint8, value_low: uint32, value_high: uint32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_analog_input_event_DPwTime )
+			{
+			BifEvent::generate_dnp3_analog_input_event_DPwTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, value_low, value_high, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g33v1
+	function get_dnp3_frozen_analog_input_event_32woTime(flag: uint8, frozen_value: int32): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_32woTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_32woTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g33v2
+	function get_dnp3_frozen_analog_input_event_16woTime(flag: uint8, frozen_value: int16): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_16woTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_16woTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g33v3
+	function get_dnp3_frozen_analog_input_event_32wTime(flag: uint8, frozen_value: int32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_32wTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_32wTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g33v4
+	function get_dnp3_frozen_analog_input_event_16wTime(flag: uint8, frozen_value: int16, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_16wTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_16wTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g33v5
+	function get_dnp3_frozen_analog_input_event_SPwoTime(flag: uint8, frozen_value: uint32): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_SPwoTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_SPwoTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value);
+			}
+
+		return true;
+		%}
+
+	# g33v6
+	function get_dnp3_frozen_analog_input_event_DPwoTime(flag: uint8, frozen_value_low: uint32, frozen_value_high: uint32): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_DPwoTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_DPwoTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value_low, frozen_value_high);
+			}
+
+		return true;
+		%}
+
+	# g33v7
+	function get_dnp3_frozen_analog_input_event_SPwTime(flag: uint8, frozen_value: uint32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_SPwTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_SPwTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g33v8
+	function get_dnp3_frozen_analog_input_event_DPwTime(flag: uint8, frozen_value_low: uint32, frozen_value_high: uint32, time48: const_bytestring): bool
+		%{
+		if ( ::dnp3_frozen_analog_input_event_DPwTime )
+			{
+			BifEvent::generate_dnp3_frozen_analog_input_event_DPwTime(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), flag, frozen_value_low, frozen_value_high, bytestring_to_val(time48));
+			}
+
+		return true;
+		%}
+
+	# g70v5
+	function get_dnp3_file_transport(file_handle: uint32, block_num: uint32, file_data: const_bytestring): bool
+		%{
+		if ( ::dnp3_file_transport )
+			{
+			BifEvent::generate_dnp3_file_transport(
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), file_handle, block_num, bytestring_to_val(file_data));
+			}
+
+		return true;
+		%}
+
+#### for debug use or unknown data types used in "case"
+	function get_dnp3_debug_byte(debug: const_bytestring): bool
+		%{
+		if ( ::dnp3_debug_byte )
+			{
+			BifEvent::generate_dnp3_debug_byte (
+				connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig(), bytestring_to_val(debug));
+			}
+
+		return true;
+		%}
+
+};
+
+refine typeattr Header_Block += &let {
+	get_header: bool =  $context.flow.get_dnp3_header_block(start, len, ctrl, dest_addr, src_addr);
+};
+
+refine typeattr DNP3_Application_Request_Header += &let {
+	process_request: bool =  $context.flow.get_dnp3_application_request_header(function_code);
+};
+
+refine typeattr DNP3_Application_Response_Header += &let {
+	process_request: bool =  $context.flow.get_dnp3_application_response_header(function_code, internal_indications);
+};
+
+refine typeattr Object_Header += &let {
+	process_request: bool =  $context.flow.get_dnp3_object_header(object_type_field, qualifier_field, number_of_item, rf_value_low, rf_value_high);
+};
+
+refine typeattr Prefix_Type += &let {
+	prefix_called: bool =  $context.flow.get_dnp3_object_prefix(prefix_value);
+};
+
+refine typeattr Response_Data_Object += &let {
+	process_request: bool =  $context.flow.get_dnp3_response_data_object(data_value);
+};
+
+# g0
+refine typeattr AttributeCommon += &let {
+	process_request: bool =  $context.flow.get_dnp3_attribute_common(data_type_code, leng, attribute_obj);
+};
+
+# g12v1
+refine typeattr CROB += &let {
+	process_request: bool =  $context.flow.get_dnp3_crob(control_code, count, on_time, off_time, status_code);
+};
+
+# g12v2
+refine typeattr PCB += &let {
+	process_request: bool =  $context.flow.get_dnp3_pcb(control_code, count, on_time, off_time, status_code);
+};
+
+# g20v1
+refine typeattr Counter32wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_counter_32wFlag(flag, count_value);
+};
+
+# g20v2
+refine typeattr Counter16wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_counter_16wFlag(flag, count_value);
+};
+
+# g20v5
+refine typeattr Counter32woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_counter_32woFlag(count_value);
+};
+
+# g20v6
+refine typeattr Counter16woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_counter_16woFlag(count_value);
+};
+
+# g21v1
+refine typeattr FrozenCounter32wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_counter_32wFlag(flag, count_value);
+};
+
+# g21v2
+refine typeattr FrozenCounter16wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_counter_16wFlag(flag, count_value);
+};
+# g21v5
+refine typeattr FrozenCounter32wFlagTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_counter_32wFlagTime(flag, count_value, time48);
+};
+
+# g21v6
+refine typeattr FrozenCounter16wFlagTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_counter_16wFlagTime(flag, count_value, time48);
+};
+
+# g21v9
+refine typeattr FrozenCounter32woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_counter_32woFlag(count_value);
+};
+
+# g21v10
+refine typeattr FrozenCounter16woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_counter_16woFlag(count_value);
+};
+
+# g30v1
+refine typeattr AnalogInput32wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_32wFlag(flag, value);
+};
+
+# g30v2
+refine typeattr AnalogInput16wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_16wFlag(flag, value);
+};
+
+# g30v3
+refine typeattr AnalogInput32woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_32woFlag(value);
+};
+
+# g30v4
+refine typeattr AnalogInput16woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_16woFlag(value);
+};
+
+# g30v5
+refine typeattr AnalogInputSPwFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_SPwFlag(flag, value);
+};
+
+# g30v6
+refine typeattr AnalogInputDPwFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_DPwFlag(flag, value_low, value_high);
+};
+
+# g31v1
+refine typeattr FrozenAnalogInput32wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_32wFlag(flag, frozen_value);
+};
+
+# g31v2
+refine typeattr FrozenAnalogInput16wFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_16wFlag(flag, frozen_value);
+};
+
+# g31v3
+refine typeattr FrozenAnalogInput32wTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_32wTime(flag, frozen_value, time48);
+};
+
+# g31v4
+refine typeattr FrozenAnalogInput16wTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_16wTime(flag, frozen_value, time48);
+};
+
+# g31v5
+refine typeattr FrozenAnalogInput32woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_32woFlag(frozen_value);
+};
+
+# g31v6
+refine typeattr FrozenAnalogInput16woFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_16woFlag(frozen_value);
+};
+
+# g31v7
+refine typeattr FrozenAnalogInputSPwFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_SPwFlag(flag, frozen_value);
+};
+
+# g31v8
+refine typeattr FrozenAnalogInputDPwFlag += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_DPwFlag(flag, frozen_value_low, frozen_value_high);
+};
+
+# g32v1
+refine typeattr AnalogInput32woTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_32woTime(flag, value);
+};
+
+# g32v2
+refine typeattr AnalogInput16woTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_16woTime(flag, value);
+};
+
+# g32v3
+refine typeattr AnalogInput32wTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_32wTime(flag, value, time48);
+};
+
+# g32v4
+refine typeattr AnalogInput16wTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_16wTime(flag, value, time48);
+};
+
+# g32v5
+refine typeattr AnalogInputSPwoTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_SPwoTime(flag, value);
+};
+
+# g32v6
+refine typeattr AnalogInputDPwoTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_DPwoTime(flag, value_low, value_high);
+};
+
+# g32v7
+refine typeattr AnalogInputSPwTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_SPwTime(flag, value, time48);
+};
+
+# g32v8
+refine typeattr AnalogInputDPwTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_analog_input_event_DPwTime(flag, value_low, value_high, time48);
+};
+
+# g33v1
+refine typeattr FrozenAnaInputEve32woTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_32woTime(flag, f_value);
+};
+
+# g33v2
+refine typeattr FrozenAnaInputEve16woTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_16woTime(flag, f_value);
+};
+
+# g33v3
+refine typeattr FrozenAnaInputEve32wTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_32wTime(flag, f_value, time48);
+};
+
+# g33v4
+refine typeattr FrozenAnaInputEve16wTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_16wTime(flag, f_value, time48);
+};
+
+# g33v5
+refine typeattr FrozenAnaInputEveSPwoTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_SPwoTime(flag, f_value);
+};
+
+# g33v6
+refine typeattr FrozenAnaInputEveDPwoTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_DPwoTime(flag, f_value_low, f_value_high);
+};
+
+# g33v7
+refine typeattr FrozenAnaInputEveSPwTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_SPwTime(flag, f_value, time48);
+};
+
+# g33v8
+refine typeattr FrozenAnaInputEveDPwTime += &let {
+	process_request: bool =  $context.flow.get_dnp3_frozen_analog_input_event_DPwTime(flag, f_value_low, f_value_high, time48);
+};
+
+# g70v5
+refine typeattr File_Transport += &let {
+        result: bool =  $context.flow.get_dnp3_file_transport(file_handle, block_num, file_data);
+};
+
+refine typeattr Debug_Byte += &let {
+	process_request: bool =  $context.flow.get_dnp3_debug_byte(debug);
+};
+
diff --git a/src/analyzer/protocol/dnp3/dnp3-objects.pac b/src/analyzer/protocol/dnp3/dnp3-objects.pac
new file mode 100644
index 0000000000..35d0d42b92
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/dnp3-objects.pac
@@ -0,0 +1,1451 @@
+##### moved from dnp3-protocol.pac
+
+type Prefix_Type(qualifier_field: uint8) = record {
+	prefix: case ( qualifier_field & 0xf0 ) of {
+		0x00 -> none: empty &check(qualifier_field == 0x01 ||
+						qualifier_field == 0x02 ||
+						qualifier_field == 0x03 ||
+						qualifier_field == 0x04 ||
+						qualifier_field == 0x05 ||
+						qualifier_field == 0x06 ||
+						qualifier_field == 0x07 ||
+						qualifier_field == 0x08 ||
+						qualifier_field == 0x09 );
+		0x10 -> prefix8: uint8 &check(qualifier_field == 0x17 ||
+						qualifier_field == 0x18 ||
+						qualifier_field == 0x19 );
+		0x20 -> prefix16: uint16 &check(qualifier_field == 0x27 ||
+						qualifier_field == 0x28 ||
+						qualifier_field == 0x29 );
+		0x30 -> prefix32: uint32 &check(qualifier_field == 0x37 ||
+						qualifier_field == 0x38 ||
+						qualifier_field == 0x39 );
+		0x40 -> object_size8: uint8 &check(qualifier_field == 0x4B);
+		0x50 -> object_size16: uint16 &check(qualifier_field == 0x5B);
+		0x60 -> object_size32: uint32 &check(qualifier_field == 0x6B);
+	 	default -> unknownprefix: empty;
+	};
+} &let{
+	prefix_value: uint32 = case (qualifier_field & 0xf0) of {
+		0x00 -> 0;
+		0x10 -> prefix8;
+		0x20 -> prefix16;
+		0x30 -> prefix32;
+		0x40 -> object_size8;
+		0x50 -> object_size16;
+		0x60 -> object_size32;
+		default -> 0x0;
+	};
+} &byteorder = littleendian;
+
+type Request_Data_Object(function_code: uint8, qualifier_field: uint8, object_type_field: uint16) = record {
+	prefix: Prefix_Type(qualifier_field);
+	data: case (object_type_field) of {
+	# device attributes g0
+		0x00D3 -> attrib211: AttributeCommon;
+		0x00D4 -> attrib212: AttributeCommon;
+		0x00D5 -> attrib213: AttributeCommon;
+		0x00D6 -> attrib214: AttributeCommon;
+		0x00D7 -> attrib215: AttributeCommon;
+		0x00D8 -> attrib216: AttributeCommon;
+		0x00D9 -> attrib217: AttributeCommon;
+		0x00DA -> attrib218: AttributeCommon;
+		0x00DB -> attrib219: AttributeCommon;
+		0x00DC -> attrib220: AttributeCommon;
+		0x00DD -> attrib221: AttributeCommon;
+		0x00DE -> attrib222: AttributeCommon;
+		0x00DF -> attrib223: AttributeCommon;
+		0x00E0 -> attrib224: AttributeCommon;
+		0x00E1 -> attrib225: AttributeCommon;
+		0x00E2 -> attrib226: AttributeCommon;
+		0x00E3 -> attrib227: AttributeCommon;
+		0x00E4 -> attrib228: AttributeCommon;
+		0x00E5 -> attrib229: AttributeCommon;
+		0x00E6 -> attrib230: AttributeCommon;
+		0x00E7 -> attrib231: AttributeCommon;
+		0x00E8 -> attrib232: AttributeCommon;
+		0x00E9 -> attrib233: AttributeCommon;
+		0x00EA -> attrib234: AttributeCommon;
+		0x00EB -> attrib235: AttributeCommon;
+		0x00EC -> attrib236: AttributeCommon;
+		0x00ED -> attrib237: AttributeCommon;
+		0x00EE -> attrib238: AttributeCommon;
+		0x00EF -> attrib239: AttributeCommon;
+		0x00F0 -> attrib240: AttributeCommon;
+		0x00F1 -> attrib241: AttributeCommon;
+		0x00F2 -> attrib242: AttributeCommon;
+		0x00F3 -> attrib243: AttributeCommon;
+		0x00F5 -> attrib245: AttributeCommon;
+		0x00F6 -> attrib246: AttributeCommon;
+		0x00F7 -> attrib247: AttributeCommon;
+		0x00F8 -> attrib248: AttributeCommon;
+		0x00F9 -> attrib249: AttributeCommon;
+		0x00FA -> attrib250: AttributeCommon;
+		0x00FC -> attrib252: AttributeCommon;
+		0x00FE -> attrib254: AttributeCommon;
+		0x00FF -> attrib255: AttributeCommon;
+
+	# binary input g1
+		0x0100 -> bi_default: empty;
+		0x0101 -> bi_packed: empty;
+		0x0102 -> bi_flag: empty;
+
+	# binary input event g2
+		0x0200 -> biedefault: empty;
+		0x0201 -> biewotime: empty;
+		0x0202 -> biewatime: empty;
+		0x0203 -> biewrtime: empty;
+
+	# double-bit Binary Input g3
+		0x0300 -> dbiDefault: empty;
+		0x0301 -> dbibytes: empty;
+		0x0302 -> dbiflag: empty;
+
+	# double-bit Binary Input Event g4
+		0x0400 -> dbieDefault: empty;
+		0x0401 -> dbieatime: empty;
+		0x0402 -> dbiertime: empty;
+
+	# binary output g10
+		0x0a00 -> boDefault: empty;
+		0x0a01 -> bowoflag: empty;  # warning: returning integer index?
+		0x0a02 -> bowflag: empty;  # warning: only flag?
+
+	# binary output event g11
+		0x0b00 -> bowDefault: empty;
+		0x0b01 -> boewflag: empty;
+		0x0b02 -> boewatime: empty;
+
+	# binary output command g12
+		0x0c01 -> bocmd_CROB: CROB &check (function_code == SELECT || function_code == OPERATE ||
+							function_code == DIRECT_OPERATE || function_code == DIRECT_OPERATE_NR );
+		0x0c02 -> bocmd_PCB: PCB &check (function_code == SELECT || function_code == OPERATE ||
+							function_code == DIRECT_OPERATE || function_code == DIRECT_OPERATE_NR || function_code == WRITE );
+		0x0c03 -> bocmd_PM: uint8;
+
+	# binary output command event g13
+		0x0d00 -> boceDefault: empty;
+		0x0d01 -> boceFlag: empty;
+		0x0d02 -> boceAtime: empty;
+
+	# counter ; g20
+		0x1400 -> counter_default: empty;
+		0x1401 -> counter_32_wflag: empty;
+		0x1402 -> counter_16_wflag: empty;
+		0x1403 -> counter_32_wflag_delta: empty &check (0); # obsolete situation; generate warning
+		0x1404 -> counter_16_wflag_delta: empty &check (0); # obsolete situations; generate warning
+		0x1405 -> counter_32_woflag: empty;
+		0x1406 -> counter_16_woflag: empty;
+		0x1407 -> counter_32_woflag_delta: empty &check (0); # obsolete
+		0x1408 -> counter_16_woflag_delta: empty &check (0); # obsolete
+	# frozen counter ; g21
+		0x1500 -> f_counter_default: empty;
+		0x1501 -> f_counter_32_wflag: empty;
+		0x1502 -> f_counter_16_wflag: empty;
+		0x1503 -> f_counter_32_wflag_delta: empty &check (0); # obsolete situation; generate warning
+		0x1504 -> f_counter_16_wflag_delta: empty &check (0); # obsolete situations; generate warning
+		0x1505 -> f_counter_32_wflag_time: empty;
+		0x1506 -> f_counter_16_wflag_time: empty;
+		0x1507 -> f_counter_32_wflag_time_delta: empty &check (0); # obsolete
+		0x1508 -> f_counter_16_wflag_time_delta: empty &check (0); # obsolete
+		0x1509 -> f_counter_32_woflag: empty;
+		0x150a -> f_counter_16_woflag: empty;
+		0x150b -> f_counter_32_woflag_delta: empty &check (0); # obsolete
+		0x150c -> f_counter_16_woflag_delta: empty &check (0); # obsolete
+
+	# counter event g22
+		0x1600 -> counter_event_default: empty;
+		0x1601 -> counter_event_32_wflag: empty;
+		0x1602 -> counter_event_16_wflag: empty;
+		0x1603 -> counter_event_32_wflag_delta: empty &check(0);
+		0x1604 -> counter_event_16_wflag_delta: empty &check(0);
+		0x1605 -> counter_event_32_wflag_time: empty;
+		0x1606 -> counter_event_16_wflag_time: empty;
+		0x1607 -> counter_event_32_wflag_time_delta: empty &check(0);
+		0x1608 -> counter_event_16_wflag_time_delat: empty &check(0);
+
+	# counter event g23
+		0x1700 -> f_counter_event_default: empty;
+		0x1701 -> f_counter_event_32_wflag: empty;
+		0x1702 -> f_counter_event_16_wflag: empty;
+		0x1703 -> f_counter_event_32_wflag_delta: empty &check(0);
+		0x1704 -> f_counter_event_16_wflag_delta: empty &check(0);
+		0x1705 -> f_counter_event_32_wflag_time: empty;
+		0x1706 -> f_counter_event_16_wflag_time: empty;
+		0x1707 -> f_counter_event_32_wflag_time_delta: empty &check(0);
+		0x1708 -> f_counter_event_16_wflag_time_delat: empty &check(0);
+
+	#analog input g30
+		0x1e00 -> ai_default: empty;
+		0x1e01 -> ai_32_wflag: empty;
+		0x1e02 -> ai_16_wflag: empty;
+		0x1e03 -> ai_32_woflag: empty;
+		0x1e04 -> ai_16_woflag: empty;
+		0x1e05 -> ai_sp_wflag: empty;
+		0x1e06 -> ai_dp_wflag: empty;
+
+	#frozen analog input g31
+		0x1f00 -> f_ai_default: empty;
+		0x1f01 -> f_ai_32_wflag: empty;
+		0x1f02 -> f_ai_16_wflag: empty;
+		0x1f03 -> f_ai_32_wtime: empty;
+		0x1f04 -> f_ai_16_wtime: empty;
+		0x1f05 -> f_ai_32_woflag: empty;
+		0x1f06 -> f_ai_16_woflag: empty;
+		0x1f07 -> f_ai_sp_wflag: empty;
+		0x1f08 -> f_ai_dp_wflag: empty;
+
+	#analog input event g32
+		0x2000 -> aie_default: empty;
+		0x2001 -> ai32wotime: empty;
+		0x2002 -> ai16wotime: empty;
+		0x2003 -> ai32wtime:  empty;
+		0x2004 -> ai16wtime:  empty;
+		0x2005 -> aispwotime: empty;
+		0x2006 -> aidpwotime: empty;
+		0x2007 -> aispwtime:  empty;
+		0x2008 -> aidpwtime:  empty;
+
+	# frozen analog input g33
+		0x2100 -> f_aie_default: empty;
+		0x2101 -> f_aie_32_wotime: empty;
+		0x2102 -> f_aie_16_wotime: empty;
+		0x2103 -> f_aie_32_wtime: empty;
+		0x2104 -> f_aie_16_wtime: empty;
+		0x2105 -> f_aie_sp_wotime: empty;
+		0x2106 -> f_aie_dp_wotime: empty;
+		0x2107 -> f_aie_sp_wtime: empty;
+		0x2108 -> f_aie_dp_wtime: empty;
+
+	# analog input deadband g34
+		0x2200 -> ai_dead: empty;
+		0x2201 -> ai_dead_16: empty;
+		0x2202 -> ai_dead_32: empty;
+		0x2203 -> ai_dead_sp: empty;
+
+	# analog ouput status g40
+		0x2800 -> aos_default: empty;
+		0x2801 -> aos_32: empty;
+		0x2802 -> aos_16: empty;
+		0x2803 -> aos_sp: empty;
+		0x2804 -> aos_dp: empty;
+
+	# analog ouput g41
+		0x2901 -> ao_32: AnaOut32;
+		0x2902 -> ao_16: AnaOut16;
+		0x2903 -> ao_sp: AnaOutSP;
+		0x2904 -> ao_dp: AnaOutDP;
+
+	# analog output event g42
+		0x2a00 -> aoe_default: empty;
+		0x2a01 -> aoe32wotime: empty;
+		0x2a02 -> aoe16wotime: empty;
+		0x2a03 -> aoe32wtime:  empty;
+		0x2a04 -> aoe16wtime:  empty;
+		0x2a05 -> aoespwotime: empty;
+		0x2a06 -> aoedpwotime: empty;
+		0x2a07 -> aoespwtime:  empty;
+		0x2a08 -> aoedpwtime:  empty;
+
+	# analog output command event g43
+		0x2b00 -> aoce_default: empty;
+		0x2b01 -> aoce32wotime: empty;
+		0x2b02 -> aoce16wotime: empty;
+		0x2b03 -> aoce32wtime:  empty;
+		0x2b04 -> aoce16wtime:  empty;
+		0x2b05 -> aocespwotime: empty;
+		0x2b06 -> aocedpwotime: empty;
+		0x2b07 -> aocespwtime:  empty;
+		0x2b08 -> aocedpwtime:  empty;
+
+	# time data interval data object g50
+		0x3200 -> time_default: empty;
+		0x3201 -> time_abs: AbsTime;
+		0x3202 -> time_interval: AbsTimeInterval;
+		0x3203 -> time_abs_last: Last_AbsTime;
+
+	# Time and Date Common Time-of-Occurrence g51
+		0x3301 -> time_abs_sync: AbsTime;
+		0x3302 -> time_abs_unsync: AbsTime;
+
+	# time delay g52
+		0x3401 -> time_coarse: uint16;
+		0x3402 -> time_fine: uint16;
+
+	# class objects g60
+		0x3C01 -> class0data: empty &check(object_header.qualifier_field == 0x06);
+		#0x3C02 -> class1data: uint8 &check(object_header.qualifier_field == 0x06);
+		0x3C02 -> class1data: empty &check(object_header.qualifier_field == 0x06 ||
+							object_header.qualifier_field == 0x07 || object_header.qualifier_field == 0x08);
+		0x3C03 -> class2data: empty &check(object_header.qualifier_field == 0x06 ||
+							object_header.qualifier_field == 0x07 || object_header.qualifier_field == 0x08);
+		0x3C04 -> class3data: empty &check(object_header.qualifier_field == 0x06 ||
+							object_header.qualifier_field == 0x07 || object_header.qualifier_field == 0x08);
+	# file control g70
+		0x4601 -> file_control_id: File_Control_ID &check(0);
+		0x4602 -> file_control_auth: File_Control_Auth_Wrap(function_code);
+		0x4603 -> file_control_cmd: File_Control_Cmd &check( file_control_cmd.op_mode == 0 || file_control_cmd.op_mode == 1 ||
+							  file_control_cmd.op_mode == 2 || file_control_cmd.op_mode == 3 );
+		#0x4604 -> file_control_cmd_status: File_Control_Cmd_Status_Wrap(function_code, prefix.prefix_value);  # example shown in P66
+		0x4604 -> file_control_cmd_status: File_Control_Cmd_Status(prefix.prefix_value);  # example shown in P66
+		0x4605 -> file_trans: File_Transport(prefix.prefix_value);
+		0x4606 -> file_trans_status: File_Transport_Status(prefix.prefix_value);
+		#0x4607 -> file_desc: File_Desc_Wrap(function_code);
+		0x4607 -> file_desc: File_Desc;
+
+	# internal indication g80
+		#0x5001 -> iin: uint16;
+		0x5001 -> iin: bytestring &restofdata; # confusion from the real traffic
+
+	# device storage g81
+		0x5101 -> dev_store: empty;
+
+	# device storage g82
+		0x5201 -> dev_profile: empty;
+
+	# device storage g83
+		0x5301 -> priregobj: PrivRegObj;
+		0x5302 -> priregobjdesc: PrivRegObjDesc;
+
+	# private data set g85
+		0x5501 -> desc_ele: DescEle;
+
+	# data descriptor table g86
+		0x5601 -> desc_ele86: DescEle;
+		0x5602 -> cha: uint8;
+		0x5603 -> point_index_attr: Debug_Byte;
+
+	# Data set g87
+		0x5701 -> present_value: Debug_Byte;
+
+	# Data set event g88
+		0x5801 -> snapshot: Debug_Byte;
+
+	# application identification object g90
+		#0x5A01 -> app_id: App_Id(qualifier_field, object_size16);
+		#0x5A01 -> app_id: App_Id(qualifier_field, prefix.prefix_value);
+
+	# status of request operation g91
+		0x5b01 -> activate_conf: ActivateConf;
+
+	# bcd value g101
+		0x6501 -> bcd_small: uint16;
+		0x6502 -> bcd_medium: uint32;
+		0x6503 -> bcd_large: BCD_Large;
+
+	# unsigned integer g102
+		0x6601 -> unsigned_integer: uint8;
+
+	# authentication challenge g120
+		0x7801 -> challenge: AuthChallenge(prefix.prefix_value);
+		0x7802 -> reply: AuthRely(prefix.prefix_value);
+		0x7803 -> aggrRequest: AuthAggrRequest(prefix.prefix_value);
+		0x7804 -> seesionKeyRequest: uint8;
+		0x7805 -> status: AuthSessionKeyStatus(prefix.prefix_value);
+		0x7806 -> keyChange: AuthSessionKeyChange(prefix.prefix_value);
+		0x7807 -> error: AuthError(prefix.prefix_value);
+
+		default -> unmatched: Default_Wrap(object_type_field);
+	};
+};
+
+
+type Response_Data_Object(function_code: uint8, qualifier_field: uint8, object_type_field: uint16) = record {
+	prefix: Prefix_Type(qualifier_field);
+	data: case (object_type_field) of {
+	# device attributes g0
+		0x00D3 -> attrib211: AttributeCommon;
+		0x00D4 -> attrib212: AttributeCommon;
+		0x00D5 -> attrib213: AttributeCommon;
+		0x00D6 -> attrib214: AttributeCommon;
+		0x00D7 -> attrib215: AttributeCommon;
+		0x00D8 -> attrib216: AttributeCommon;
+		0x00D9 -> attrib217: AttributeCommon;
+		0x00DA -> attrib218: AttributeCommon;
+		0x00DB -> attrib219: AttributeCommon;
+		0x00DC -> attrib220: AttributeCommon;
+		0x00DD -> attrib221: AttributeCommon;
+		0x00DE -> attrib222: AttributeCommon;
+		0x00DF -> attrib223: AttributeCommon;
+		0x00E0 -> attrib224: AttributeCommon;
+		0x00E1 -> attrib225: AttributeCommon;
+		0x00E2 -> attrib226: AttributeCommon;
+		0x00E3 -> attrib227: AttributeCommon;
+		0x00E4 -> attrib228: AttributeCommon;
+		0x00E5 -> attrib229: AttributeCommon;
+		0x00E6 -> attrib230: AttributeCommon;
+		0x00E7 -> attrib231: AttributeCommon;
+		0x00E8 -> attrib232: AttributeCommon;
+		0x00E9 -> attrib233: AttributeCommon;
+		0x00EA -> attrib234: AttributeCommon;
+		0x00EB -> attrib235: AttributeCommon;
+		0x00EC -> attrib236: AttributeCommon;
+		0x00ED -> attrib237: AttributeCommon;
+		0x00EE -> attrib238: AttributeCommon;
+		0x00EF -> attrib239: AttributeCommon;
+		0x00F0 -> attrib240: AttributeCommon;
+		0x00F1 -> attrib241: AttributeCommon;
+		0x00F2 -> attrib242: AttributeCommon;
+		0x00F3 -> attrib243: AttributeCommon;
+		0x00F5 -> attrib245: AttributeCommon;
+		0x00F6 -> attrib246: AttributeCommon;
+		0x00F7 -> attrib247: AttributeCommon;
+		0x00F8 -> attrib248: AttributeCommon;
+		0x00F9 -> attrib249: AttributeCommon;
+		0x00FA -> attrib250: AttributeCommon;
+		0x00FC -> attrib252: AttributeCommon;
+		0x00FE -> attrib254: AttributeCommon;
+		0x00FF -> attrib255: AttributeCommon;
+
+	# binary input g1
+		0x0101 -> biwoflag: uint8;  # warning: returning integer index?
+		0x0102 -> biwflag: uint8;  # warning: only flag?
+
+	# binary input event g2
+		0x0201 -> biewoflag: uint8;
+		0x0202 -> biewatime: BinInEveAtime;
+		0x0203 -> biewrtime: BinInEveRtime;
+
+	# double-bit Binary Input g3
+		0x0301 -> dbibytes: bytestring &restofdata; # don;t quit understand specification
+		0x0302 -> dbiflag: uint8;
+
+	# double-bit Binary Input Event g4
+		0x0401 -> dbieatime: DoubleInEveAtime;
+		0x0402 -> dbiertime: DoubleInEveRtime;
+
+	# binary output g10
+		0x0a01 -> bowoflag:  uint8;  # warning: returning integer index?
+		0x0a02 -> bowflag: uint8;  # warning: only flag?
+
+	# binary output event g11
+		0x0b01 -> boewflag: uint8;
+		0x0b02 -> boewatime: BinOutEveAtime;
+
+	# binary output command g12
+		0x0c01 -> bocmd_CROB: CROB &check (function_code == SELECT || function_code == OPERATE ||
+							function_code == DIRECT_OPERATE || function_code == DIRECT_OPERATE_NR );
+		0x0c02 -> bocmd_PCB: PCB &check (function_code == SELECT || function_code == OPERATE ||
+							function_code == DIRECT_OPERATE || function_code == DIRECT_OPERATE_NR || function_code == WRITE );
+		0x0c03 -> bocmd_PM: uint8;
+
+	# binary output command event g13
+		0x0d01 -> boceFlag: uint8;
+		0x0d02 -> boceAtime: BinOutCmdEveAtime;
+
+	# counter ; g20
+		0x1401 -> counter_32_wflag: Counter32wFlag;
+		0x1402 -> counter_16_wflag: Counter16wFlag;
+		0x1403 -> counter_32_wflag_delta: Debug_Byte &check (0); # obsolete situation; generate warning
+		0x1404 -> counter_16_wflag_delta: Debug_Byte &check (0); # obsolete situations; generate warning
+		0x1405 -> counter_32_woflag: Counter32woFlag;
+		0x1406 -> counter_16_woflag: Counter16woFlag;
+		0x1407 -> counter_32_woflag_delta: Debug_Byte &check (0); # obsolete
+		0x1408 -> counter_16_woflag_delta: Debug_Byte &check (0); # obsolete
+	# frozen counter ; g21
+		#0x1500 -> f_counter_default: empty;
+		0x1501 -> f_counter_32_wflag: FrozenCounter32wFlag;
+		0x1502 -> f_counter_16_wflag: FrozenCounter16wFlag;
+		0x1503 -> f_counter_32_wflag_delta: Debug_Byte &check (0); # obsolete situation; generate warning
+		0x1504 -> f_counter_16_wflag_delta: Debug_Byte &check (0); # obsolete situations; generate warning
+		0x1505 -> f_counter_32_wflag_time: FrozenCounter32wFlagTime;
+		0x1506 -> f_counter_16_wflag_time: FrozenCounter16wFlagTime;
+		0x1507 -> f_counter_32_wflag_time_delta: Debug_Byte &check (0); # obsolete
+		0x1508 -> f_counter_16_wflag_time_delta: Debug_Byte &check (0); # obsolete
+		0x1509 -> f_counter_32_woflag: FrozenCounter32woFlag &check (f_counter_32_woflag.count_value == 23);
+		0x150a -> f_counter_16_woflag: FrozenCounter16woFlag;
+		0x150b -> f_counter_32_woflag_delta: Debug_Byte &check (0); # obsolete
+		0x150c -> f_counter_16_woflag_delta: Debug_Byte &check (0); # obsolete
+
+	# counter event g22
+		0x1601 -> counter_event_32_wflag: CounterEve32wFlag;
+		0x1602 -> counter_event_16_wflag: CounterEve16wFlag;
+		0x1603 -> counter_event_32_wflag_delta: Debug_Byte &check(0);
+		0x1604 -> counter_event_16_wflag_delta: Debug_Byte &check(0);
+		0x1605 -> counter_event_32_wflag_time: CounterEve32wFlagTime;
+		0x1606 -> counter_event_16_wflag_time: CounterEve16wFlagTime;
+		0x1607 -> counter_event_32_wflag_time_delta: Debug_Byte &check(0);
+		0x1608 -> counter_event_16_wflag_time_delat: Debug_Byte &check(0);
+
+	# counter event g23
+		0x1701 -> f_counter_event_32_wflag: CounterEve32wFlag;
+		0x1702 -> f_counter_event_16_wflag: CounterEve16wFlag;
+		0x1703 -> f_counter_event_32_wflag_delta: Debug_Byte &check(0);
+		0x1704 -> f_counter_event_16_wflag_delta: Debug_Byte &check(0);
+		0x1705 -> f_counter_event_32_wflag_time: CounterEve32wFlagTime;
+		0x1706 -> f_counter_event_16_wflag_time: CounterEve16wFlagTime;
+		0x1707 -> f_counter_event_32_wflag_time_delta: Debug_Byte &check(0);
+		0x1708 -> f_counter_event_16_wflag_time_delat: Debug_Byte &check(0);
+
+	# analog input g30
+		0x1e01 -> ai_32_wflag: AnalogInput32wFlag;
+		0x1e02 -> ai_16_wflag: AnalogInput16wFlag;
+		0x1e03 -> ai_32_woflag: AnalogInput32woFlag;
+		0x1e04 -> ai_16_woflag: AnalogInput16woFlag;
+		0x1e05 -> ai_sp_wflag: AnalogInputSPwFlag;
+		0x1e06 -> ai_dp_wflag: AnalogInputDPwFlag;
+
+	# frozen analog input g31
+		0x1f01 -> f_ai_32_wflag: FrozenAnalogInput32wFlag;
+		0x1f02 -> f_ai_16_wflag: FrozenAnalogInput16wFlag;
+		0x1f03 -> f_ai_32_wtime: FrozenAnalogInput32wTime;
+		0x1f04 -> f_ai_16_wtime: FrozenAnalogInput16wTime;
+		0x1f05 -> f_ai_32_woflag: AnalogInput32woFlag;
+		0x1f06 -> f_ai_16_woflag: AnalogInput16woFlag;
+		0x1f07 -> f_ai_sp_wflag: AnalogInputSPwFlag;
+		0x1f08 -> f_ai_dp_wflag: AnalogInputDPwFlag;
+
+	# analog input event g32
+		0x2001 -> ai32wotime: AnalogInput32woTime;
+		0x2002 -> ai16wotime: AnalogInput16woTime;
+		0x2003 -> ai32wtime:  AnalogInput32wTime;
+		0x2004 -> ai16wtime:  AnalogInput16wTime;
+		0x2005 -> aispwotime: AnalogInputSPwoTime;
+		0x2006 -> aidpwotime: AnalogInputDPwoTime;
+		0x2007 -> aispwtime:  AnalogInputSPwTime;
+		0x2008 -> aidpwtime:  AnalogInputDPwTime;
+
+	# frozen analog input event g33
+		0x2101 -> faie_32_wotime: FrozenAnaInputEve32woTime;
+		0x2102 -> faie_16_wotime: FrozenAnaInputEve16woTime;
+		0x2103 -> faie_32_wtime: FrozenAnaInputEve32wTime;
+		0x2104 -> faie_16_wtime: FrozenAnaInputEve16wTime;
+		0x2105 -> faie_sp_wotime: FrozenAnaInputEveSPwoTime;
+		0x2106 -> faie_dp_wotime: FrozenAnaInputEveDPwoTime;
+		0x2107 -> faie_sp_wtime: FrozenAnaInputEveSPwTime;
+		0x2108 -> faie_dp_wtime: FrozenAnaInputEveDPwTime;
+
+	# analog input deadband g34
+		0x2201 -> ai_dead_16: uint16;
+		0x2202 -> ai_dead_32: uint32;
+		0x2203 -> ai_dead_sp: uint32;
+
+	# analog ouput status g40
+		0x2801 -> aos_32: AnaOutStatus32;
+		0x2802 -> aos_16: AnaOutStatus16;
+		0x2803 -> aos_sp: AnaOutStatusSP;
+		0x2804 -> aos_dp: AnaOutStatusDP;
+
+	# analog ouput g41
+		0x2901 -> ao_32: AnaOut32;
+		0x2902 -> ao_16: AnaOut16;
+		0x2903 -> ao_sp: AnaOutSP;
+		0x2904 -> ao_dp: AnaOutDP;
+
+	# analog output event g42
+		0x2a01 -> aoe32wotime: AnaOutEve32woTime;
+		0x2a02 -> aoe16wotime: AnaOutEve16woTime;
+		0x2a03 -> aoe32wtime:  AnaOutEve32wTime;
+		0x2a04 -> aoe16wtime:  AnaOutEve16wTime;
+		0x2a05 -> aoespwotime: AnaOutEveSPwoTime;
+		0x2a06 -> aoedpwotime: AnaOutEveDPwoTime;
+		0x2a07 -> aoespwtime:  AnaOutEveSPwTime;
+		0x2a08 -> aoedpwtime:  AnaOutEveDPwTime;
+
+	# analog output command event g43
+		0x2b01 -> aoce32wotime: AnaOutEve32woTime;
+		0x2b02 -> aoce16wotime: AnaOutEve16woTime;
+		0x2b03 -> aoce32wtime:  AnaOutEve32wTime;
+		0x2b04 -> aoce16wtime:  AnaOutEve16wTime;
+		0x2b05 -> aocespwotime: AnaOutEveSPwoTime;
+		0x2b06 -> aocedpwotime: AnaOutEveDPwoTime;
+		0x2b07 -> aocespwtime:  AnaOutEveSPwTime;
+		0x2b08 -> aocedpwtime:  AnaOutEveDPwTime;
+
+ 	# time data interval data object g50
+		0x3201 -> time_abs: AbsTime;
+		0x3202 -> time_interval: AbsTimeInterval;
+		0x3203 -> time_abs_last: Last_AbsTime;
+
+	# Time and Date Common Time-of-Occurrence g51
+		0x3301 -> time_abs_sync: AbsTime;
+		0x3302 -> time_abs_unsync: AbsTime;
+
+	# time delay g52
+		0x3401 -> time_coarse: uint16;
+		0x3402 -> time_fine: uint16;
+
+	# file control g70
+		0x4601 -> file_control_id: File_Control_ID &check(0);
+		0x4602 -> file_control_auth: File_Control_Auth &check(file_control_auth.usr_name_size == 0 && file_control_auth.pwd_size == 0);
+		0x4603 -> file_control_cmd: File_Control_Cmd &check(file_control_cmd.name_size == 0 &&
+							( file_control_cmd.op_mode == 0 || file_control_cmd.op_mode == 1 ||
+							  file_control_cmd.op_mode == 2 || file_control_cmd.op_mode == 3) );
+		0x4604 -> file_control_cmd_status: File_Control_Cmd_Status(prefix.prefix_value);
+		0x4605 -> file_trans: File_Transport(prefix.prefix_value);
+		0x4606 -> file_trans_status: File_Transport_Status(prefix.prefix_value);
+		#0x4607 -> file_desc: File_Desc_Wrap(function_code);
+		0x4607 -> file_desc: File_Desc;
+
+	# internal indication g80
+		0x5001 -> iin: uint16;
+	# device storage g81
+		0x5101 -> dev_store: Dev_Store;
+
+	# device storage g82
+		0x5201 -> dev_profile: Dev_Profile;
+
+	# device storage g83
+		0x5301 -> priregobj: PrivRegObj;
+		0x5302 -> priregobjdesc: PrivRegObjDesc;
+
+	# device storage g85
+		0x5501 -> desc_ele: DescEle;
+
+	# data descriptor table g86
+		0x5601 -> desc_ele86: DescEle;
+		0x5602 -> cha: uint8;
+		0x5603 -> point_index_attr: Debug_Byte;
+
+	# Data set g87
+		0x5701 -> present_value: Debug_Byte;
+
+	# Data set event g88
+		0x5801 -> snapshot: Debug_Byte;
+
+	# status of request operation g91
+		0x5b01 -> activate_conf: ActivateConf;
+
+	# bcd value g101
+		0x6501 -> bcd_small: uint16;
+		0x6502 -> bcd_medium: uint32;
+		0x6503 -> bcd_large: BCD_Large;
+
+	# unsigned integer g102
+		0x6601 -> unsigned_integer: uint8;
+
+	# authentication challenge g120
+		0x7801 -> challenge: AuthChallenge(prefix.prefix_value);
+		0x7802 -> reply: AuthRely(prefix.prefix_value);
+		0x7803 -> aggrRequest: AuthAggrRequest(prefix.prefix_value);
+		0x7804 -> seesionKeyRequest: uint8;
+		0x7805 -> status: AuthSessionKeyStatus(prefix.prefix_value);
+		0x7806 -> keyChange: AuthSessionKeyChange(prefix.prefix_value);
+		0x7807 -> error: AuthError(prefix.prefix_value);
+
+		#default -> unkonwndata: Debug_Byte &check( T );
+		default -> unmatched: Default_Wrap(object_type_field);
+	};
+}
+  &let{
+	data_value: uint8 = case (object_type_field) of {  # this data_value is used for the Bro Event
+		0x0101 -> biwoflag;
+		0x0102 -> biwflag;
+		0x0a01 -> bowoflag;
+		0x0a02 -> bowflag;
+		default -> 0xff;
+	};
+  }
+;
+
+
+######
+# this Default_Wrap is created when dealing with g110. Only Group type matters and variations can be all. So too much coding
+type Default_Wrap(obj_type: uint32) = record {
+	unresolved: case (obj_type & 0xFF00) of {
+		0x6E00 -> oct_str: bytestring &length = (obj_type & 0x00FF) ;
+		0x6F00 -> oct_str_eve: bytestring &length = (obj_type & 0x00FF) ;
+		0x7000 -> vir_ter_out_blk: bytestring &length = (obj_type & 0x00FF) ;
+		0x7100 -> vir_ter_eve: bytestring &length = (obj_type & 0x00FF) ;
+
+		#default -> unknown: bytestring &restofdata;
+		default -> unknown: Debug_Byte;
+	};
+};
+
+# contains different objects format
+# corresponding to the DNP3Spec-V6-Part2-Objects
+
+# g0: group 0 objects are used to retrieve substation attributes;
+# all variations including variation 249 255, share the same structure;
+type AttributeCommon = record {
+	data_type_code: uint8;
+	leng: uint8;
+	attribute_obj: bytestring &length=leng;
+} &byteorder = littleendian;
+
+
+# g2v2
+type BinInEveAtime = record {
+	flag: uint8;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g2v3
+type BinInEveRtime = record {
+	flag: uint8;
+	time16: uint16;
+} &byteorder = littleendian;
+
+# g4v2
+type DoubleInEveAtime = record {
+	flag: uint8;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g4v3
+type DoubleInEveRtime = record {
+	flag: uint8;
+	time16: uint16;
+} &byteorder = littleendian;
+
+# g11v2
+type BinOutEveAtime = record {
+	flag: uint8;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g12v1 group: 12; variation: 1
+type CROB = record {
+	control_code: uint8 &check ( (control_code & 0xCF) == 0x00 || (control_code & 0xCF) == 0x01 || (control_code & 0xCF) == 0x03 || (control_code & 0xCF) == 0x04 ||
+					(control_code & 0xCF) == 0x41 || (control_code & 0xCF) == 0x81  );
+	count: uint8;
+	on_time: uint32;
+	off_time: uint32;
+	status_code: uint8;  # contains the reserved bit
+} &byteorder = littleendian;
+
+# g12v2; same as g12v1
+type PCB = record {
+	control_code: uint8 &check ( (control_code & 0xCF) == 0x00 || (control_code & 0xCF) == 0x01 || (control_code & 0xCF) == 0x03 || (control_code & 0xCF) == 0x04 ||
+					(control_code & 0xCF) == 0x41 || (control_code & 0xCF) == 0x81  );
+	count: uint8;
+	on_time: uint32;
+	off_time: uint32;
+	status_code: uint8;  # contains the reserved bit
+} &byteorder = littleendian;
+
+# g13v2
+type BinOutCmdEveAtime = record {
+	flag: uint8;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g20v1; group: 20, variation 1
+type Counter32wFlag = record {
+	flag: uint8;
+	count_value: uint32;
+} &byteorder = littleendian;
+
+# g20v2
+type Counter16wFlag = record {
+	flag: uint8;
+	count_value: uint16;
+} &byteorder = littleendian;
+
+# g20v3 and g20v4 are obsolete
+
+# g20v5
+type Counter32woFlag = record {
+	count_value: uint32;
+} &byteorder = littleendian;
+
+# g20v6
+type Counter16woFlag = record {
+	count_value: uint16;
+} &byteorder = littleendian;
+
+# g20v7 and g20v8 are obsolete
+
+# g21v1
+type FrozenCounter32wFlag = record {
+	flag: uint8;
+	count_value: uint32;
+} &byteorder = littleendian;
+
+# g21v2
+type FrozenCounter16wFlag = record {
+	flag: uint8;
+	count_value: uint16;
+} &byteorder = littleendian;
+
+# g21v3 and g21v4 are obsolete
+
+# g21v5
+type FrozenCounter32wFlagTime = record {
+	flag: uint8;
+	count_value: uint32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g21v6
+type FrozenCounter16wFlagTime = record {
+	flag: uint8;
+	count_value: uint16;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g21v7 and g21v8 are obsolete
+
+# g21v9
+type FrozenCounter32woFlag = record {
+	count_value: uint32;
+} &byteorder = littleendian;
+
+# g21v10
+type FrozenCounter16woFlag = record {
+	count_value: uint16;
+} &byteorder = littleendian;
+
+# g21v11 and g21v12 are obsolete
+
+# Conter event g22
+
+# g22v1
+type CounterEve32wFlag = record {
+	flag: uint8;
+	count_value: uint32;
+} &byteorder = littleendian;
+
+# g22v2
+type CounterEve16wFlag = record {
+	flag: uint8;
+	count_value: uint16;
+} &byteorder = littleendian;
+
+# g22v3 and g22v4 obsolete
+
+# g22v5
+type CounterEve32wFlagTime = record {
+	flag: uint8;
+	count_value: uint32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g22v6
+type CounterEve16wFlagTime = record {
+	flag: uint8;
+	count_value: uint16;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g22v7 g22v8 obsolete
+
+# Conter event g23
+
+# g23v1
+type FrozenCounterEve32wFlag = record {
+	flag: uint8;
+	count_value: uint32;
+} &byteorder = littleendian;
+
+# g23v2
+type FrozenCounterEve16wFlag = record {
+	flag: uint8;
+	count_value: uint16;
+} &byteorder = littleendian;
+
+# g23v3 and g23v4 obsolete
+
+# g23v5
+type FrozenCounterEve32wFlagTime = record {
+	flag: uint8;
+	count_value: uint32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g23v6
+type FrozenCounterEve16wFlagTime = record {
+	flag: uint8;
+	count_value: uint16;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g23v7 g23v8 obsolete
+
+# group: 30; variation: 1 g30v1
+type AnalogInput32wFlag = record {
+	flag: uint8;
+	value: int32;
+} &byteorder = littleendian;
+
+# group: 30; variation: 2
+type AnalogInput16wFlag = record {
+	flag: uint8;
+	value: int16;
+} &byteorder = littleendian;
+
+# group: 30; variation: 3
+type AnalogInput32woFlag = record {
+	value: int32;
+} &byteorder = littleendian;
+
+# group: 30; variation: 4
+type AnalogInput16woFlag = record {
+	value: int16;
+} &byteorder = littleendian;
+
+# group: 30; variation: 5; singple precision 32 bit
+type AnalogInputSPwFlag = record {
+	flag: uint8;
+	value: uint32;
+} &byteorder = littleendian;
+
+# group: 30; variation: 6; double precision 64 bit
+type AnalogInputDPwFlag = record {
+	flag: uint8;
+	value_low: uint32;
+	value_high: uint32;
+} &byteorder = littleendian;
+
+# g31v1
+type FrozenAnalogInput32wFlag = record {
+	flag: uint8;
+	frozen_value: int32;
+} &byteorder = littleendian;
+
+# g31v2
+type FrozenAnalogInput16wFlag = record {
+	flag: uint8;
+	frozen_value: int16;
+} &byteorder = littleendian;
+
+# g31v3
+type FrozenAnalogInput32wTime = record {
+	flag: uint8;
+	frozen_value: int32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g31v4
+type FrozenAnalogInput16wTime = record {
+	flag: uint8;
+	frozen_value: int16;
+	time48: bytestring &length = 6;
+}  &byteorder = littleendian;
+
+# g31v5
+type FrozenAnalogInput32woFlag = record {
+	frozen_value: int32;
+} &byteorder = littleendian;
+
+# g31v6
+type FrozenAnalogInput16woFlag = record {
+	frozen_value: uint16;
+} &byteorder = littleendian;
+
+# g31v7
+type FrozenAnalogInputSPwFlag = record {
+	flag: uint8;
+	frozen_value: uint32;
+} &byteorder = littleendian;
+
+# g31v8
+type FrozenAnalogInputDPwFlag = record {
+	flag: uint8;
+	frozen_value_low: uint32;
+	frozen_value_high: uint32;
+} &byteorder = littleendian;
+
+# group: 32; variation: 1 g32v1
+type AnalogInput32woTime = record {
+	flag: uint8;
+	value: int32;
+} &byteorder = littleendian;
+
+# group: 32; variation: 2
+type AnalogInput16woTime = record {
+	flag: uint8;
+	value: int16;
+} &byteorder = littleendian;
+
+# group: 32; variation: 3
+type AnalogInput32wTime = record {
+	flag: uint8;
+	value: int32;
+	#time: uint8[6];
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# group: 32; variation: 4
+type AnalogInput16wTime = record {
+	flag: uint8;
+	value: int16;
+	#time: uint8[6];
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# group: 32; variation: 5; singple precision 32 bit
+type AnalogInputSPwoTime = record {
+	flag: uint8;
+	value: uint32;
+} &byteorder = littleendian;
+
+# group: 32; variation: 6; double precision 64 bit
+type AnalogInputDPwoTime = record {
+	flag: uint8;
+	value_low: uint32;
+	value_high: uint32;
+} &byteorder = littleendian;
+
+# group: 32; variation: 7
+type AnalogInputSPwTime = record {
+	flag: uint8;
+	value: uint32;
+	#time: uint8[6];
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# group: 32; variation: 8
+type AnalogInputDPwTime = record {
+	flag: uint8;
+	value_low: uint32;
+	value_high: uint32;
+	#time: uint8[6];
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g33v1
+type FrozenAnaInputEve32woTime = record {
+	flag: uint8;
+	f_value: int32;
+} &byteorder = littleendian;
+
+# g33v2
+type FrozenAnaInputEve16woTime = record {
+	flag: uint8;
+	f_value: int16;
+} &byteorder = littleendian;
+
+# g33v3
+type FrozenAnaInputEve32wTime = record {
+	flag: uint8;
+	f_value: int32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g33v4
+type FrozenAnaInputEve16wTime = record {
+	flag: uint8;
+	f_value: int32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g33v5
+type FrozenAnaInputEveSPwoTime = record {
+	flag: uint8;
+	f_value: uint32;
+} &byteorder = littleendian;
+
+# g33v6
+type FrozenAnaInputEveDPwoTime = record {
+	flag: uint8;
+	f_value_low: uint32;
+	f_value_high: uint32;
+} &byteorder = littleendian;
+
+# g33v7
+type FrozenAnaInputEveSPwTime = record {
+	flag: uint8;
+	f_value: uint32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g33v8
+type FrozenAnaInputEveDPwTime = record {
+	flag: uint8;
+	f_value_low: uint32;
+	f_value_high: uint32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# analog output status g40
+
+# g40v1
+type AnaOutStatus32 = record {
+	flag: uint8;
+	status: int32;
+} &byteorder = littleendian;
+
+# g40v2
+type AnaOutStatus16 = record {
+	flag: uint8;
+	status: int16;
+} &byteorder = littleendian;
+
+# g40v3
+type AnaOutStatusSP = record {
+	flag: uint8;
+	status: uint32;
+} &byteorder = littleendian;
+
+# g40v4
+type AnaOutStatusDP = record {
+	flag: uint8;
+	status_low: uint32;
+	status_high: uint32;
+} &byteorder = littleendian;
+
+# analog output g41
+
+# g41v1
+type AnaOut32 = record {
+	value: int32;
+	con_status: uint8;
+} &byteorder = littleendian;
+
+# g41v2
+type AnaOut16 = record {
+	value: int16;
+	con_status: uint8;
+} &byteorder = littleendian;
+
+# g41v3
+type AnaOutSP = record {
+	value: uint32;
+	con_status: uint8;
+} &byteorder = littleendian;
+
+# g41v4
+type AnaOutDP = record {
+	value_low: uint32;
+	value_high: uint32;
+	con_status: uint8;
+} &byteorder = littleendian;
+
+# analog output event g42
+
+# g42v1
+type AnaOutEve32woTime = record {
+	flag: uint8;
+	value: int32;
+} &byteorder = littleendian;
+
+# g42v2
+type AnaOutEve16woTime = record {
+	flag: uint8;
+	value: int16;
+} &byteorder = littleendian;
+
+# g42v3
+type AnaOutEve32wTime = record {
+	flag: uint8;
+	value: int32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g42v4
+type AnaOutEve16wTime = record {
+	flag: uint8;
+	value: int16;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+# g42v5
+type AnaOutEveSPwoTime = record {
+	flag: uint8;
+	value: uint32;
+} &byteorder = littleendian;
+
+# g42v6
+type AnaOutEveDPwoTime = record {
+	flag: uint8;
+	value_low: uint32;
+	value_high: uint32;
+} &byteorder = littleendian;
+
+# g42v7
+type AnaOutEveSPwTime = record {
+	flag: uint8;
+	value: uint32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g42v8
+type AnaOutEveDPwTime = record {
+	flag: uint8;
+	value_low: uint32;
+	value_high: uint32;
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+## g43 data format is exacatly same as g42 so use g42 directly
+
+# g50v1
+type AbsTime = record {
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g50v2
+type AbsTimeInterval = record {
+	time48: bytestring &length = 6;
+	interval: uint32;
+} &byteorder = littleendian;
+
+# g50v3
+type Last_AbsTime = record {
+	time48: bytestring &length = 6;
+} &byteorder = littleendian;
+
+# g51v1 and g51v2 are the same structure of g50v1. so reuse it
+
+# g70v1
+type Record_Obj = record {
+	record_size: uint16;
+	record_oct: bytestring &length = record_size;
+} &byteorder = littleendian;
+
+type File_Control_ID = record {
+	name_size: uint16;
+	type_code: uint8;
+	attr_code: uint8;
+	start_rec: uint16;
+	end_rec: uint16;
+	file_size: uint32;
+	time_create: bytestring &length = 6;
+	permission: uint16 &check ( (permission & 0xFE00 ) == 0x0000);
+	file_id: uint32;
+	owner_id: uint32;
+	group_id: uint32;
+	function_code: uint8;
+	status_code: uint8;
+	file_name: bytestring &length = name_size;
+	records: Record_Obj[];
+} &byteorder = littleendian;
+
+# g70v2
+type File_Control_Auth_Wrap(fc: uint8) = record {
+	data: case(fc) of {
+		AUTHENTICATE_FILE -> auth_file: File_Control_Auth &check(auth_file.auth_key == 0) ;
+		default -> null: empty;
+	};
+};
+
+type File_Control_Auth = record {
+	usr_name_offset: uint16;
+	usr_name_size: uint16;
+	pwd_offset: uint16;
+	pwd_size: uint16;
+	auth_key: uint32;
+	usr_name: bytestring &length = usr_name_size;
+	pwd: bytestring &length = pwd_size;
+} &byteorder = littleendian;
+
+# g70v3
+type File_Control_Cmd_Wrap(function_code: uint8) = record {
+	data_obj: case (function_code) of {
+		OPEN_FILE -> fc_cmd_open: File_Control_Cmd;
+		DELETE_FILE -> fc_cmd_del: File_Control_Cmd &check( fc_cmd_del.op_mode == 0 &&  fc_cmd_del.name_size == 0 && fc_cmd_del.time_create == 0x0);
+		default -> null: empty;
+	};
+
+};
+
+type File_Control_Cmd = record {
+	name_offset: uint16;
+	name_size: uint16;
+	time_create: bytestring &length = 6;
+	permission: uint16 &check ( (permission & 0xFE00 ) == 0x0000);
+	auth_key: uint32;
+	file_size: uint32;
+	op_mode: uint16;
+	max_block_size: uint16;
+	req_id: uint16;
+	file_name: bytestring &length = name_size;
+} &byteorder = littleendian;
+
+# g70v4
+type File_Control_Cmd_Status_Wrap(function_code: uint8, obj_size: uint32) = record {
+	data_obj: case (function_code) of {
+		ABORT_FILE -> abort: File_Control_Cmd_Status(obj_size) &check(abort.file_size == 0 && abort.max_block_size ==0 && abort.status_code ==0 );
+		RESPONSE -> fc_cmd_status: File_Control_Cmd_Status(obj_size);
+		default -> null: empty;
+	};
+};
+
+type File_Control_Cmd_Status(obj_size: uint32) = record {
+	file_handle: uint32;
+	file_size: uint32;
+	max_block_size: uint16;
+	req_id: uint16 ;
+	status_code: uint8;
+	#opt_text: bytestring &restofdata;
+	opt_text: bytestring &length = (obj_size - 8 - 4 - 1);
+} &byteorder = littleendian;
+
+# g70v5
+type File_Transport(obj_size: uint32) = record {
+	file_handle: uint32;
+	block_num: uint32;
+	# file_data: bytestring &restofdata;
+	file_data: bytestring &length = (obj_size - 8);
+} &byteorder = littleendian;
+
+# g70v6
+type File_Transport_Status(obj_size: uint32) = record {
+	file_handle: uint32;
+	block_num: uint32;
+	status: uint8;
+	#file_data: bytestring &restofdata;
+	opt_text: bytestring &length = (obj_size - 4 - 4 - 1);
+} &byteorder = littleendian;
+
+# g70v7
+type File_Desc_Wrap(function_code: uint8) = record {
+	data: case(function_code) of {
+		GET_FILE_INFO -> get_file_info: File_Desc &check(get_file_info.type ==0 &&
+								get_file_info.f_size == 0 &&
+								get_file_info.time_create_low == 0 &&
+								get_file_info.time_create_high == 0 &&
+								get_file_info.permission == 0);
+		default -> null: empty;
+	};
+} &byteorder = littleendian;
+
+type File_Desc = record {
+	name_offset: uint16;
+	name_size: uint16;
+	type: uint16;
+	f_size: uint32;
+	time_create_low: uint32;
+	time_create_high: uint16;
+	permission: uint16 &check ( (permission & 0xFE00 ) == 0x0000);
+	req_id: uint16;
+	f_name: bytestring &length = name_size;
+} &byteorder = littleendian;
+
+# g70v8
+type File_Spec_Str = record {
+	f_spec: bytestring &restofdata;
+} &byteorder = littleendian;
+
+# device storage g81
+# g81v1
+type Dev_Store = record {
+	overflow: uint8;
+	obj_group: uint8;
+	variatiion: uint8;
+} &byteorder = littleendian;
+
+# device profile g82
+# g82v1
+type Dev_Profile = record {
+	fc_support_low: uint32;
+	fc_support_high: uint32;
+	count: uint16;
+	dev_headers: Dev_Profile_OH[count];
+} &byteorder = littleendian;
+
+type Dev_Profile_OH = record {
+	group: uint8;
+	variation: uint8;
+	qualifier: uint8;
+	range: uint8;
+} &byteorder = littleendian;
+
+# data set g983
+
+# g83v1
+type PrivRegObj = record {
+	vendor: uint32;
+	obj_id: uint16;
+	len: uint16;
+	data_objs: bytestring &length = len;
+} &byteorder = littleendian;
+
+# g83v2
+type PrivRegObjDesc = record {
+	vendor: uint32;
+	obj_id: uint16;
+	count: uint16;
+	data_objs: ObjDescSpec[count];
+} &byteorder = littleendian;
+
+type ObjDescSpec = record {
+	obj_quantity: uint16;
+	obj_group: uint8;
+	obj_variation: uint8;
+} &byteorder = littleendian;
+
+# data set prototype g85
+
+# g85v1 only one descriptor element is defined. number of n is defined by number-of-item
+type DescEle = record {
+	len: uint8;
+	desc_code: uint8;
+	data_type: uint8;
+	max_len: uint8;
+	ancillary: uint8;
+} &byteorder = littleendian;
+
+# data descriptor element g86
+
+# g86v1 is the same structure of DescEle
+
+# g86v3 does not quite understant specification description
+
+# g87 doest not quite understand specfication description
+
+# g88 doest not quite understand specfication description
+
+# g90v1
+type App_Id(qualifier_field: uint8, object_size16: uint16) = record {
+	app_id: case (qualifier_field) of {
+		0x5B -> app_name: bytestring &length = object_size16;
+		0x06 -> all_app: empty;
+		default -> illegal: empty;
+	};
+} &byteorder = littleendian;
+
+# status of request operation g91
+type ActivateConf = record {
+	time_delay: uint32;
+	count: uint8;
+	elements: StatusEle[count];
+} &byteorder = littleendian;
+
+type StatusEle = record {
+	len: uint8;
+	status_code: uint8;
+	ancillary: bytestring &length = ( len - 1 );
+} &byteorder = littleendian;
+
+# BCD values
+
+# g101v3
+type BCD_Large = record {
+	value_low: uint32;
+	vlaue_high: uint32;
+} &byteorder = littleendian;
+
+# authentication g120
+
+# g120v1
+type AuthChallenge(prefix: uint16) = record {
+	csqUsr: uint32;
+	hal: uint8;
+	reason: uint8;
+	chan_data: bytestring &length = (prefix - 10);
+} &byteorder = littleendian;
+
+# g120v2
+type AuthRely(prefix: uint16) = record {
+	csqUsr: uint32;
+	chan_data: bytestring &length = (prefix - 4);
+} &byteorder = littleendian;
+
+# g120v3
+type AuthAggrRequest(prefix: uint16) = record {
+	csqUsr: uint32;
+	chan_data: bytestring &length = (prefix - 4);
+} &byteorder = littleendian;
+
+# g120v5
+type AuthSessionKeyStatus(prefix: uint16) = record {
+	csqUsr: uint32;
+	key_alg: uint8;
+	key_status: uint8;
+	chan_data: bytestring &length = (prefix - 10);
+} &byteorder = littleendian;
+
+# g120v6
+type AuthSessionKeyChange(prefix: uint16) = record {
+	csqUsr: uint32;
+	key_wrap_data: bytestring &length = (prefix - 5);
+} &byteorder = littleendian;
+
+# g120v7
+type AuthError(prefix: uint16) = record {
+	csqUsr: uint32;
+	error_code: uint8;
+	key_wrap_data: bytestring &length = (prefix - 6);
+} &byteorder = littleendian;
diff --git a/src/analyzer/protocol/dnp3/dnp3-protocol.pac b/src/analyzer/protocol/dnp3/dnp3-protocol.pac
new file mode 100644
index 0000000000..02fbd678cc
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/dnp3-protocol.pac
@@ -0,0 +1,257 @@
+#
+# This is Binpac code for DNP3 analyzer by Hui Lin.
+#
+
+type DNP3_PDU(is_orig: bool) = case is_orig of {
+	true    ->  request:  DNP3_Request;
+	false   ->  response: DNP3_Response;
+} &byteorder = bigendian;
+
+type Header_Block = record {
+	start: uint16 &check(start == 0x0564);
+	len: uint8;
+	ctrl: uint8;
+	dest_addr: uint16;
+	src_addr: uint16;
+} &byteorder = littleendian;
+
+type DNP3_Request = record {
+	addin_header: Header_Block;  ## added by Hui Lin in Bro code
+	app_header: DNP3_Application_Request_Header;
+	data: case ( app_header.function_code ) of {
+		CONFIRM -> none_coonfirm: empty;
+		READ -> read_requests: Request_Objects(app_header.function_code)[];
+		WRITE -> write_requests: Request_Objects(app_header.function_code)[];
+		SELECT -> select_requests: Request_Objects(app_header.function_code)[];
+		OPERATE -> operate_requests: Request_Objects(app_header.function_code)[];
+		DIRECT_OPERATE -> direct_operate_requests: Request_Objects(app_header.function_code)[];
+		DIRECT_OPERATE_NR -> direct_operate_nr_requests: Request_Objects(app_header.function_code)[];
+		IMMED_FREEZE -> immed_freeze_requests: Request_Objects(app_header.function_code)[];
+		IMMED_FREEZE_NR -> immed_freeze_nr_requests: Request_Objects(app_header.function_code)[];
+		FREEZE_CLEAR -> freeze_clear_requests: Request_Objects(app_header.function_code)[];
+		FREEZE_CLEAR_NR -> freeze_clear_nr_requests: Request_Objects(app_header.function_code)[];
+		FREEZE_AT_TIME -> freeze_time_requests: Request_Objects(app_header.function_code)[];
+		FREEZE_AT_TIME_NR -> freeze_time_nr_requests: Request_Objects(app_header.function_code)[];
+		COLD_RESTART -> cold_restart: empty;
+		WARM_RESTART -> warm_restart: empty;
+		INITIALIZE_DATA -> initilize_data: empty &check(0);  # obsolete
+		INITIALIZE_APPL -> initilize_appl: Request_Objects(app_header.function_code)[];
+		START_APPL -> start_appl: Request_Objects(app_header.function_code)[];
+		STOP_APPL -> stop_appl: Request_Objects(app_header.function_code)[];
+		SAVE_CONFIG -> save_config: empty &check(0);  # depracated
+		ENABLE_UNSOLICITED -> enable_unsolicited: Request_Objects(app_header.function_code)[];
+		DISABLE_UNSOLICITED -> disable_unsolicited: Request_Objects(app_header.function_code)[];
+		ASSIGN_CLASS -> assign_class: Request_Objects(app_header.function_code)[];
+		DELAY_MEASURE -> delay_measure: empty;
+		RECORD_CURRENT_TIME -> record_cur_time: empty;
+		OPEN_FILE -> open_file: Request_Objects(app_header.function_code)[];
+		CLOSE_FILE -> close_file: Request_Objects(app_header.function_code)[];
+		DELETE_FILE -> delete_file: Request_Objects(app_header.function_code)[];
+		ABORT_FILE -> abort_file: Request_Objects(app_header.function_code)[];
+		GET_FILE_INFO -> get_file_info: Request_Objects(app_header.function_code)[];
+		AUTHENTICATE_FILE  -> auth_file: Request_Objects(app_header.function_code)[];
+		ACTIVATE_CONFIG  -> active_config: Request_Objects(app_header.function_code)[];
+		AUTHENTICATE_REQ  -> auth_req: Request_Objects(app_header.function_code)[];
+		AUTHENTICATE_ERR  -> auth_err: Request_Objects(app_header.function_code)[];
+		default -> unknown: bytestring &restofdata;
+	};
+} &byteorder = bigendian
+  &length= 9 + addin_header.len - 5 - 1;
+
+type Debug_Byte = record {
+	debug: bytestring &restofdata;
+};
+
+type DNP3_Response = record {
+	addin_header: Header_Block;
+	app_header: DNP3_Application_Response_Header;
+	data: case ( app_header.function_code ) of {
+		RESPONSE -> response_objects: Response_Objects(app_header.function_code)[];
+		UNSOLICITED_RESPONSE -> unsolicited_response_objects: Response_Objects(app_header.function_code)[];
+		AUTHENTICATE_RESP -> auth_response: Response_Objects(app_header.function_code)[];
+		default -> unknown: Debug_Byte;
+	};
+} &byteorder = bigendian
+  &length= 9 + addin_header.len - 5 - 1'
+
+type DNP3_Application_Request_Header = record {
+	empty: bytestring &length = 0; # Work-around BinPAC problem.
+	application_control : uint8;
+	function_code       : uint8 ;
+} &length = 2;
+
+type DNP3_Application_Response_Header = record {
+	empty: bytestring &length = 0; # Work-around BinPAC problem.
+	application_control  : uint8;
+	function_code	: uint8;
+	internal_indications : uint16;
+} &length = 4;
+
+type Request_Objects(function_code: uint8) = record {
+	object_header: Object_Header(function_code);
+	data: case (object_header.object_type_field) of {
+		0x0c03 -> bocmd_PM: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) + 1 ];
+		0x3202 -> time_interval_ojbects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item]
+							&check( object_header.qualifer_field == 0x0f && object_header.number_of_item == 0x01);
+		default -> ojbects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
+	};
+	# dump_data is always empty; I intend to use it for checking some conditions;
+	# However, in the current binpac implementation, &check is not implemented
+	dump_data: case (function_code) of {
+		OPEN_FILE -> open_file_dump: empty &check(object_header.object_type_field == 0x4603);
+		CLOSE_FILE -> close_file_dump: empty &check(object_header.object_type_field == 0x4604);
+		DELETE_FILE -> delete_file_dump: empty &check(object_header.object_type_field == 0x4603);
+		ABORT_FILE -> abort_file_dump: empty &check(object_header.object_type_field == 0x4604);
+		GET_FILE_INFO -> get_file_info: empty &check(object_header.object_type_field == 0x4607);
+		AUTHENTICATE_FILE  -> auth_file: empty &check(object_header.object_type_field == 0x4602);
+		ACTIVATE_CONFIG  -> active_config: empty &check(object_header.object_type_field == 0x4608 || (object_header.object_type_field & 0xFF00) == 0x6E00);
+		default -> default_dump: empty;
+	};
+};
+
+type Response_Objects(function_code: uint8) = record {
+	object_header: Object_Header(function_code);
+	data: case (object_header.object_type_field) of {
+		0x0101 -> biwoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ];
+		0x0301 -> diwoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ];
+		0x0a01 -> bowoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ];
+		0x0c03 -> bocmd_PM: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ];
+		default -> ojbects: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
+	};
+};
+
+type Object_Header(function_code: uint8) = record {
+	object_type_field: uint16 ;
+	qualifier_field: uint8 ;
+	range_field: case ( qualifier_field & 0x0f ) of {
+		0 -> range_field_0: Range_Field_0 &check(range_field_0.stop_index >= range_field_0.start_index);
+		1 -> range_field_1: Range_Field_1 &check(range_field_1.stop_index >= range_field_1.start_index);
+		2 -> range_field_2: Range_Field_2 &check(range_field_2.stop_index >= range_field_2.start_index);
+		3 -> range_field_3: Range_Field_3;
+		4 -> range_field_4: Range_Field_4;
+		5 -> range_field_5: Range_Field_5;
+		6 -> range_field_6: empty;
+		7 -> range_field_7: uint8;
+		8 -> range_field_8: uint16;
+		9 -> range_field_9: uint32;
+		0x0b -> range_field_b: uint8;
+		default -> unknown: bytestring &restofdata &check(0);
+	};
+	# dump_data is always empty; used to check dependency bw object_type_field and qualifier_field
+	dump_data: case ( object_type_field & 0xff00 ) of {
+		0x3C00 -> dump_3c: empty &check( (object_type_field == 0x3C01 || object_type_field == 0x3C02 || object_type_field == 0x3C03 || object_type_field == 0x3C04) && ( qualifier_field == 0x06 ) );
+		default -> dump_def: empty;
+	};
+}
+      &let{
+	number_of_item: int = case (qualifier_field & 0x0f) of {
+		0 -> (range_field_0.stop_index - range_field_0.start_index + 1);
+		1 -> (range_field_1.stop_index - range_field_1.start_index + 1);
+		2 -> (range_field_2.stop_index - range_field_2.start_index + 1);
+		7 -> range_field_7;
+		8 -> ( range_field_8 & 0x0ff )* 0x100 + ( range_field_8 / 0x100 ) ;
+		9 -> ( range_field_9 & 0x000000ff )* 0x1000000 + (range_field_9 & 0x0000ff00) * 0x100 + (range_field_9 & 0x00ff0000) / 0x100 + (range_field_9 & 0xff000000) / 0x1000000 ;
+		0x0b -> range_field_b;
+		default -> 0;
+	};
+	rf_value_low: int = case (qualifier_field & 0x0f) of {
+		0 -> 0 + range_field_0.start_index;
+		1 -> range_field_1.start_index;
+		2 -> range_field_2.start_index;
+		3 -> range_field_3.start_addr;
+		4 -> range_field_4.start_addr;
+		5 -> range_field_5.start_addr;
+		6 -> 0xffff;
+		7 -> range_field_7;
+		8 -> range_field_8;
+		9 -> range_field_9;
+		0x0b -> range_field_b;
+		default -> 0 ;
+	};
+	rf_value_high: int = case (qualifier_field & 0x0f) of {
+		0 -> 0 + range_field_0.stop_index;
+		1 -> range_field_1.stop_index;
+		2 -> range_field_2.stop_index;
+		3 -> range_field_3.stop_addr;
+		4 -> range_field_4.stop_addr;
+		5 -> range_field_5.stop_addr;
+		6 -> 0xffff;
+		default -> 0 ;
+	};
+};
+
+type Range_Field_0 = record {
+	start_index: uint8;
+	stop_index: uint8;
+};
+
+type Range_Field_1 = record {
+	start_index: uint16;
+	stop_index: uint16;
+}
+  &byteorder = littleendian;
+
+type Range_Field_2 = record {
+	start_index: uint32;
+	stop_index: uint32;
+}
+  &byteorder = littleendian;
+
+type Range_Field_3 = record {
+	start_addr: uint8;
+	stop_addr: uint8;
+};
+
+type Range_Field_4 = record {
+	start_addr: uint16;
+	stop_addr: uint16;
+};
+
+type Range_Field_5 = record {
+	start_addr: uint32;
+	stop_addr: uint32;
+};
+
+enum function_codes_value {
+	CONFIRM = 0x00,
+	READ = 0x01,
+	WRITE = 0x02,
+	SELECT = 0x03,
+	OPERATE = 0x04,
+	DIRECT_OPERATE = 0x05,
+	DIRECT_OPERATE_NR = 0x06,
+	IMMED_FREEZE = 0x07,
+	IMMED_FREEZE_NR = 0x08,
+	FREEZE_CLEAR = 0x09,
+	FREEZE_CLEAR_NR = 0x0a,
+	FREEZE_AT_TIME = 0x0b,
+	FREEZE_AT_TIME_NR = 0x0c,
+	COLD_RESTART = 0x0d,
+	WARM_RESTART = 0x0e,
+	INITIALIZE_DATA = 0x0f,
+	INITIALIZE_APPL = 0x10,
+	START_APPL = 0x11,
+	STOP_APPL = 0x12,
+	SAVE_CONFIG = 0x13,
+	ENABLE_UNSOLICITED = 0x14,
+	DISABLE_UNSOLICITED = 0x15,
+	ASSIGN_CLASS = 0x16,
+	DELAY_MEASURE = 0x17,
+	RECORD_CURRENT_TIME = 0x18,
+	OPEN_FILE = 0x19,
+	CLOSE_FILE = 0x1a,
+	DELETE_FILE = 0x1b,
+	GET_FILE_INFO = 0x1c,
+	AUTHENTICATE_FILE = 0x1d,
+	ABORT_FILE = 0x1e,
+	ACTIVATE_CONFIG = 0x1f,
+	AUTHENTICATE_REQ = 0x20,
+	AUTHENTICATE_ERR = 0x21,
+# reserved
+	RESPONSE = 0x81,
+	UNSOLICITED_RESPONSE = 0x82,
+	AUTHENTICATE_RESP = 0x83,
+# reserved
+};
+
+%include dnp3-objects.pac
diff --git a/src/analyzer/protocol/dnp3/dnp3.pac b/src/analyzer/protocol/dnp3/dnp3.pac
new file mode 100644
index 0000000000..57005fd8e1
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/dnp3.pac
@@ -0,0 +1,16 @@
+
+%include binpac.pac
+%include bro.pac
+
+%extern{
+#include "events.bif.h"
+%}
+
+analyzer DNP3 withcontext {
+	connection:	DNP3_Conn;
+	flow:		DNP3_Flow;
+};
+
+%include dnp3-protocol.pac
+%include dnp3-analyzer.pac
+
diff --git a/src/analyzer/protocol/dnp3/events.bif b/src/analyzer/protocol/dnp3/events.bif
new file mode 100644
index 0000000000..b537d2f8a5
--- /dev/null
+++ b/src/analyzer/protocol/dnp3/events.bif
@@ -0,0 +1,241 @@
+
+### event handler that is used to analyze network packets based on DNP3 protocol
+### starts with dnp3_
+### In src/DNP3.cc, we include detailed descriptions on how DNP3 Pseudo Link Layer, 
+### DNP3 Pseudo Transport Layer, DNP3 Pseudo Application Layer are packed into application 
+### layer payload over TCP 
+### The event handlers defined for binpac DNP3 analyzer are used to analyze fields 
+### of the DNP3 Pseudo Application Layer.  
+### we have tried our best to name the event handler by the field names that is described 
+### in DNP3 Specification Volum 2, Part 1 Basic, Application Layer, DNP3 Specification 
+### Volum 4, Data Link Layer, DNP3 Specification Volum 6, Part 1 Basic, DNP3 OBJECT LIBRARY, 
+### DNP3 Specification Volum 6, Part 2 Objects, DNP3 OBJECT LIBRARY 
+
+event dnp3_debug_bufferBytes%(c: connection , is_orig: bool, buffer_bytes: count%);
+
+
+## Generated for the request header in Pseudo Application Layer. 
+## The request header contains two fields: 
+##    fc: function code.
+event dnp3_application_request_header%(c: connection, is_orig: bool, fc: count%);
+
+## Generated for the response header in Pseudo Application Layer.
+## The response header contains three fields:
+##    app_control: application control field.
+##    fc: function code.
+##    iin: internal indication number  
+event dnp3_application_response_header%(c: connection, is_orig: bool, fc: count, iin: count%);
+
+## Generated for the object header found in both DNP3 requests and responses
+##    obj_type: type of object, which is classified based on an 8-bit group number and an 8-bit variation number
+##    qua_field: qualifier field
+##    rf_low, rf_high: the structure of the range field depends on the qualified field. In some cases, range field 
+##       contain only one logic part, e.g., number of objects, so only rf_low contains the useful values; in some 
+##       cases, range field contain two logic parts, e.g., start index and stop index, so rf_low contains the start
+##       index while rf_high contains the stop index  
+event dnp3_object_header%(c: connection, is_orig: bool, obj_type: count, qua_field: count, number: count, rf_low: count, rf_high: count%);
+
+## Generated for the prefix before each object. 
+##   the structure and the meaning of the prefix are defined by the qualifier field
+event dnp3_object_prefix%(c: connection, is_orig: bool, prefix_value: count%);
+
+## Generated for the additional header that is added by the DNP3.cc; 
+## the reason to add this header is found in DNP3.cc
+##      start: the first two bytes of the DNP3 Pseudo Link Layer; its value is fixed as 0x0564
+##      len:   the "length" field in the DNP3 Pseudo Link Layer
+##      ctrl:  the "control" field in the DNP3 Pseudo Link Layer
+##      dest_addr: the "destination" field in the DNP3 Pseudo Link Layer
+##      src_addr: the "source" field in the DNP3 Pseudo Link Layer
+event dnp3_header_block%(c: connection, is_orig: bool, start: count, len: count, ctrl: count, dest_addr: count, src_addr: count%);
+
+## Generated for "Response_Data_Object"
+## the "Response_Data_Object" contains two parts: object prefix and objects data. 
+## In most cases, objects data are defined by new record types. But in a few
+## cases, objects data are directly basic types, such as int16, or int8; thus we use
+## a additional data_value to record the values of those object data. 
+event dnp3_response_data_object%(c: connection, is_orig: bool, data_value: count%);
+
+## Different from most binpac scripts, which consists only two pac files: *-analyzer.pac
+## and *-protocol.pac. I use a separate pac files, i.e., dnp3-objects.pac to contain 
+## different types of object data. 
+## The following event handlers are all generated for the different object data types.
+
+event dnp3_attribute_common%(c: connection, is_orig: bool, data_type_code: count, leng: count, attribute_obj: string%);
+
+## Generated for the object with the group number 12 and variation number 1
+## CROB: control relay output block
+event dnp3_crob%(c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count%);
+
+## Generated for the object with the group number 12 and variation number 2
+## PCB: Pattern Control Block
+event dnp3_pcb%(c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count%);
+
+## Generated for the object with the group number 20 and variation number 1
+## counter 32 bit with flag
+event dnp3_counter_32wFlag%(c: connection, is_orig: bool, flag: count, count_value: count%);
+
+## Generated for the object with the group number 20 and variation number 2
+## counter 16 bit with flag
+event dnp3_counter_16wFlag%(c: connection, is_orig: bool, flag: count, count_value: count%);
+
+## Generated for the object with the group number 20 and variation number 5
+## counter 32 bit without flag
+event dnp3_counter_32woFlag%(c: connection, is_orig: bool, count_value: count%);
+
+## Generated for the object with the group number 20 and variation number 6
+## counter 16 bit without flag
+event dnp3_counter_16woFlag%(c: connection, is_orig: bool, count_value: count%);
+
+## Generated for the object with the group number 21 and variation number 1
+## frozen counter 32 bit with flag
+event dnp3_frozen_counter_32wFlag%(c: connection, is_orig: bool, flag:count, count_value: count%);
+
+## Generated for the object with the group number 21 and variation number 2
+## frozen counter 16 bit with flag
+event dnp3_frozen_counter_16wFlag%(c: connection, is_orig: bool, flag:count, count_value: count%);
+
+## Generated for the object with the group number 21 and variation number 5
+## frozen counter 32 bit with flag and time
+event dnp3_frozen_counter_32wFlagTime%(c: connection, is_orig: bool, flag:count, count_value: count, time48: string%);
+
+## Generated for the object with the group number 21 and variation number 6
+## frozen counter 16 bit with flag and time
+event dnp3_frozen_counter_16wFlagTime%(c: connection, is_orig: bool, flag:count, count_value: count, time48: string%);
+
+## Generated for the object with the group number 21 and variation number 9
+## frozen counter 32 bit without flag
+event dnp3_frozen_counter_32woFlag%(c: connection, is_orig: bool, count_value: count%);
+
+## Generated for the object with the group number 21 and variation number 10
+## frozen counter 16 bit without flag
+event dnp3_frozen_counter_16woFlag%(c: connection, is_orig: bool, count_value: count%);
+
+## Generated for the object with the group number 30 and variation number 1
+## analog input 32 bit with flag
+event dnp3_analog_input_32wFlag%(c: connection, is_orig: bool, flag: count, value: count%);
+
+## Generated for the object with the group number 30 and variation number 2
+## analog input 16 bit with flag
+event dnp3_analog_input_16wFlag%(c: connection, is_orig: bool, flag: count, value: count%);
+
+## Generated for the object with the group number 30 and variation number 3
+## analog input 32 bit without flag
+event dnp3_analog_input_32woFlag%(c: connection, is_orig: bool, value: count%);
+
+## Generated for the object with the group number 30 and variation number 4
+## analog input 16 bit without flag
+event dnp3_analog_input_16woFlag%(c: connection, is_orig: bool, value: count%);
+
+## Generated for the object with the group number 30 and variation number 5
+## analog input single precision, float point with flag 
+event dnp3_analog_input_SPwFlag%(c: connection, is_orig: bool, flag: count, value: count%);
+
+## Generated for the object with the group number 30 and variation number 6
+## analog input double precision, float point with flag
+event dnp3_analog_input_DPwFlag%(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count%);
+
+## Generated for the object with the group number 31 and variation number 1
+## frozen analog input 32 bit with flag
+event dnp3_frozen_analog_input_32wFlag%(c: connection, is_orig: bool, flag: count, frozen_value: count%);
+
+## Generated for the object with the group number 31 and variation number 2
+## frozen analog input 16 bit with flag
+event dnp3_frozen_analog_input_16wFlag%(c: connection, is_orig: bool, flag: count, frozen_value: count%);
+
+## Generated for the object with the group number 31 and variation number 3
+## frozen analog input 32 bit with time-of-freeze
+event dnp3_frozen_analog_input_32wTime%(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string%);
+
+## Generated for the object with the group number 31 and variation number 4
+## frozen analog input 16 bit with time-of-freeze
+event dnp3_frozen_analog_input_16wTime%(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string%);
+
+## Generated for the object with the group number 31 and variation number 5
+## frozen analog input 32 bit without flag
+event dnp3_frozen_analog_input_32woFlag%(c: connection, is_orig: bool, frozen_value: count%);
+
+## Generated for the object with the group number 31 and variation number 6
+## frozen analog input 16 bit without flag
+event dnp3_frozen_analog_input_16woFlag%(c: connection, is_orig: bool, frozen_value: count%);
+
+## Generated for the object with the group number 31 and variation number 7
+## frozen analog input single-precision, float point with flag
+event dnp3_frozen_analog_input_SPwFlag%(c: connection, is_orig: bool, flag: count, frozen_value: count%);
+
+## Generated for the object with the group number 31 and variation number 8
+## frozen analog input double-precision, float point with flag
+event dnp3_frozen_analog_input_DPwFlag%(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count%);
+
+## Generated for the object with the group number 32 and variation number 1
+## analog input event 32 bit without time
+event dnp3_analog_input_event_32woTime%(c: connection, is_orig: bool, flag: count, value: count%);
+
+## Generated for the object with the group number 32 and variation number 2
+## analog input event 16 bit without time
+event dnp3_analog_input_event_16woTime%(c: connection, is_orig: bool, flag: count, value: count%);
+
+## Generated for the object with the group number 32 and variation number 3
+## analog input event 32 bit with time
+event dnp3_analog_input_event_32wTime%(c: connection, is_orig: bool, flag: count, value: count, time48: string%);
+
+## Generated for the object with the group number 32 and variation number 4
+## analog input event 16 bit with time
+event dnp3_analog_input_event_16wTime%(c: connection, is_orig: bool, flag: count, value: count, time48: string%);
+
+## Generated for the object with the group number 32 and variation number 5
+## analog input event single-precision float point without time
+event dnp3_analog_input_event_SPwoTime%(c: connection, is_orig: bool, flag: count, value: count%);
+
+## Generated for the object with the group number 32 and variation number 6
+## analog input event double-precision float point without time
+event dnp3_analog_input_event_DPwoTime%(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count%);
+
+## Generated for the object with the group number 32 and variation number 7
+## analog input event single-precision float point with time
+event dnp3_analog_input_event_SPwTime%(c: connection, is_orig: bool, flag: count, value: count, time48: string%);
+
+## Generated for the object with the group number 32 and variation number 8
+## analog input event double-precisiion float point with time
+event dnp3_analog_input_event_DPwTime%(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: string%);
+
+## Generated for the object with the group number 33 and variation number 1
+## frozen analog input event 32 bit without time
+event dnp3_frozen_analog_input_event_32woTime%(c: connection, is_orig: bool, flag: count, frozen_value: count%);
+
+## Generated for the object with the group number 33 and variation number 2
+## frozen analog input event 16 bit without time
+event dnp3_frozen_analog_input_event_16woTime%(c: connection, is_orig: bool, flag: count, frozen_value: count%);
+
+## Generated for the object with the group number 33 and variation number 3
+## frozen analog input event 32 bit with time
+event dnp3_frozen_analog_input_event_32wTime%(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string%);
+
+## Generated for the object with the group number 33 and variation number 4
+## frozen analog input event 16 bit with time
+event dnp3_frozen_analog_input_event_16wTime%(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string%);
+
+## Generated for the object with the group number 33 and variation number 5
+## frozen analog input event single-precision float point without time
+event dnp3_frozen_analog_input_event_SPwoTime%(c: connection, is_orig: bool, flag: count, frozen_value: count%);
+
+## Generated for the object with the group number 33 and variation number 6
+## frozen analog input event double-precision float point without time
+event dnp3_frozen_analog_input_event_DPwoTime%(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count%);
+
+## Generated for the object with the group number 33 and variation number 7
+## frozen analog input event single-precision float point with time
+event dnp3_frozen_analog_input_event_SPwTime%(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string%);
+
+## Generated for the object with the group number 34 and variation number 8
+## frozen analog input event double-precision float point with time
+event dnp3_frozen_analog_input_event_DPwTime%(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count, time48: string%);
+
+## g70
+event dnp3_file_transport%(c: connection, is_orig: bool, file_handle: count, block_num: count, file_data: string%);
+
+## Generated for the "Debug_Byte" for the binpac analyzer
+## This event handler is left for the debug usage. 
+## For example, in the binpac analyzer, a unknown "case" generated 
+## this event; the user can base on the debug the byte string to check
+## what cause the malformed network packets
+event dnp3_debug_byte%(c: connection, is_orig: bool, debug: string%);
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/coverage
new file mode 100644
index 0000000000..62a0937c09
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/coverage
@@ -0,0 +1 @@
+6 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/dnp3.log
new file mode 100644
index 0000000000..2d702295dc
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/dnp3.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-47
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1324503054.884183	UWkUyAuUGXf	130.126.142.250	49413	130.126.140.229	20000	DELAY_MEASURE	RESPONSE	0
+#close	2013-08-02-00-08-47
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/output
new file mode 100644
index 0000000000..5bd7d932bc
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/output
@@ -0,0 +1,7 @@
+dnp3_header_block, T, 25605, 8, 196, 2, 3
+dnp3_application_request_header, T, 23
+dnp3_header_block, F, 25605, 16, 68, 3, 2
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 13314, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/coverage
new file mode 100644
index 0000000000..8535338ace
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/coverage
@@ -0,0 +1 @@
+4 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/dnp3.log
new file mode 100644
index 0000000000..58127c313d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/dnp3.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-48
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1324916729.150101	UWkUyAuUGXf	130.126.142.250	50059	130.126.140.229	20000	ENABLE_UNSOLICITED	RESPONSE	0
+#close	2013-08-02-00-08-48
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/output
new file mode 100644
index 0000000000..16491bb3a5
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/output
@@ -0,0 +1,7 @@
+dnp3_header_block, T, 25605, 17, 196, 2, 3
+dnp3_application_request_header, T, 20
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 2
+dnp3_application_response_header, F, 129, 0
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/coverage
new file mode 100644
index 0000000000..62a0937c09
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/coverage
@@ -0,0 +1 @@
+6 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/dnp3.log
new file mode 100644
index 0000000000..c60080fee0
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/dnp3.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-48
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1325044377.992570	UWkUyAuUGXf	130.126.142.250	50301	130.126.140.229	20000	DELETE_FILE	RESPONSE	0
+#close	2013-08-02-00-08-48
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/output
new file mode 100644
index 0000000000..37ccbc5bc9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/output
@@ -0,0 +1,9 @@
+dnp3_header_block, T, 25605, 99, 196, 4, 3
+dnp3_application_request_header, T, 27
+dnp3_object_header, T, 17923, 91, 1, 1, 0
+dnp3_object_prefix, T, 85
+dnp3_header_block, F, 25605, 29, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 17924, 91, 1, 1, 0
+dnp3_object_prefix, F, 13
+dnp3_response_data_object, F, 255
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/coverage
new file mode 100644
index 0000000000..c71c9033a1
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/coverage
@@ -0,0 +1 @@
+9 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log
new file mode 100644
index 0000000000..80cfa7caec
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log
@@ -0,0 +1,14 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-49
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1325036012.621691	UWkUyAuUGXf	130.126.142.250	50276	130.126.140.229	20000	OPEN_FILE	RESPONSE	4096
+1325036016.729050	UWkUyAuUGXf	130.126.142.250	50276	130.126.140.229	20000	READ	RESPONSE	4096
+1325036019.765502	UWkUyAuUGXf	130.126.142.250	50276	130.126.140.229	20000	WRITE	RESPONSE	0
+1325036022.292689	UWkUyAuUGXf	130.126.142.250	50276	130.126.140.229	20000	WRITE	RESPONSE	0
+1325036024.820857	UWkUyAuUGXf	130.126.142.250	50276	130.126.140.229	20000	CLOSE_FILE	RESPONSE	0
+#close	2013-08-02-00-08-49
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output
new file mode 100644
index 0000000000..1a4971a9e3
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output
@@ -0,0 +1,45 @@
+dnp3_header_block, T, 25605, 50, 196, 4, 3
+dnp3_application_request_header, T, 25
+dnp3_object_header, T, 17923, 91, 1, 1, 0
+dnp3_object_prefix, T, 36
+dnp3_header_block, F, 25605, 29, 68, 3, 4
+dnp3_application_response_header, F, 129, 4096
+dnp3_object_header, F, 17924, 91, 1, 1, 0
+dnp3_object_prefix, F, 13
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 22, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 17925, 91, 1, 1, 0
+dnp3_object_prefix, T, 8
+dnp3_file_transport, T, 305419896, 0
+                                                  ^J
+dnp3_header_block, F, 25605, 255, 68, 3, 4
+dnp3_application_response_header, F, 129, 4096
+dnp3_object_header, F, 17925, 91, 1, 1, 0
+dnp3_object_prefix, F, 838
+dnp3_file_transport, F, 305419896, 2147483648
+0000  ef bb bf 3c 3f 78 6d 6c  20 76 65 72 73 69 6f 6e  ...<?xml  version^J0010  3d 22 31 2e 30 22 20 65  6e 63 6f 64 69 6e 67 3d  ="1.0" e ncoding=^J0020  22 75 74 66 2d 38 22 3f  3e 0d 0a 3c 3f 78 6d 6c  "utf-8"? >..<?xml^J0030  2d 73 74 79 6c 65 73 68  65 65 74 20 74 79 70 65  -stylesh eet type^J0040  3d 27 74 65 78 74 2f 78  73 6c 27 20 68 72 65 66  ='text/x sl' href^J0050  3d 27 44 4e 50 33 44 65  76 69 63 65 50 72 6f 66  ='DNP3De viceProf^J0060  69 6c 65 4a 61 6e 32 30  31 30 2e 78 73 6c 74 27  ileJan20 10.xslt'^J0070  20 6d 65 64 69 61 3d 27  73 63 72 65 65 6e 27 3f   media=' screen'?^J0080  3e 0d 0a 3c 44 4e 50 33  44 65 76 69 63 65 50 72  >..<DNP3 DevicePr^J0090  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 20 78 6d  ofileDoc ument xm^J00a0  6c 6e 73 3a 78 73 69 3d  22 68 74 74 70 3a 2f 2f  lns:xsi= "http://^J00b0  77 77 77 2e 77 33 2e 6f  72 67 2f 32 30 30 31 2f  www.w3.o rg/2001/^J00c0  58 4d 4c 53 63 68 65 6d  61 2d 69 6e 73 74 61 6e  XMLSchem a-instan^J00d0  63 65 22 20 78 6d 6c 6e  73 3a 78 73 64 3d 22 68  ce" xmln s:xsd="h^J00e0  74 74 70 3a 2f 2f 77 77  77 2e 77 33 2e 6f 72 67  ttp://ww w.w3.org^J00f0  2f 32 30 30 31 2f 58 4d  4c 53 63 68 65 6d 61 22  /2001/XM LSchema"^J0100  20 73 63 68 65 6d 61 56  65 72 73 69 6f 6e 3d 22   schemaV ersion="^J0110  32 2e 30 37 2e 30 30 22  20 78 6d 6c 6e 73 3d 22  2.07.00"  xmlns="^J0120  68 74 74 70 3a 2f 2f 77  77 77 2e 64 6e 70 33 2e  http://w ww.dnp3.^J0130  6f 72 67 2f 44 4e 50 33  2f 44 65 76 69 63 65 50  org/DNP3 /DeviceP^J0140  72 6f 66 69 6c 65 2f 4a  61 6e 32 30 31 30 22 3e  rofile/J an2010">^J0150  0d 0a 20 20 3c 21 2d 2d  44 6f 63 75 6d 65 6e 74  ..  <!-- Document^J0160  20 48 65 61 64 65 72 2d  2d 3e 0d 0a 20 20 3c 64   Header- ->..  <d^J0170  6f 63 75 6d 65 6e 74 48  65 61 64 65 72 3e 0d 0a  ocumentH eader>..^J0180  20 20 20 20 3c 64 6f 63  75 6d 65 6e 74 4e 61 6d      <doc umentNam^J0190  65 3e 41 20 44 4e 50 33  20 58 4d 4c 20 46 69 6c  e>A DNP3  XML Fil^J01a0  65 3c 2f 64 6f 63 75 6d  65 6e 74 4e 61 6d 65 3e  e</docum entName>^J01b0  0d 0a 20 20 20 20 3c 64  6f 63 75 6d 65 6e 74 44  ..    <d ocumentD^J01c0  65 73 63 72 69 70 74 69  6f 6e 3e 54 68 69 73 20  escripti on>This ^J01d0  69 73 20 61 20 44 4e 50  33 20 43 6f 6d 70 6c 65  is a DNP 3 Comple^J01e0  74 65 20 44 65 76 69 63  65 20 50 72 6f 66 69 6c  te Devic e Profil^J01f0  65 20 66 6f 72 20 44 4e  50 20 4f 75 74 73 74 61  e for DN P Outsta^J0200  74 69 6f 6e 20 69 6e 20  74 68 65 20 54 4d 57 20  tion in  the TMW ^J0210  43 6f 6d 6d 75 6e 69 63  61 74 69 6f 6e 20 50 72  Communic ation Pr^J0220  6f 74 6f 63 6f 6c 20 54  65 73 74 20 48 61 72 6e  otocol T est Harn^J0230  65 73 73 3c 2f 64 6f 63  75 6d 65 6e 74 44 65 73  ess</doc umentDes^J0240  63 72 69 70 74 69 6f 6e  3e 0d 0a 20 20 20 20 3c  cription >..    <^J0250  72 65 76 69 73 69 6f 6e  48 69 73 74 6f 72 79 20  revision History ^J0260  76 65 72 73 69 6f 6e 3d  22 32 22 3e 0d 0a 20 20  version= "2">..  ^J0270  20 20 20 20 3c 64 61 74  65 3e 32 30 31 30 2d 31      <dat e>2010-1^J0280  32 2d 30 31 3c 2f 64 61  74 65 3e 0d 0a 20 20 20  2-01</da te>..   ^J0290  20 20 20 3c 61 75 74 68  6f 72 3e 53 74 65 76 65     <auth or>Steve^J02a0  20 4d 63 43 6f 79 3c 2f  61 75 74 68 6f 72 3e 0d   McCoy</ author>.^J02b0  0a 20 20 20 20 20 20 3c  72 65 61 73 6f 6e 3e 44  .      < reason>D^J02c0  6f 63 75 6d 65 6e 74 65  64 20 54 65 73 74 20 48  ocumente d Test H^J02d0  61 72 6e 65 73 73 20 53  44 4e 50 20 44 65 76 69  arness S DNP Devi^J02e0  63 65 20 50 72 6f 66 69  6c 65 3c 2f 72 65 61 73  ce Profi le</reas^J02f0  6f 6e 3e 0d 0a 20 20 20  20 3c 2f 72 65 76 69 73  on>..     </revis^J0300  69 6f 6e 48 69 73 74 6f  72 79 3e 0d 0a 20 20 3c  ionHisto ry>..  <^J0310  2f 64 6f 63 75 6d 65 6e  74 48 65 61 64 65 72 3e  /documen tHeader>^J0320  0d 0a 3c 2f 44 4e 50 33  44 65 76 69 63 65 50 72  ..</DNP3 DevicePr^J0330  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 3e        ofileDoc ument>^J
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, T, 25605, 18, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 12801, 7, 1, 1, 0
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, T, 25605, 18, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 12801, 7, 1, 1, 0
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, T, 25605, 27, 196, 4, 3
+dnp3_application_request_header, T, 26
+dnp3_object_header, T, 17924, 91, 1, 1, 0
+dnp3_object_prefix, T, 13
+dnp3_header_block, F, 25605, 29, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 17924, 91, 1, 1, 0
+dnp3_object_prefix, F, 13
+dnp3_response_data_object, F, 255
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/coverage
new file mode 100644
index 0000000000..8b49d3e5ea
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/coverage
@@ -0,0 +1 @@
+8 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log
new file mode 100644
index 0000000000..818fdd79a0
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log
@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-49
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1325043635.216629	UWkUyAuUGXf	130.126.142.250	50300	130.126.140.229	20000	OPEN_FILE	RESPONSE	0
+1325043637.790287	UWkUyAuUGXf	130.126.142.250	50300	130.126.140.229	20000	WRITE	RESPONSE	0
+1325043638.820071	UWkUyAuUGXf	130.126.142.250	50300	130.126.140.229	20000	CLOSE_FILE	RESPONSE	0
+#close	2013-08-02-00-08-49
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output
new file mode 100644
index 0000000000..21ff14d794
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output
@@ -0,0 +1,29 @@
+dnp3_header_block, T, 25605, 99, 196, 4, 3
+dnp3_application_request_header, T, 25
+dnp3_object_header, T, 17923, 91, 1, 1, 0
+dnp3_object_prefix, T, 85
+dnp3_header_block, F, 25605, 29, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 17924, 91, 1, 1, 0
+dnp3_object_prefix, F, 13
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 255, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 17925, 91, 1, 1, 0
+dnp3_object_prefix, T, 838
+dnp3_file_transport, T, 305419896, 2147483648
+0000  ef bb bf 3c 3f 78 6d 6c  20 76 65 72 73 69 6f 6e  ...<?xml  version^J0010  3d 22 31 2e 30 22 20 65  6e 63 6f 64 69 6e 67 3d  ="1.0" e ncoding=^J0020  22 75 74 66 2d 38 22 3f  3e 0d 0a 3c 3f 78 6d 6c  "utf-8"? >..<?xml^J0030  2d 73 74 79 6c 65 73 68  65 65 74 20 74 79 70 65  -stylesh eet type^J0040  3d 27 74 65 78 74 2f 78  73 6c 27 20 68 72 65 66  ='text/x sl' href^J0050  3d 27 44 4e 50 33 44 65  76 69 63 65 50 72 6f 66  ='DNP3De viceProf^J0060  69 6c 65 4a 61 6e 32 30  31 30 2e 78 73 6c 74 27  ileJan20 10.xslt'^J0070  20 6d 65 64 69 61 3d 27  73 63 72 65 65 6e 27 3f   media=' screen'?^J0080  3e 0d 0a 3c 44 4e 50 33  44 65 76 69 63 65 50 72  >..<DNP3 DevicePr^J0090  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 20 78 6d  ofileDoc ument xm^J00a0  6c 6e 73 3a 78 73 69 3d  22 68 74 74 70 3a 2f 2f  lns:xsi= "http://^J00b0  77 77 77 2e 77 33 2e 6f  72 67 2f 32 30 30 31 2f  www.w3.o rg/2001/^J00c0  58 4d 4c 53 63 68 65 6d  61 2d 69 6e 73 74 61 6e  XMLSchem a-instan^J00d0  63 65 22 20 78 6d 6c 6e  73 3a 78 73 64 3d 22 68  ce" xmln s:xsd="h^J00e0  74 74 70 3a 2f 2f 77 77  77 2e 77 33 2e 6f 72 67  ttp://ww w.w3.org^J00f0  2f 32 30 30 31 2f 58 4d  4c 53 63 68 65 6d 61 22  /2001/XM LSchema"^J0100  20 73 63 68 65 6d 61 56  65 72 73 69 6f 6e 3d 22   schemaV ersion="^J0110  32 2e 30 37 2e 30 30 22  20 78 6d 6c 6e 73 3d 22  2.07.00"  xmlns="^J0120  68 74 74 70 3a 2f 2f 77  77 77 2e 64 6e 70 33 2e  http://w ww.dnp3.^J0130  6f 72 67 2f 44 4e 50 33  2f 44 65 76 69 63 65 50  org/DNP3 /DeviceP^J0140  72 6f 66 69 6c 65 2f 4a  61 6e 32 30 31 30 22 3e  rofile/J an2010">^J0150  0d 0a 20 20 3c 21 2d 2d  44 6f 63 75 6d 65 6e 74  ..  <!-- Document^J0160  20 48 65 61 64 65 72 2d  2d 3e 0d 0a 20 20 3c 64   Header- ->..  <d^J0170  6f 63 75 6d 65 6e 74 48  65 61 64 65 72 3e 0d 0a  ocumentH eader>..^J0180  20 20 20 20 3c 64 6f 63  75 6d 65 6e 74 4e 61 6d      <doc umentNam^J0190  65 3e 41 20 44 4e 50 33  20 58 4d 4c 20 46 69 6c  e>A DNP3  XML Fil^J01a0  65 3c 2f 64 6f 63 75 6d  65 6e 74 4e 61 6d 65 3e  e</docum entName>^J01b0  0d 0a 20 20 20 20 3c 64  6f 63 75 6d 65 6e 74 44  ..    <d ocumentD^J01c0  65 73 63 72 69 70 74 69  6f 6e 3e 54 68 69 73 20  escripti on>This ^J01d0  69 73 20 61 20 44 4e 50  33 20 43 6f 6d 70 6c 65  is a DNP 3 Comple^J01e0  74 65 20 44 65 76 69 63  65 20 50 72 6f 66 69 6c  te Devic e Profil^J01f0  65 20 66 6f 72 20 44 4e  50 20 4f 75 74 73 74 61  e for DN P Outsta^J0200  74 69 6f 6e 20 69 6e 20  74 68 65 20 54 4d 57 20  tion in  the TMW ^J0210  43 6f 6d 6d 75 6e 69 63  61 74 69 6f 6e 20 50 72  Communic ation Pr^J0220  6f 74 6f 63 6f 6c 20 54  65 73 74 20 48 61 72 6e  otocol T est Harn^J0230  65 73 73 3c 2f 64 6f 63  75 6d 65 6e 74 44 65 73  ess</doc umentDes^J0240  63 72 69 70 74 69 6f 6e  3e 0d 0a 20 20 20 20 3c  cription >..    <^J0250  72 65 76 69 73 69 6f 6e  48 69 73 74 6f 72 79 20  revision History ^J0260  76 65 72 73 69 6f 6e 3d  22 32 22 3e 0d 0a 20 20  version= "2">..  ^J0270  20 20 20 20 3c 64 61 74  65 3e 32 30 31 30 2d 31      <dat e>2010-1^J0280  32 2d 30 31 3c 2f 64 61  74 65 3e 0d 0a 20 20 20  2-01</da te>..   ^J0290  20 20 20 3c 61 75 74 68  6f 72 3e 53 74 65 76 65     <auth or>Steve^J02a0  20 4d 63 43 6f 79 3c 2f  61 75 74 68 6f 72 3e 0d   McCoy</ author>.^J02b0  0a 20 20 20 20 20 20 3c  72 65 61 73 6f 6e 3e 44  .      < reason>D^J02c0  6f 63 75 6d 65 6e 74 65  64 20 54 65 73 74 20 48  ocumente d Test H^J02d0  61 72 6e 65 73 73 20 53  44 4e 50 20 44 65 76 69  arness S DNP Devi^J02e0  63 65 20 50 72 6f 66 69  6c 65 3c 2f 72 65 61 73  ce Profi le</reas^J02f0  6f 6e 3e 0d 0a 20 20 20  20 3c 2f 72 65 76 69 73  on>..     </revis^J0300  69 6f 6e 48 69 73 74 6f  72 79 3e 0d 0a 20 20 3c  ionHisto ry>..  <^J0310  2f 64 6f 63 75 6d 65 6e  74 48 65 61 64 65 72 3e  /documen tHeader>^J0320  0d 0a 3c 2f 44 4e 50 33  44 65 76 69 63 65 50 72  ..</DNP3 DevicePr^J0330  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 3e        ofileDoc ument>^J
+dnp3_header_block, F, 25605, 25, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 17926, 91, 1, 1, 0
+dnp3_object_prefix, F, 9
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 27, 196, 4, 3
+dnp3_application_request_header, T, 26
+dnp3_object_header, T, 17924, 91, 1, 1, 0
+dnp3_object_prefix, T, 13
+dnp3_header_block, F, 25605, 29, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 17924, 91, 1, 1, 0
+dnp3_object_prefix, F, 13
+dnp3_response_data_object, F, 255
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/coverage
new file mode 100644
index 0000000000..e24077dd8a
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/coverage
@@ -0,0 +1 @@
+7 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/dnp3.log
new file mode 100644
index 0000000000..19d77bca87
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/dnp3.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-50
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1324327256.650425	UWkUyAuUGXf	130.126.142.250	51006	130.126.140.229	20000	READ	RESPONSE	0
+#close	2013-08-02-00-08-50
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/output
new file mode 100644
index 0000000000..81e33f5195
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/output
@@ -0,0 +1,88 @@
+dnp3_header_block, T, 25605, 20, 196, 2, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_object_header, T, 15361, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 116, 68, 3, 2
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 258, 0, 9, 0, 8
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 129
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 129
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_header, F, 2562, 0, 7, 0, 6
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_header, F, 7681, 0, 15, 0, 14
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 1007
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 3
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 1005
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 18446744073709539627
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 1005
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 12006
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 134423
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 0, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 134325
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 0, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 1, 134538
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 0, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 0, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 0, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_32wFlag, F, 0, 0
+dnp3_response_data_object, F, 255
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/coverage
new file mode 100644
index 0000000000..eb7ced3416
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/coverage
@@ -0,0 +1 @@
+3 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/dnp3.log
new file mode 100644
index 0000000000..c617f96cb9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/dnp3.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-50
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1324502980.465157	UWkUyAuUGXf	130.126.142.250	49412	130.126.140.229	20000	RECORD_CURRENT_TIME	RESPONSE	0
+#close	2013-08-02-00-08-50
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/output
new file mode 100644
index 0000000000..4b01aaaa3f
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/output
@@ -0,0 +1,4 @@
+dnp3_header_block, T, 25605, 8, 196, 2, 3
+dnp3_application_request_header, T, 24
+dnp3_header_block, F, 25605, 10, 68, 3, 2
+dnp3_application_response_header, F, 129, 0
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/coverage
new file mode 100644
index 0000000000..e24077dd8a
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/coverage
@@ -0,0 +1 @@
+7 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/dnp3.log
new file mode 100644
index 0000000000..77e49815ad
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/dnp3.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-51
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1324501739.752598	UWkUyAuUGXf	130.126.142.250	49404	130.126.140.229	20000	SELECT	RESPONSE	0
+1324501743.758738	UWkUyAuUGXf	130.126.142.250	49404	130.126.140.229	20000	OPERATE	RESPONSE	0
+#close	2013-08-02-00-08-51
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/output
new file mode 100644
index 0000000000..88cb8ee667
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/output
@@ -0,0 +1,22 @@
+dnp3_header_block, T, 25605, 26, 196, 2, 3
+dnp3_application_request_header, T, 3
+dnp3_object_header, T, 3073, 40, 1, 256, 0
+dnp3_object_prefix, T, 1
+dnp3_crob, T, 3, 1, 100, 100, 0
+dnp3_header_block, F, 25605, 28, 68, 3, 2
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 3073, 40, 1, 256, 0
+dnp3_object_prefix, F, 1
+dnp3_crob, F, 3, 1, 100, 100, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 26, 196, 2, 3
+dnp3_application_request_header, T, 4
+dnp3_object_header, T, 3073, 40, 1, 256, 0
+dnp3_object_prefix, T, 1
+dnp3_crob, T, 3, 1, 100, 100, 0
+dnp3_header_block, F, 25605, 28, 68, 3, 2
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 3073, 40, 1, 256, 0
+dnp3_object_prefix, F, 1
+dnp3_crob, F, 3, 1, 100, 100, 0
+dnp3_response_data_object, F, 255
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/coverage
new file mode 100644
index 0000000000..ee3b8320b4
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/coverage
@@ -0,0 +1 @@
+5 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/dnp3.log
new file mode 100644
index 0000000000..c2f1e56158
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/dnp3.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-02-00-08-51
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1324502912.898449	UWkUyAuUGXf	130.126.142.250	49411	130.126.140.229	20000	WRITE	RESPONSE	0
+#close	2013-08-02-00-08-51
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/output
new file mode 100644
index 0000000000..1e0b2e5245
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/output
@@ -0,0 +1,6 @@
+dnp3_header_block, T, 25605, 18, 196, 2, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 12801, 7, 1, 1, 0
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 2
+dnp3_application_response_header, F, 129, 0
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.events/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.events/coverage
new file mode 100644
index 0000000000..c71c9033a1
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.events/coverage
@@ -0,0 +1 @@
+9 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.events/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.events/output
new file mode 100644
index 0000000000..5ed62b79ac
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.events/output
@@ -0,0 +1,574 @@
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 130, 4096
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, T, 25605, 18, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 12801, 7, 1, 1, 0
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 21
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 130, 4096
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, T, 25605, 18, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 12801, 7, 1, 1, 0
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 20
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, F, 25605, 76, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 5, 1280, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 71, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 4, 1024, 0
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 198
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 76, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 5, 1280, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 198
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 202
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 198
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 71, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 4, 1024, 0
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 202
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 200
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 76, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 5, 1280, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 50, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 5, 1280, 0
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 76, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 5, 1280, 0
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 198
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 199
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 199
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 66, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 3, 768, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 202
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 200
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 76, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 5, 1280, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, F, 25605, 56, 68, 3, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_object_header, F, 13057, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 515, 40, 1, 256, 0
+dnp3_object_prefix, F, 2
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 8193, 40, 3, 768, 0
+dnp3_object_prefix, F, 0
+dnp3_analog_input_event_32woTime, F, 1, 203
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 1
+dnp3_analog_input_event_32woTime, F, 1, 202
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 2
+dnp3_analog_input_event_32woTime, F, 1, 199
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 13
+dnp3_header_block, F, 25605, 16, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 13314, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 13
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 16, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 13314, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 11, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 512, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 32768
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 32768
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 21
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 32768
+dnp3_header_block, T, 25605, 14, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 20481, 0, 1, 7, 7
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, T, 25605, 20, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_object_header, T, 15361, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 78, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 257, 0, 6, 0, 5
+dnp3_object_header, F, 522, 2, 4294705410, 17104896, 16843009
+dnp3_object_header, F, 276, 5, 0, 0, 21
+dnp3_object_header, F, 2304, 0, 1, 0, 0
+dnp3_object_prefix, F, 0
+dnp3_debug_byte, F, \0\0\0\x1e^C\0\0^F\xc5\0\0\0\xc7\0\0\0\xc8\0\0\0^A\0\0\0%\x1c\0\0^N\x1c\0\0^P\x1c\0\0
+dnp3_response_data_object, F, 255
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 20
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 20
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, F, 25605, 10, 68, 6, 4
+dnp3_application_response_header, F, 130, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 130, 36864
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 0
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 21
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 36864
+dnp3_header_block, T, 25605, 18, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 12801, 7, 1, 1, 0
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 32768
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 21
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 32768
+dnp3_header_block, T, 25605, 18, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 12801, 7, 1, 1, 0
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 32768
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 21
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 32768
+dnp3_header_block, T, 25605, 14, 196, 4, 3
+dnp3_application_request_header, T, 2
+dnp3_object_header, T, 20481, 0, 1, 7, 7
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, T, 25605, 20, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_object_header, T, 15361, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 78, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 257, 0, 6, 0, 5
+dnp3_object_header, F, 6410, 2, 2155643138, 2164588544, 25264385
+dnp3_object_prefix, F, 0
+dnp3_debug_byte, F, ^A^T^E\0\0\0 \0\0\0^U^I\0\0\0\0\0\0\0\x1e^C\0\0^F\xca\0\0\0\xcb\0\0\0\xc9\0\0\0\xff\xff\xff\xfff!\0\0Y!\0\0K!\0\0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 14
+dnp3_header_block, F, 25605, 16, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 13314, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 8, 196, 4, 3
+dnp3_application_request_header, T, 14
+dnp3_header_block, F, 25605, 16, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_object_header, F, 13314, 7, 1, 1, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 130, 256
+dnp3_header_block, T, 25605, 17, 196, 65535, 3
+dnp3_application_request_header, T, 21
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 237, 0, 0, 0
+dnp3_header_block, T, 25605, 17, 196, 65535, 3
+dnp3_application_request_header, T, 21
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 237, 0, 0, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 130, 4096
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 18
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 263, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 237, 0, 0, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 4097
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 18
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 263, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 237, 0, 0, 0
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 4097
+dnp3_header_block, F, 25605, 10, 68, 3, 6
+dnp3_application_response_header, F, 130, 38145
+dnp3_header_block, T, 25605, 17, 196, 65535, 3
+dnp3_application_request_header, T, 18
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 263, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 237, 0, 0, 0
+dnp3_header_block, T, 25605, 17, 196, 65535, 3
+dnp3_application_request_header, T, 18
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 263, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 237, 0, 0, 0
+dnp3_header_block, T, 25605, 17, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 0
+dnp3_header_block, T, 25605, 26, 196, 4, 3
+dnp3_application_request_header, T, 3
+dnp3_object_header, T, 3073, 40, 1, 256, 0
+dnp3_object_prefix, T, 34463
+dnp3_crob, T, 3, 1, 100, 100, 0
+dnp3_header_block, F, 25605, 28, 68, 3, 4
+dnp3_application_response_header, F, 129, 4
+dnp3_object_header, F, 3073, 40, 1, 256, 0
+dnp3_object_prefix, F, 34463
+dnp3_crob, F, 3, 1, 100, 100, 4
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 26, 196, 4, 3
+dnp3_application_request_header, T, 3
+dnp3_object_header, T, 3073, 40, 1, 256, 0
+dnp3_object_prefix, T, 34463
+dnp3_crob, T, 3, 1, 100, 100, 0
+dnp3_header_block, F, 25605, 28, 68, 3, 4
+dnp3_application_response_header, F, 129, 4
+dnp3_object_header, F, 3073, 40, 1, 256, 0
+dnp3_object_prefix, F, 34463
+dnp3_crob, F, 3, 1, 100, 100, 4
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 26, 196, 4, 3
+dnp3_application_request_header, T, 3
+dnp3_object_header, T, 3073, 40, 1, 256, 0
+dnp3_object_prefix, T, 34463
+dnp3_crob, T, 3, 1, 100, 100, 0
+dnp3_header_block, F, 25605, 28, 68, 3, 4
+dnp3_application_response_header, F, 129, 4
+dnp3_object_header, F, 3073, 40, 1, 256, 0
+dnp3_object_prefix, F, 34463
+dnp3_crob, F, 3, 1, 100, 100, 4
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 26, 196, 4, 3
+dnp3_application_request_header, T, 3
+dnp3_object_header, T, 3073, 40, 1, 256, 0
+dnp3_object_prefix, T, 34463
+dnp3_crob, T, 3, 1, 100, 100, 0
+dnp3_header_block, F, 25605, 28, 68, 3, 4
+dnp3_application_response_header, F, 129, 4
+dnp3_object_header, F, 3073, 40, 1, 256, 0
+dnp3_object_prefix, F, 34463
+dnp3_crob, F, 3, 1, 100, 100, 4
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 26, 196, 4, 3
+dnp3_application_request_header, T, 3
+dnp3_object_header, T, 3073, 40, 1, 256, 0
+dnp3_object_prefix, T, 34463
+dnp3_crob, T, 3, 1, 100, 100, 0
+dnp3_header_block, F, 25605, 28, 68, 3, 4
+dnp3_application_response_header, F, 129, 4
+dnp3_object_header, F, 3073, 40, 1, 256, 0
+dnp3_object_prefix, F, 34463
+dnp3_crob, F, 3, 1, 100, 100, 4
+dnp3_response_data_object, F, 255
+dnp3_header_block, T, 25605, 11, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 65280, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 6
+dnp3_header_block, T, 25605, 11, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 65280, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 6
+dnp3_header_block, T, 25605, 11, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 65280, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 6
+dnp3_header_block, T, 25605, 11, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 65280, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 6
+dnp3_header_block, T, 25605, 11, 196, 4, 3
+dnp3_application_request_header, T, 1
+dnp3_object_header, T, 65280, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 3, 4
+dnp3_application_response_header, F, 129, 6
diff --git a/testing/btest/Traces/dnp3/dnp3.trace b/testing/btest/Traces/dnp3/dnp3.trace
new file mode 100644
index 0000000000000000000000000000000000000000..8ee8d3ec6129aa7730a0e967d955d347f0722c10
GIT binary patch
literal 18790
zcmaKz34Baf`^V2sCNtT^KK9VJ{*h4OrIu2{OQK|iqLQGmqKGXT6j7DXpr|FaZxw5m
zpoH2=){(@n)`&gm+fbxhTXO%;^UU1LnKR?uPj5sT-}`%h=Q-y*=bSsgW&XUuh3S}f
zsVZX%{N>sFn2`V5X<#41_jogxy{BV)u?Ssq>~MG1g|Xlsksa9#{i>m!jJd<@>RDv+
z?_0a(dHm&A7ggO-AO4ZfZJ(m(T#)vJrxC}(w9uA(hO|D>L;|A8-?ON9PU~-gcp<iu
zs@BZ5r)8uXSUY$U-VWLVdPI@7QG&J$Kun78Q`OM9_|Nb{W#0P?EEK-S+Y%wCtj&@k
zq^y^qED4oG7*%yaI%94_J^$m%bZlDc{eKeuSkI$~eMj|>NsK0mF-{~d2Z@hu5}yO>
zRDZGwjdu*URgVG0igL;_s*fK-3%U(;&(bkhw(pnYm)X?Q2z?ms&Uyk5ZwC)UdJH6J
zPXT%dJX{WOKfc%lp_K?)cUpS7OLN7b{BbX8w#ot&#P=ECZi`=R@PH*l5#ML9VC!<Q
z^)<wQIdn3r!V6jN?Q)kj(J*46R9BR1O&$x&s9uhRAKIGeL3#pX9~2<gbA^{pqL|?U
zJqD2j!x2enONPG&2eyI4!qCAMfsBn=5EEiN=fh0!1H2vF?ARlbSV2x%MzzpTf)Xo|
zo2EZAGOD(7(YJHex6|qO6eGRxe?Bq;hLZu|q|#=<w!XD%Rfe`YR#=HQ;9&+BP=Cx=
zz@A=X=|XSmMl(rtCwtMgDuV$B!GM#Y-7r?X)-Q|+Ir6h*sBk`9gjYq@%5CMW5|jVu
zMPoehU*mAmsWP}`9WIa-vzMcZ*%Q3vAO)=B0xlWwYJVsYJ#n~r@3=kf{e7}H!>f_D
zU4k}GAcjGlYV<5ri5DtsbI>wWyk)pJgshKW3ChAy84efhYrZM|_cD>O)lrD8H`!H^
zi{aHtVyY8~ks$H0P2z4~by=d9<YKsySWBI<pl9n)qMIcbyQXAhR4LEJ3r&%JB0$=)
z4<o&gr(i%N7|;NeK8TL9Sjku#u>LsgDpOj6lzuNLZ2%1uiDQs%_}i5tJ?W_4=Bb!O
z0ZWdOQcK^q^cqYeRN5Alp0O$Y1z4?~%VwPLnxyn6L1|l3S`pgkV=ZcAo#R=Kx_%{H
z1}6@FK)Sx*S$}@wDU0zKvGh(^6(Pp)JS!-YV>yh6;k78n?Lv$nK#Wn8gS|D@=SyQk
zTpqYest3~t$Xb!8vAn!Z{tMj-b|3+VgP-2Fbzr3Z$kRl}f|Gwn+Q(kDD80Pn41E>>
zaVHK3cNf^xCOwq(HB&p%HdoNL6Nrl;PSwvY&dHBlB_nh4UQ(tA$`+$C91a@w<%fgZ
zXHY$SYruey)#Xyxp(#x5N#YzQ5>v1#Y!Zh9Yf>dWRSwRp2h)edn(UMXovb+&OI-DE
zo|W}R=(MVON%dgrK+rJ)^ayyEf<5<eTZ9VL!;iP)p?Y}d0pc$M9%m(*nZyPUNZv=b
zRupVa0b4IZ{FnVgv{Xda<Mw)46Qv=mx9XGy)x$r9d=uqi_0X&hVvC#03OrLsa^M@m
zfs5e4UXWPm7pO@*1gza29+Gj;w47MgoU)*L*bT)JUp??6Hq!4l@st^Go(#An7_b-2
zd<1QEtln(ifPAbTCix+@!Uk_!8#(6a3K9*Ewv<oSF8&A%$N~dS`c={l$OKl!^$J@I
zKfv3e2%njJfg~;$BxY$6qw1r?9#n*18FjJ*X4QW~IeMq_SCCLHFEU*N+yJZKf1uul
zMb3pk7)vN|RhUxZ>aPTR(ACxQ8~8i$i;O)y=wkV%{bwlfX1t566Ro6R>o^A6w;p&n
zKJ^p|)JpKo3vBWQgl1jS*&KAt^4}=xr}k0ztp`!R0S9+i$U>cXWdW;jlRKLa-{bAz
z;Pm8+#9HN)WmI<;+(Ch%<Y1rAPW@$d@M0)A*lmDofDU{kW0dOPTEo8+s=K-{_yXp+
z;{W=$E(f1%{T=+{MIK|SirR)}%hoTZRb*am!MrzdhQ1TQyjmln@oeU0{l=OZ5!$Gf
zo2?wpyF>y1DFi%mq1$yYFmFSJv7{EhWCJU8o{ud3E)y%+Da)vCm;$4eE&WbEx0?5t
ziOd@_$dZ1La+F#w>}h?Ak?CM$LOMD)Z!e`EItaf5zOg30;3@vyXBrADI^ZKqzt!Ym
zEqe#Adx3*zBaCIoFAm}z%)ZFX+j9UK*pDlV9UZ(vQ9lx*J_`=k1P7N?fRf#EnSnK+
zwudbJt`cjRQ<hO(k_XkaE&a~?ZFMlMH#yjOt|k4zLFlxbz%|!5$|guZ_@bp>?E@Aq
zWFB~Ug4JD$>4(}XPw<eLw}#BCDVSF?&d{$Rm=|M$ddrr6IhWX`V1!op<ra^Q=3S$J
z|F93ZUqdjj5tujA_oziKV<&*M4Au*h(XW753!Soz>dY3O@#%N=AFFvaqsY8<>}{jp
zP8|JqqJ#HiC8Hk-Y%s@L=HOa#u!i7ZBXBSQ9IWsf7IQWS&6ip4M1=lT-&Z#JU8ksj
z7otu82U~-K6MP|R%asSLuuBGpD+|0GM!#Xng~Y=0+`2=61!6x7%cxF>>x=@M)982i
z=(!hG2h9V?!B(r#LC7{_E56{``~4GqarE;A+Y%H*mz5}C{0iwHw~jnA3Ldov8NWst
zOV2Of!h3Y$3hVg?LQmC|X4wsj>wys0ui#NAcr?uSU6hPhKCqTP)5)^zCb8x@Wf|3B
zhsh&tjy;bnSDa%{3?+{ywLp)o;~N<@w@eAb@hu3A3c@VQuSi*D9pucQD!m9?#czs!
zMS+WFN(<HX<Y0Bd!O%FvCpEyqFB>%B9n8JT4n`uhX*Jn$HTf1rU1T5iCpEyqe&Ap~
zpFDIAuam&4QrDAx1K;EAkY!&c-zF9=thp?+vW#lKXd2`?QI-|1y70>CVA?2h@XrWW
zm`EX?%BP8QTfs<ee8VTQT2C#L1C4Kt^)EwF;VGW7zWD>WCe)7C`+;jCz_oz=uX)$<
zuCZ&G2yMBCtL+>|w>uQ+T_MsD;My>7Ez~ET<ieLzz#2cnOO|){h?V4&WmH3r&rqP2
zcfY;1x;AJmxt8Jfw$aT8M>ikLyP?l0?@$sYs9kM`0uQEp$sF834ps$$v{zs$WUmhc
z2Qwp#Z%(<d;vLK{V2#Hk^!N7C(XEK0z9mGR2@XyG2V492qg=es11r9|H$zLwR<Sk4
zB;O~NP}_ZCVHwrd#?dISHRatL<>DKwgQLcigRlC!1}K)%jdG2#6<3seco=w<2Y+A>
z9X0~KQB{=k__%Z?NFlGP2wqKyGxT={ujc$3!FzS`IvaKfp&n6EuO3i*H|)LY?+#wg
z1g{!-7l1mtZUXDlSZSrSkpxy21kTh1-uL4Lp33yuH4CApvpy^w9)Y(*$M2B*kOby9
z5x4{j*qXa`BGiu>;8M(`Oz7e*Tnx&b%5kr60enbT#WoK*uA?@Q;`)N(C7`%ogx{O-
z6~<8L@MZMsn2@xZ+`g&E3RXTwR?$dcd7xNbYm<MC7-MZD;I_*jEo~bmNE=*>qltMJ
zoc#i6{#n+rJxu<(*2_ju`5TCJaNFftx;-r#p3@GVgtx;Md4SS~wBcqwudNOc|AAIk
z4N3UV@Hzm>n!_@u3w)2a1FMzNk652NWx=*f$Sb~;kEi>bZ-UUxT@=YWIr}Ardq@cP
z9|*TGwDOZ51|!t-KYFHP$9A8?GVD+r#2yNjVqX#Vpgne~yM~Rd!eh^4ZSwqU#4ZSv
zrH%3lS%5n*yq%4gjh<Qq>?|~ViO%7Lth?P5Nq%R)CW$`_5^HD@8@J%|`vPu}Sn_-F
zG=vXYC);jQ`jgPnPJ{-7&>Wl4YruM#>(0VJG~N#F-c}h)tp7M=8P%LK%TcHo9kbjE
zO3zSSn11pW<gS11A#3_lGGM=8Krk5aAvFCB2LHo$!t`54!VI>k4r1q(O0i{xO%t#o
z8aAmZ-}Dz>CeC2~JrO&pOt$r;j3XEN3NCyIP2U?F-DDVs=HZ2`6M<fmttTaxSnZs$
zjOwN~4^d+I!BwX1;Htwbq;LJ!OXjOe2J90I=nV$+17C9zU3gz%;GDrGtVC?HtKO_T
z1c0|g8njo&ljsix(fz=HA%IPeJ%m_aN`o;MGP7JF6lO56K^+kNMRVCvTMi?|dj-Wq
zK=CL*@7YL0y>=XYISaZ%t1l6IE6JDj0<m~IDDJF$L5f=mibsLs34l!;eHRs1A;sqE
zS=mbYnM^xHzi}`=VEX@jSu(Kkc9^2R$x%r6=YsADpgRd3ux#4D@Bt>8qQ-?^$p+nu
z0zY!`#3tBLQK74f8^YnLYVx6@JNULP6j%Ce#-6AQEBO;}!#`y2)@CDiFkcw*{ooFa
zD*%Zf43UmlapVD>wDTiY5_oV9()L|L9l+A{JFtpjUjpiBx*fu8ljB0+?h(R0r-l1b
zJq%YHtFK}yUT-#HUp)4a%~2CbVuTZkcR*qlo5UBun%~%4Cef87?iM88(IoD&>-^WS
z?k)94Y`svfSQ4lB0A(Uc#KUmW#S)O{YLjSK11C|1(qykk67l>E7c|xherky(@#P%e
z#R4oW7hiM-tnQw4rk_L-O^y=dbrF7L&ukK#0xO|ZD)C*C_?^APc%3Hk%o<+e^-_>H
zsw^0=Qy_WTLH^+F&>sVoFG*s!6Nyzp;%%G6{=nM)lk7-1CyXSH5+qjDBtFmOB^H)}
z#KxBq+Xr@_B@!o-#2!v0HUx=hZ4zeyYjqvjF;z}?k~l(;*ie%gU5%G`Lj{SaV-edj
z$W1133Q6qlL}DwDc+4ho8?e&Sbh7T!izI#~NNlA^jOxovy!iwqE{H|!-)m$Cx5`wK
z_>mKdaQ0u8YLj>tST8(fCrLTINuu^ni?zGNhiMYMZ}JjvJq3wRk05sHY;KFfu}8;~
z#BNR`!r6b>TARc|VEL?)ov16*h!yOVWh`5p-vlLU(|LA|?IdZ(NTiSa*-h3)RKojX
z+0Bg?@sVJ_I+$dphi$bOV0l;Sb`DH3UCfA$+9$>KC0_>#*cc6a=?U-aooC?dktc|4
zn<mZ9ugHr~!HadvM#sm4uki+LvSasv)ufB3tW26ttoNL<jAijUsJ3ms=9q21eqliR
zAy`#NW;0sO_zx5ehzA4qgRh_G1@OM!HG{7kIwQ9866tLAHHn76?52wSV8DDZAV&WP
z$40!0f%WbgY3|c<!+(GvalR(;R5!kj?%@et#}|mb6C^EVXOKj(pht;oL1Ls$V(!M6
zkah7sl6MXiT1Xd_?^5eNH2Hfssg#ES;^MdT7)%7#SCEj_Xc|XzSp1q7qOy9};?~VR
z-G}=>4SNQ}d|dpN4X~#@1e#<p-%N4(1C92WtlIK{h_kjDR3BC1g~~z`WK*Jf5h?qZ
zpsWOyLAI!Siur6g{v>e`>ztAY*jlHgQ{onqSkF;nH<-26$2N&4fi<wyAX}erB~}He
zEO<TOllCZ4J1#wbmeuNp&?(Ga)(5u{)J=e1+y5yD1ZdzLglc13db(|?61NNK*MVN%
zLSlOdm=}|)Er8CocQ+ll`V7Lq5(FDZmJ3;FNwRgHc?q!^IAs~tD@j-Q7D`V~Si~lt
zLhOI%ai;-}6UC2YK>0bUHHn^q0Z_E4g@Lf^VUy@%_L987p=>9Xi(saO1+N^8fMtg5
z1&)jidi}F$oqcfLo>?8GMjw_Hzvg6e05`RGH>-L#sq6)9b?j10-hm8UP*?j3u~m=C
zUb9qwa;Cbn7dQY%dFsh57-MZIkjbr9uT(?&k0X2~!?5{#5{;dd7u^s<zXSBGX(7Dm
zOkAzLSaS-n6=32o&n(Ag+d-m*ajEh<AR4M9^>856hn5RjF_jfrv+YFIJ$#vk8%L}x
zqk6b1tf6epmX$@#7F`#c?b>j}S6S#Hb6_bsfMWpfKr3*d9XRmaPP+*{D+?T$u@SL7
z8%V2?RHv%jfdgTH-QIo`-)!00ww^m+G14bBlU0u9Wh5GoZtO&df#^O!pX9TRZ?^1g
z5IwdNVvWP}vQ36vh%LfbyLhYnfM|R<apkxsh}AY3a&oMj3@rvDdfex-ch1erNin`n
z!rL4Pibn!^aE+<F;vB4_Jl{v`OIY$r5^XmrE<ebyj1QGZg5nrRv^jw@`9w3ocAsR!
zVh^(Jy%eIiu#D=QjzdwRwqap5+ih5kN=31Of!>l03-bzmK;5%~2QlEmEbyRfRC9cQ
zwqaq$nuj(lYS4y7W@v(vkf12EVc`#9Rec)oVU3P9Eb<sLPG|Y>BkWx&T%Xrxmr7V9
zOtjtMzSRpQ{<vPc)c%?LEI&)I`Z){yG=rZ(fg`L>WUqkbv(;BNBkm)XFy2<Su#9Su
z*H;*>HY1)m;Tt&pH9%)hvYbhT<CDZWtAlwJLhDr#JT!xc$>3qDE;|saolBfJ0UqMM
z?ODUBH3)wcC*8MABgK9~1|&oDHz4{dfstDDew$z)u!$mzem}8r8<p=%7M4-1a`+G*
zeQvJr^^*u)1p7%C`CFo2P0?fX@V)2;M33(v1}y)Dk3KiIJo-u95MJ?5Y4it3v9F*w
z1)_frg=uNvM_Tmn?2ZYk6Qf89Q#TTN8_NMp^s`O=E4G+FMgkV5N8)UyB+?G^G_lcx
zb629WI(+#zyJ${}OF-;{g=q@x*J))g(&mhkZOXaP%Q3eb3EKJq@iMfsdfLp#*(+9d
z(veH)Sf?hiv<5+Cmr)rsh`Ra(Hi))&dZ{!~VgK!l5<5-gUXyc}Ki$@1z_$aONPGwq
zAKN501lFgUWHXW5I%3%hQ%h4|xDP?%<1sW>RLoLUS9bO+S3^GPdkN{o_!XzvGy%EP
z&~*X@10I3_qe1C|)B80un*wX^R5wYr>$aYh+7i&Bbac7WMQEmTrAYT4$8C!^Dy3$x
zgU!x26)K$tO3&Doc1Vi}xt}b1*IQ4u-YtyUlHNa<{C!f-W@zc%9ySZLghblR?>U;N
zEI4mA#$Ee;PT3DHeP*NqF%#1}tAahvv{crO^;FW`Y9?sQ1mb>7?<W_u7C~jzU~dH~
zNV*+H+ctS~NLgb+*?v@p>0Q^GPw#@K@UC~?+lZZ?#J%h6kluQ#xo+W>4R0Sx#98LC
zO=1|Z-h%_Dw|@*tPo>bU@>ghdmZq?<AiZn4S&{}nDQ5aJJ-refGbjf57}BHJLy*4T
zOLm%*H<t_u5)3ed0R>>dgQRM_0oOAV{FD)s5$k=0d)dU%0IG&=;Yyn~pa2ZG0tOU5
zIjpr&cVMM<H^>a2s^XTd1hN=lVZpMd#-q0zfb{V#WgkS#`<4vg`#0w16)>O#3^)@D
z1%YjVE6f4|bPEt0ULe~9(bI^23lobspajsrg8?U>Y}5?6`b$j6s6?G)u2DWhiA7%k
z3u;Ap1E8JBf543$^^kybO=XyAwa$pN<}*2(Lubs7L|UyONJ1jK0nko=VeKX$`eSDt
z*UX;gHcK{;E8R)k6hWIm5I19IT>YGnv-MnA(Vrhh$|412n^75d#uKy|fOCzWtxU`L
zJ8`K};SvTsZj7umDm_RdeprIH4<+Jw@z^G@5Ln-jRwTKogcA#QOC4Fz8AH2Ra#5RW
z_|Ay*SueSfO>CNg{Ae;@q+q~)FaTele6SiuUCVU?SZB=MGNmR`iW{)J($*9;DsA$1
zrAQyWhbyBUl@1`KBb+FW0HtSaN^b)z3Wg}j5~n9AohT@cAf@m*tkqds)W|C3S&q5}
zlCI%SboC-#cX`&9ja(V!$Qnc}{`eI;3bsbC2>2Y<YDh=Rg}Sb8;#dyjp%OtcP7q@3
z1-t{4gP9sjueRxWGMUT4PE|+FewS6t|E_}<y{p>MokpzUmB+Vrst<Pq-9nT9jj<)$
zQo3G!0&nil?nHBzwr6%O!?uj;*cj=$Gu(CoaTz^>=xw^DpwiSiNX93?@URfc@Py+)
zpV;ygKOVloPnPU8Beu#-Zk!NB2e{8eZ1HYE^zoFg*A%F|CwZo52Gj-CzjwQ_NcaKX
z7IB;b-QDLCYra#Kv24<^%_y-Z9lU4UKcDI9t-#xI>yum+Sm3ha5d6wmG(O1dD?N+G
zzu-?qFT%TSBroFZy||`;7k9yn-gWNdgKE<O{LrH>;T<s@_ozp~jNzknlN0e#iBq_(
zN=JVdP)w;pOn1Q_JQ?ie`86uU%O6-RT?{gRz9ZJRPFcpXUcr-je=cO%`_rqt)gOG&
zfYAn-KeRia`i0<6!y9A&(t|%u(|hv%yn+`icz?n+l>38^nhxve@<GDUpM@0D4*Qt?
z(t|(U!Jo#S11#>qr=)?U9@NSFq0RPUOmVIQSy{%i#>G_gX!-M7w!J^!&$0T056V2I
zllilm@@Kr@Pj~RA5%}ZXIE?q_HN3#V`*S_9+#h_@=~8ZzbM$91`LkV!sS)@S3;q~9
z+wlI}+~+Ivhqk(llbo`QWrm(QK7TIe*!vUwrPZGXAlf+5(zo8yzqXJ+v4TIb;7<>D
z&-wQo2Hu}HuxG~m(`aqEKlrHDBe;`yM}KHRQ@l-xsR#J8G{Ud+jwiIa<wDlLkKASc
z&;q1*mQ$9o^iKM0-k(cmdw-6c;r!`5&0Us1Tgjhsf<H^apK;(%PS|nYpHkRQ<NZ1M
ztDQfs;EX}izi7o$yhVs<9Qbnx{5k4TqWKdA{*=u2vAxkJdfnEYRxHKIPFcp%qd`Yd
zw)RHf<r9j^^oG~S?LLp&%NK{^HeI)o9f^V+hrkZ_$V%zH7}y%LmFi`%HKs56CK|9U
z{!f}3v{otJB*;yG(DNbm9Uix}&<6mkSyzKBbXuzvFLuf@mhR|D8LfqWB^N`#y9T+}
zH*vemj-k^rQEGw^dOm~>yMm=D^OE_{RoEBPdksbGqC9SuBDPe3`$`%$QUtll5c+ip
zeYM9KE%brFYTVHB4kwISj<a%GciJf`Ug(r%EM5Ih7rxc6=3(f*J&@aU2KOqCW9Zwd
z)n^EyUx&~)L+Fc6rShR4&x6o!{1>r@>PlOEHHH3zAa^r_{s=<<*5fE2x_1!w3ae;i
zTX))dDPG`|Wi0*nG89R+guj-Lq4$4-8XL{v)~1f3|3smGErk9ELO%eZPv7woA9{K|
zgdUuL*uo3aR;SIk;&p=D0}y%{gg(XNCoS|rz*=QcWC_2HY@FwmWh|YNkjIB!a1uk`
z`2%ui_Tu&(9Yfzip-&e=FN4r?A@tF&jC|-BCn5BR=7`;p&aJS-mI`pE9k}8(g52Dc
Pt_2k!^bsB_wb1_`S(3AP

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_del_measure.pcap b/testing/btest/Traces/dnp3/dnp3_del_measure.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..888dfd33d00d8e2940dcfac1cc18451bc09206e2
GIT binary patch
literal 804
zcmaLVKS%;`6bJD4`<+(@b#VouP}YSFx-^9;1e#?WL~=DoI^C!Q)gVP?E-e-W1<?|<
z<`fS7C-Ii%f&y!bTH4yO!QSs@7M$XP2X}D4&%N)vdnleBQLsU+Dir{NH|_do<Yr8U
z5MHx}o`JUR!L!`LNq9wqFu<^O9)xtu&QK<`UCyMkZv`=;9?#y+vxn1Eg)0Mq+Qd8&
z1WJgFGBFnV7pqp){S}wExXd)BM%04%Zoe*~8clbp;8^?<rJ87r%P@*>WL-C-Tf5+*
z-!fwqRZ~}j9)B-8#)?gMXUHrW?>cKlyX2Oqq2&mA4pacqkW2~!cyq6&eQHidbibc~
z7g5%Ak=@!VN0XMwCPt3y3V|dZ>p<mkO@?U{Sl1~5ZI>%rL&ZVBbI3+hCIq1HHTh(2
z;OC>Qguvzt!-e&xJG|$(YRMhP9hUUYpv(7-Gx1`U6Rjq3_qY|a3|hjt2_Cl(Kw(O@
ksgmbPprO)<OLJD0nXRU|KDZ)TawRa=GyWScU%8g+2SlCeX#fBK

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_en_spon.pcap b/testing/btest/Traces/dnp3/dnp3_en_spon.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..5a0b67ef020a5b0fb8db968239ca975df274ac8d
GIT binary patch
literal 807
zcmaLVKS%;m90%~<y;HGTw2Z_c&Tvp1YKWjRI3fuWE<qYvwIL@LTMEjg#grg$3zCvr
ziUzwu(5Z7N-KwD_T3T8g`r}}~-#d&r#Rorl2X~+M{XXtdE1fbhL3_1Y00KUI7QPh6
zEQ1By)4-^EVAxZ>N?ZoFtPlj4^54mjvRsd)cMgBjJGnP4t4PP%$QiwyViLr?0L)}o
z1yN*zU}7ZR{1bIccXiRdOJaG0G*T5w%TDCaqo@{BgA(Ljf1<T5*5()l@I;!9j9&je
z&*(E`ETS3<+hm_wqt9qjx?F^Tf_s_{OZL~fW$S7=WnW|)z`Sm+F%Y5Ae6KqK%n}eS
z0h492MEXU@4AThHbaeN+_j&h(p?eIwSHd;{KAr%+QCVGPu!I6lhce^NaAmEl;uN4S
zLmB%QMPLv~ztr~t=EsRmhI(G(Gq3J4RIlJQCc}2wqZTj?Uu0#`>QVH7M~oXHCb4Lh
s7u5ios5~e=l_Rc1yDE0Pu3KGctn}>l%6knNdR4L4CjK5C^`zbF7Z+Xm-v9sr

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_file_del.pcap b/testing/btest/Traces/dnp3/dnp3_file_del.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..1703907404df4031b8660c050154c65993aa95e6
GIT binary patch
literal 920
zcmca|c+)~A1{MYw`2U}Qff2}=KIxa=Tq%AACm<Vy8Kf1tMOAjJ$zSbS#lhgpz+j?K
z>%h>!wlk}#uJ2b<UC+}awSEe0^E)nq6gMy_F!X3KFfg&OZee6*W@2PyVFH=>QyO6+
z#4L!p5EJ!(f=pcb4rCh0R6m6ywasTzYJsL+ZV*ynSbP$0A_vUGCo=pDHb5Ie7{iSk
z3Uy#NmZG`wGSJkz009ThBgG(XATR^yIwJuFhE+f|2xFKvN1+~U76VqZBpfuI7BMie
zrX(L>VPIxB{_glmX*cF*#!v<+25XRU^Nxc^WB?3lIR<Ad{gTw&0(}?10GHJC+Oo{#
zROkG>w9NF<qQsKS{K-6d3gtzaB_*kO3MKgpL8-Z>3i&0e3NEQ2m3kGqIY+udE|0Qe
zW-tR94#F7Ws-gc29Iijn!nKZVey4kY03!plCIiDvpea_W{0uQb6F?Zl6hHmnU{fw(
zHARAv;Xg3uSyN<Pm>F0YnmG=fY-C_?V~J+u1sVo2PajOlF))N}1ld)mhBw}(fx|i$
zHLN?`f$_E^K+r+{@FTEkKmugeOrTkKeE$dR?(b;sUIO&J2iW&a3=DICrucC}!VgCn
u{so)z4XY`Fz%T@68jvX_T#&SgBRy^c`^yo{UmiezEd{1W`NI!k{sI8_0u$K)

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_file_read.pcap b/testing/btest/Traces/dnp3/dnp3_file_read.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..450ca880e53ecdc5eb194373248ea25a1ef005ca
GIT binary patch
literal 3489
zcmaJ@drTBZ7@vEfAU^O}6fGmwqQ$%8)oShW(i2eOIA2tyqQ~7Jr*KDi7XcxPZ`-IP
zwQ7nOYZD(y4W?BQrLCgaSf$#k)zp7Xs@2$Nwc02uk$&GShsPe-4YN6BcYgDGd^0;&
z&wRH>OZ3EhwYL+Zfq(w~_=WY21wmvI{KiJYMg|Wa)o{@B&6MSVWC|hi6?w^|sz>g+
z)ho8VSiNG?U(HS{JsNf;7hkT@QnGa-AzFRF5sgl#)oAouM9j*4jVNQuxH4j13L=*7
zLo`IS(q^Ynb8G>iF02|ri7ToTG0=;cv@nR6VMc6z9LH2RILB%Q$Ay5JYYRyp`^oP(
z3@>DN^Q#~t!f$MTSggXyv1WFQ6`DMD*kwWjoUzS%q9e7NpIsc9s>{)gBEv{8ggbl|
z@0}M|oOVaACq|RRM9ElIRQTXCq)>LHH+c`<!schtn7m2cpl=lh<$^)Awh#?D*F?yD
zK&hw<A|C+)Ha`?=-eivQX}2h$8gg_D3K?P15j|NG`1s<g5R$6T(exo@+3^Dsm!H%D
zDo`idl{nY#gF$2t^kDNdEv;e&&Xt?3Fs&8>SZfPS4u7@_=NiIID~@Tsq)83P(FF3D
z0B+j^(%z1fJorh~77G`2NFit~*wV;tsU+kfpo}WelKJ2~Hl;0^jJzp`vP@}<i~_d&
zxfZFmb6e6Ei4V~hAe*W~TgcoJLaH7%o-`*xmUI~t#Cwxm9(O`Sj4?WbGPlFybWI!Y
zUYrn7BIO$<L?k8l>19s3-v)0RM5(-xi3N;FR0=&*Ud$3AB~~Vx%EZD*TF~&e!15C!
zEmm8cg)MVAnC*JL;K_FtvT1gAY;;Vtu}tg{RVYQ$BIb126Cy>2z*s+vJCe`QIWF@q
zv&rKu9!E(Lb4wS_Q<&Z@PAn5$2@wU7RQ#oGqRCWRT52qfGkS!@rr7A5?a?u&xtSTW
z90jb%Zg9Cpwo<aY9W0`AtTQKG9*tui7tra!Qh?g3+{ue#uA(R!g_?!~wveQ28&_j3
z;e}Z9vU{nemc~=t*fslx13Y_3ZA*}EYVp3(K-jCkozfzxh!Sn*?AZ_=k1p02J>D4o
z&v^)t`{Y%5{S5cW=`NOCvRMC1w#At`(vdx$zR}bXPXr`Qsd=O(++grJPt%#*$#O3W
z27~<6DMz9`C-El&?}brL?d6WJto9<7m_jYq+Im|Y1==(fO2BM_k^P!^ocs-(i_)7`
za|fbiVNegQV!BiUO^LG$Tq1=(JGI!8p`z$yPf>9pYZ!!1I~{%0Qrp8*Q|^C|+VK`h
zZS#ixa%O})0;~g3I<?fM^3>LMP3?G#H?^j%zNx({F)Eu&c?F+-vyjnzj{s)aXjX|N
zO5;ATqde+zQ>lQ_*_j`Xd4<x7O584o{K%GEEqEl4!&69S!<I|a?LtkHn~5T~kQ-=W
zu_w4$+$!10U5m^DtU4@+beAZ3gz}&3`0|!3gonFn1bPl(*(H{UE7GuJQB15MItHMz
z3z1%Z!C$eLNCh4tahAlE-QB@xrem_F+-&OTy)aIm6QBfU7a^{=m)?qDPMLOV0uV>q
zbe6?99G$Km-$O06{XDe{|Fw4F5u|2W-{PCvjqqS{1Uj%OcSy1?Z#rU?zSA|e6OX*9
zS%zY2OZg7zwA4d5zN!7t8_Tsr7#He!i(-e5yNl)t<?@2Sy2enZ-+sL!%qHB-!nbr;
zXkgI1p*+6Cla=Vl(`mtYKH<&pgEYS4AopW}zaNcmTWHeg(SM+ZK>k5G((wEeX{klf
zDckz0eU~%2F^YprqZ^Dlj~}4sHS(euvb`_K0&3X&sHIdK;?$xP)XobvGPP^pBeemX
z+MAUxPHAH`JvEopf6R~9j5z%-kW5>uRU>KTB=>erkCVK`NiHGe37{m_1(P)3ht01B
z-p|Y8C|kQlf&EtBiX?mS8mO#$c4`$NDTfhu@7-WE?JZn;UxoHtpnWC8Lc<^VYJb_p
zwZ~6I?RljLpVg)s&<xJ{YX$3-5KtS}o=nJ7K$%ghSJOU|qrhp>_k7wYqk#5%VZPd1
zn?U>HUl7)?Lr>;|o!I<x&#1VAunX=fw6}rwYS2Es?f}Au@!UtxYCApb^=S;?7Erha
z5VF4tXR@E|sa68Bxq#gY0o6ytu2OD8Fd?mgQog>o+WBz~M=9$T1#I}d4*7b|kIzqo
z4L*#Y+yK5EjB&1n4ZT&iuSyN~=5beVu2S%(-qt^9;JV*98r%?T9$=}Qp0hdcT?*dy
zpnfE(KXaRq=YS#(3Q$9t%TacAi_#xZZpkRF!D>gK%AQ=;eTA-(pz9cH%LCW_>ecl>
D<@0Yp

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_file_write.pcap b/testing/btest/Traces/dnp3/dnp3_file_write.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..571720be039d4336752d4821758bb5acd8cc6141
GIT binary patch
literal 2868
zcmaJ@eN0nV6hEa!5kZk@M6vPO%oYA9EugY!izrBlf!YW<BYv!FFZ3ntd#vx3kHrB)
z-5<{AA8y%<Zp-|_O|wl=Kru5$0xnzBsY6Zn?bJWiIi~XiM0W0dEkeus!fnd!J->6#
z?|08R@5<SupT&R<LeJnJfCm3Ly1mc-_E+(+7{9Xxsk6pUdAa?tbZE(2aj*nnj{ZO%
zG>$p7sHuKiUsL_oo1Gi%q&NN8Eq1suhCpB|K#VT-m`1CO(P(rr4DrU-FA!BM6<0+x
z{>u=L{KL=~s-1Lh*nj`RJVd?Sm`nhc4I##b5ZjK#gB3lp6%k{azM02Z92VnkM9py|
z<)xFS%#1xOx^FJU!x#9Stq82$`hyIs<LanbDS7D~p8~|XU7b46Lib;1x~3Is%QY)t
zIxJvtD^B9aAY+z4F#zMY=*B?)e6vD*RptV_qkwMNQ!Th?z9d!%l>xs~5u_anBB}8U
zib6%ANMt$n%_WjTNdaXiGirU_&i7d4=`aE2AuwAJyrvl+ab5?)c+KfeKVI%g(!lyJ
z0a_4cu3Zaj5P_`-6ua>;N9h?AB}D_*e`5LT3$&nvjd25A?*J6)$~B2lyK+u4>@7o3
zz>J}wn)zycqJ`B+2V3D>Yl`)!IoC-exjtTwx~+Aj<juVM2J<z@xz2Gc?v5#pE!Pxk
zxhH_{`Wo+doVG4RdPp_(%YrneL$nz(Gb{!|MVI6j#LCI3HbX$EFuiJ6n41{S&hC2O
zYm${ZFO@x%DnzNPy4ON&MupZY=33cnBpyFC&aSW-QLAiK0Eb_C&`}|H=~AbdWy!Q;
z;5lV#lactSTX5Qpvdd4YXgqs}`xs_-L-9+@u0V1Hd{k6O?c7a1uPD#2l?9u@qbODL
z&2YzDQ&W>slbs>?E6rIJOXdgL&8td^OI;r7bD9KER-7f5MHe*?OqAQYZHAt^sx`B1
zt6)s;P97WWZam?t_J^suwl}@C!I1=m>!^A+eqNOjO|LGl*SL{-wKjzGYV{4*OFKL%
zOlj86U{VGm^W;|E&~w>Pw5$wEPKL!|Sg=FQGQ^I#=2r#Taf?+dKaAWTuA7H+VeFch
z{&7VW#()|VVx46&Wj!3?yofs8)NcaGr2gs-ic$3Y>--nKi&nV*w};DQclv1VBEo$6
z>IrH=3ek<#%q{PHh(huc%onq3o)bhYpm-C6Dn+=wO%ij<Jc3N{&&h!5?b#$>@>O}M
zLeDiHL%kNvR_pkGYWXSGi+5bccCbgHUTu3(ujgyASu>P)IX0SJ-*dgRBlT+A8`7&k
zVYptpV80=F-x;qvza<rtpG8lW1r)r7%Efv?5{ZCK%0o$6$!jEky;bu00;1qzZA@gA
zy?#Y<NnTP$WrY+u{UW_}UY3L8A$5$TkKg4qAxS|F{aMA>>ac>vB0*Lpe;uj*t$pZj
zsIrotG)}iup}DLIO_^CuV6tQ)G}}^<T&qzLXF%~t{@hZ9R#P(bqY_uXRA)5@cN60u
z>zHnM&QF~(#!w)gtW@ihx<g?fyoQ0xGAU)+O=e8@x5h=QuRgBV)5!X2??$}_*34A(
zDr!uGqu2`B3h#%oPk)~4_4!D>+Pgz~&G>}rCGdWDc=_fqy{5HT&B2s{w8AFb7{M!C
zQ;R^o%P2?D&Du~ESlM{OmiNnaHg$rRfR|BrGoH+CfAcu<ux+a*8V~)PhbNIdoXAHW
zo|W$dU?>wOCcrABfUSrbwAA>Fqx?83N(wyNSH*ak#%IvICC|Ir3>s6e8K=%5*HnN;
zxcDdYb7mR#GxWh$1mDH_OPp_<n8V*~PUIus4LE<M1`3&<RL=M8(ynvUhfO+wtX+sX
z7T{`2D|*_K61AQOct(%HGHU2eKT*kfSqH#SDmNxXo6XNT%7sx;ke3PTS-hdyJa}&8
zY`(sTk?<m7-=>6U?^Hd^*C~A%H<ifEe#fM|#2K$}H2h$3Z$_*rZzh90?uTJ<@5k&t
zJo_AgHbk){$3{U(1CH`wRFp}0w=e*PviPOgXn9@Zd8LNs<-xoT;Jaet4D8G5^B<7}
B$dv#9

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_read.pcap b/testing/btest/Traces/dnp3/dnp3_read.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..4834b2a3d921c2bbe4c9afa16ba9f33de3fe0d7d
GIT binary patch
literal 928
zcmca|c+)~A1{MYw`2U}Qff2|FTln6u@fatA6OawU4AP3+qAEMq<ga$E;$U!PU@)mu
zbYN&;i$2y=*Y~TbuIK4-J3obkQ|{}56gMy_FjR;$Ffg&OZee6*W@2PyVFH=Re;i>V
z#4L!p5EG?#fK1%44>Ap8s-MDfyEwkDSAnMLHwY;(sK~%g<bav@8)%{p&_)o(aHB?@
z64;Fw(cGvHH1%45fP<#XF_1P80J(1eZBB+jARB}+%yO<%0h_f2t635bnhzc`FtDbG
z9ARQ$W^iRbeuB}4iOq(Y&4z`|hLO!_4afqKi#!ZwK(j#@!}}Uid%)f|NAvzQp!dB3
z1Q;2buP`t~08QEXhLd40&;$_1FlD{eNsuY~7GpI<f{`KS9LSj^F3b!}3>hI`PBa4J
zn~8yeqmi+Zk&*Fo36S6d^4Wlf0|BF4&Jtj9;A4Ex4CDYY1LIr83J_cS;{X4QZ$YeQ
zdX6W7lsGR?8wfCN<zYG&0A+W<MA;@oMBwEA{~*u2c#AjwtifTv11-$G;`qMB1_(N^
zy8sg+1c1!?3p5K)@SXw(uO@21e2WDJuQxb&eHa*`fTr}n$7{-6uqk3#O%Vh}k~hSZ
c>JNDR6%F>+3^adv1N{{TOqc8~E--%q0Aa2QJ^%m!

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_read_p20001.pcap b/testing/btest/Traces/dnp3/dnp3_read_p20001.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..ab5cf11fa0165c565e90254fd5eba5e77eaac2e3
GIT binary patch
literal 928
zcmca|c+)~A1{MYw`2U}Qff2|FTln6u@fatA6OawU4AP3+qAEMq<ga$E;$U!PU@)mu
zbYN&;i$2y=*Y~TbuIK4-J3qyPQ|{}56gMy_FjR;!Ffg&OZee6*W@2PyVFH=Re;i>V
z#4L!p5EG?#fK1%44>Ap8s-NO<yEwkDSAnMLHwY;(s7S+2<bav@8)%{p&_)o(aHB?@
z64;Fw(cGvHH1%45fP<#XQIIwe0J(1eZBB+jARB}+%yO<%0h_f2t635bnhzc^FtDbG
z9ARQ$W^iRbeuB}4iOq(Y&4z`|hLO!_4afqKi#!ZwK(j#@!}}Uid%)f|NAvzQp!dB3
z1Q;2bFEcPi08QEXhLd40&;$_1FlD{eNsuY~7GpI<f{`KSEXbK9F3b!}3>hI`PBa4J
zn~8yeqmi+Zk&*Fo36S6d^4Wlf0|BF4&Jtj9;A4Ex4CDYY1LIr83J_cS;{X4QZ$YeQ
zdX6W7lsGR?8wfCN<zYG&0A+W<MA;@oMBwEA{~*u2c#AjwtifTv11-$G;`qMB1_(N^
zySTuN1DW*~XcnH}Jp~S4P1Jz-77GksZ*cH>GcZH}P3eD+*Oa?pQ^c^EA_$BmFNi7C
bAMpAs8tktbX#VmB`YR5YF4<k2Vg3RDVnhl)

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_rec_time.pcap b/testing/btest/Traces/dnp3/dnp3_rec_time.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..43774d68e2274c0d94ebe48b7b9b0398ee1e3370
GIT binary patch
literal 798
zcmaLVze@sP7zgm@ex;a4Dh5}PUU9)WR3N4V1&4H01Sa$kG&Bb74RJ|hL_>QtW(H*q
z>XMhz64X+A4M|H-P0?b{^O^;B;sX!d!M&gN`99o3t$4(P2<>V%0XTfQUjEEjeh;Ma
znHq*hdi%9fVdKQy^nwYHFwYFIdJa;#t-bHu*6xcfX4Kk+eoP-*ybAFW053|HoFMQV
zC-NkY$^T-@YPr8+g^A;&k(yC$@wBhuM>TJSR5;xE6TNNm9mN^Ek=iw*Zk{tS?U*r-
zs+<iNvFZdJqoV1QQ4b|!?Xps4ky-JMmSV)-)&Zn7Z=DALl7%N*3GWm7JnMrbqSUU)
zx_QOWgd?(yk;~Zt2h9b5Ix5nD2j)?rb}7^59aF*`6@`Pq5{>4Y6M%=6+@rk>@HI*7
z;$YY9-7;2pBrfCjBH5s!RYN!pE3#J6>Js#xS(;<S2nMaNpm_8KmDk~}N`onKM<s~s
bnrbOhv}>*prtpqj70eaIze1}9+qr%Ksz2#p

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_select_operate.pcap b/testing/btest/Traces/dnp3/dnp3_select_operate.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..fb9052ca2c5af16aa27f853fd7980e501e7d4e4d
GIT binary patch
literal 1120
zcmaKrPe>a<6o-Ga8^yX})Y_1$#ApTMp%6o>JxE<7dQcN`lOTFA_X^(BO6pO>Qj#7D
zQYiHj3~f;lq8`M5Q4v~1gnI8mJhXZ#NLqbwqOxw59hhYXcE9&~-_9IuE__np!0ouY
z0t9VNyD!460~$JL%@fsi+M|Z$^sD*K(IRvL&;0c|;)SX0$%&cE$%*M->)EikYx-d?
zzZ_S**bV}UqhLv>sv?9#Vd75%F~`brb42Gn6ZhMg#?-KPJ^Ss%)lAe-yuyqBb$7&~
zTjIw-4Q*7BXI@61|B1}_!;~>Z)Ig+6Z}J@QXFNDv<A{bRt$F6Ldi)KNm9}KL^`_@v
zfPz@nmI4*}#ZE>o5k5gKRS_fH+Y^2Q{aonJY$;l3!!u8V&-qnq2%0nmNW*ZXOkm&;
zI3vpOn1+5vT2VsIMM<f)q__n-_Bd`$P=$h?ciGGvzz|r>0XKoUR5WdC=BYIE*<@yz
zEcZp+dhO#;qnXUE!%zrFeK!=ES+g~>BztN%_0&gZ64J~R@SEZuCTz{DNJ^z8h0OF;
z8O{9Ly>I64gF7=^>g9Xe^XHdlHce&{WM({4uDd*8`gd|LD@rVzW3eh@zc9rfr{<Hg
vdD3`Jl;RJzlnqH~wxpEP;Tp<OvP7}DSFN(IHB(<n>gzS#E0-s9(-y7)gSSPo

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/dnp3/dnp3_write.pcap b/testing/btest/Traces/dnp3/dnp3_write.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..f1fd3ec764e42d5a35a62f76505d22cee226cec6
GIT binary patch
literal 808
zcmca|c+)~A1{MYw`2U}Qff2~5^Z(@6(8$Z+1Z0CSgR~;IsLGBt`Kw*4I2c?R7))IF
z9T*zerrv0(>-*JI*Yorsv!B8fqpgh~#SKgf46TU_3`{JnTNs&{nHU*am_R1VH6cud
zm<2HxYGNbU#59m;AXEJm4l*z3I;;dVwW&c!fkAOD+(ZtTiC2Io+5l|?VGK8FxCnqv
ze2nJCCZMUx0Rj%1PVOLWAOLcm?hIZAe;^x#G0bvw5d@oc602Df4w{!HGcd5G2pwT!
zU}l(;asL355hFWe^U|0I6UNV%>Vd}Fl`=Az0Zj&B49{!0w1JJ!Mf1Ee(DSnc1Q;0_
z!x<PFfTm2`%F6(9H3(yvV(BsoY)SxDQzRG}zFLDE$>qY#z{C*Tbmagrw#3eXjJ>rD
zZ#ZgzjXjO#_u0U3Gzk!NP;pWOx&{nDW_<*jg~y|l!Dc0(Ine~@(K%p`0uxsg(3E+*
s@S3t1t4ATG2m*u41!Bsc-FW@w3^rv0n!n}%{bdSFA1Y1?P;W5+059+IZU6uP

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro
new file mode 100644
index 0000000000..533bfd8e0b
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro
new file mode 100644
index 0000000000..3e8c4f56d4
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro
new file mode 100644
index 0000000000..e95637b67d
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro
new file mode 100644
index 0000000000..8da9f078a4
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro
new file mode 100644
index 0000000000..60761360ed
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro
new file mode 100644
index 0000000000..ffb0e03653
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro
new file mode 100644
index 0000000000..d97d37d0ce
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro
new file mode 100644
index 0000000000..a8acf4755c
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro
new file mode 100644
index 0000000000..8669d701b2
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro
@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
diff --git a/testing/btest/scripts/base/protocols/dnp3/events.bro b/testing/btest/scripts/base/protocols/dnp3/events.bro
new file mode 100644
index 0000000000..aff5191d7f
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/events.bro
@@ -0,0 +1,266 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3.trace %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#
+event dnp3_application_request_header(c: connection, is_orig: bool, fc: count)
+	{
+	print "dnp3_application_request_header", is_orig, fc;
+	}
+
+event dnp3_application_response_header(c: connection, is_orig: bool, fc: count, iin: count)
+	{
+	print "dnp3_application_response_header", is_orig, fc, iin;
+	}
+
+event dnp3_object_header(c: connection, is_orig: bool, obj_type: count, qua_field: count, number: count, rf_low: count, rf_high: count)
+	{
+	print "dnp3_object_header", is_orig, obj_type, qua_field, number, rf_low, rf_high;
+	}
+
+event dnp3_object_prefix(c: connection, is_orig: bool, prefix_value: count)
+	{
+	print "dnp3_object_prefix", is_orig, prefix_value;
+	}
+
+event dnp3_header_block(c: connection, is_orig: bool, start: count, len: count, ctrl: count, dest_addr: count, src_addr: count)
+	{
+	print "dnp3_header_block", is_orig, start, len, ctrl, dest_addr, src_addr;
+	}
+
+event dnp3_response_data_object(c: connection, is_orig: bool, data_value: count)
+	{
+	print "dnp3_response_data_object", is_orig, data_value;
+	}
+
+event dnp3_attribute_common(c: connection, is_orig: bool, data_type_code: count, leng: count, attribute_obj: string)
+	{
+        print "dnp3_attribute_common", is_orig, data_type_code, leng, attribute_obj;
+	}
+
+event dnp3_crob(c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count)
+	{
+	print "dnp3_crob", is_orig, control_code, count8, on_time, off_time, status_code;
+	}
+
+event dnp3_pcb(c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count)
+	{
+	print "dnp3_pcb", is_orig, control_code, count8, on_time, off_time, status_code;
+	}
+
+event dnp3_counter_32wFlag(c: connection, is_orig: bool, flag: count, count_value: count)
+	{
+	print "dnp3_counter_32wFlag", is_orig, flag, count_value;
+	}
+
+event dnp3_counter_16wFlag(c: connection, is_orig: bool, flag: count, count_value: count)
+	{
+	print "dnp3_counter_16wFlag", is_orig, flag, count_value;
+	}
+
+event dnp3_counter_32woFlag(c: connection, is_orig: bool, count_value: count)
+	{
+	print "dnp3_counter_32woFlag", is_orig, count_value;
+	}
+
+event dnp3_counter_16woFlag(c: connection, is_orig: bool, count_value: count)
+	{
+	print "dnp3_counter_16woFlag", is_orig, count_value;
+	}
+
+event dnp3_frozen_counter_32wFlag(c: connection, is_orig: bool, flag:count, count_value: count)
+	{
+	print "dnp3_frozen_counter_32wFlag", is_orig, flag;
+	}
+
+event dnp3_frozen_counter_16wFlag(c: connection, is_orig: bool, flag:count, count_value: count)
+	{
+	print "dnp3_frozen_counter_16wFlag", is_orig, flag;
+	}
+
+event dnp3_frozen_counter_32wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: string)
+	{
+	print "dnp3_frozen_counter_32wFlagTime", is_orig, flag;
+	}
+
+event dnp3_frozen_counter_16wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: string)
+	{
+	print "dnp3_frozen_counter_16wFlagTime", is_orig, flag;
+	}
+
+event dnp3_frozen_counter_32woFlag(c: connection, is_orig: bool, count_value: count)
+	{
+	print "dnp3_frozen_counter_32woFlag", is_orig, count_value;
+	}	
+
+event dnp3_frozen_counter_16woFlag(c: connection, is_orig: bool, count_value: count)
+	{
+	print "dnp3_frozen_counter_16woFlag", is_orig, count_value;
+	}
+
+event dnp3_analog_input_32wFlag(c: connection, is_orig: bool, flag: count, value: count)
+	{
+	print "dnp3_analog_input_32wFlag", is_orig, flag, value;
+	}
+
+event dnp3_analog_input_16wFlag(c: connection, is_orig: bool, flag: count, value: count)
+	{
+	print "dnp3_analog_input_16wFlag", is_orig, flag, value;
+	}
+
+event dnp3_analog_input_32woFlag(c: connection, is_orig: bool, value: count)
+	{
+	print "dnp3_analog_input_32woFlag", is_orig, value;
+	}
+
+event dnp3_analog_input_16woFlag(c: connection, is_orig: bool, value: count)
+	{
+	print "dnp3_analog_input_16woFlag", is_orig, value;
+	}
+
+event dnp3_analog_input_SPwFlag(c: connection, is_orig: bool, flag: count, value: count)
+	{
+	print "dnp3_analog_input_SPwFlag", is_orig, flag, value;
+	}
+
+event dnp3_analog_input_DPwFlag(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count)
+	{
+	print "dnp3_analog_input_DPwFlag", is_orig, flag, value_low, value_high;
+	}
+
+event dnp3_frozen_analog_input_32wFlag(c: connection, is_orig: bool, flag: count, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_32wFlag", is_orig, flag, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_16wFlag(c: connection, is_orig: bool, flag: count, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_16wFlag", is_orig, flag, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+	{
+	print "dnp3_frozen_analog_input_32wTime", is_orig, flag, frozen_value, time48;
+	}
+
+event dnp3_frozen_analog_input_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+	{
+	print "dnp3_frozen_analog_input_16wTime", is_orig, flag, frozen_value, time48;
+	}
+
+event dnp3_frozen_analog_input_32woFlag(c: connection, is_orig: bool, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_32woFlag", is_orig, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_16woFlag(c: connection, is_orig: bool, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_16woFlag", is_orig, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_SPwFlag(c: connection, is_orig: bool, flag: count, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_SPwFlag", is_orig, flag, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_DPwFlag(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count)
+	{
+	print "dnp3_frozen_analog_input_DPwFlag", is_orig, flag, frozen_value_low, frozen_value_high;
+	}
+
+event dnp3_analog_input_event_32woTime(c: connection, is_orig: bool, flag: count, value: count)
+	{
+	print "dnp3_analog_input_event_32woTime", is_orig, flag, value;
+	}
+
+event dnp3_analog_input_event_16woTime(c: connection, is_orig: bool, flag: count, value: count)
+	{
+	print "dnp3_analog_input_event_16woTime", is_orig, flag, value;
+	}
+
+event dnp3_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
+	{
+	print "dnp3_analog_input_event_32wTime", is_orig, flag, value, time48;
+	}
+
+event dnp3_analog_input_16wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
+	{
+	print "dnp3_analog_input_event_16wTime", is_orig, flag, value, time48;
+	}
+
+event dnp3_analog_inputSP_woTime(c: connection, is_orig: bool, flag: count, value: count)
+	{
+	print "dnp3_analog_input_event_SPwoTime", is_orig, flag, value;
+	}
+
+event dnp3_analog_inputDP_woTime(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count)
+	{
+	print "dnp3_analog_input_event_DPwoTime", is_orig, flag, value_low, value_high;
+	}
+
+event dnp3_analog_inputSP_wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
+	{
+	print "dnp3_analog_input_event_SPwTime", is_orig, flag, value, time48;
+	}
+
+event dnp3_analog_inputDP_wTime(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: string)
+	{
+	print "dnp3_analog_input_event_DPwTime", is_orig, flag, value_low, value_high, time48;
+	}
+
+event dnp3_frozen_analog_input_event_32woTime(c: connection, is_orig: bool, flag: count, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_event_32woTime", is_orig, flag, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_event_16woTime(c: connection, is_orig: bool, flag: count, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_event_16woTime", is_orig, flag, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+	{
+	print "dnp3_frozen_analog_input_event_32wTime", is_orig, flag, frozen_value, time48;
+	}
+
+event dnp3_frozen_analog_input_event_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+	{
+	print "dnp3_frozen_analog_input_event_16wTime", is_orig, flag, frozen_value, time48;
+	}
+
+event dnp3_frozen_analog_input_event_SPwoTime(c: connection, is_orig: bool, flag: count, frozen_value: count)
+	{
+	print "dnp3_frozen_analog_input_event_SPwoTime", is_orig, flag, frozen_value;
+	}
+
+event dnp3_frozen_analog_input_event_DPwoTime(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count)
+	{
+	print "dnp3_frozen_analog_input_event_DPwoTime", is_orig, flag, frozen_value_low, frozen_value_high;
+	}
+
+event dnp3_frozen_analog_input_event_SPwTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+	{
+	print "dnp3_frozen_analog_inputeventSP_wTime", is_orig, flag, frozen_value, time48;
+	}
+
+event dnp3_frozen_analog_input_event_DPwTime(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count, time48: string)
+	{
+	print "dnp3_frozen_analog_inputeventDP_wTime", is_orig, flag, frozen_value_low, frozen_value_high, time48;
+	}
+
+event dnp3_file_transport(c: connection, is_orig: bool, file_handle: count, block_num: count, file_data: string)
+	{
+        print "dnp3_file_transport", is_orig, file_handle, block_num;
+        print hexdump(file_data);
+	}
+
+event dnp3_debug_byte(c: connection, is_orig: bool, debug: string)
+{
+	print "dnp3_debug_byte", is_orig, debug;
+}
+
+

From 36c24330753673ac9efedbbe4e5e6839fb488b33 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Sun, 11 Aug 2013 15:59:32 -0700
Subject: [PATCH 02/13] Fixing well-known port.

This fixes the remaining test.
---
 scripts/base/protocols/dnp3/dpd.sig           |  8 +-
 scripts/base/protocols/dnp3/main.bro          |  2 +-
 .../dnp3.log                                  | 75 +++++++++++++++++++
 3 files changed, 77 insertions(+), 8 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.events/dnp3.log

diff --git a/scripts/base/protocols/dnp3/dpd.sig b/scripts/base/protocols/dnp3/dpd.sig
index 691c47d0a9..c482661a43 100644
--- a/scripts/base/protocols/dnp3/dpd.sig
+++ b/scripts/base/protocols/dnp3/dpd.sig
@@ -1,14 +1,8 @@
 
-signature dpd_dnp3_client {
-	ip-proto == tcp
-	# dnp3 packets always starts with 0x05 0x64 .
-	payload /\x05\0x64/
-	tcp-state originator
-}
+# DNP3 packets always starts with 0x05 0x64 .
 
 signature dpd_dnp3_server {
 	ip-proto == tcp
-	# dnp3 packets always starts with 0x05 0x64 .
 	payload /\x05\x64/
 	tcp-state responder
  	enable "dnp3"
diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.bro
index 2b014bcc67..9779c8dfbd 100644
--- a/scripts/base/protocols/dnp3/main.bro
+++ b/scripts/base/protocols/dnp3/main.bro
@@ -31,7 +31,7 @@ redef record connection += {
 	dnp3: Info &optional;
 };
 
-const ports = { 502/tcp };
+const ports = { 20000/tcp };
 redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.events/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.events/dnp3.log
new file mode 100644
index 0000000000..00d62bcbe8
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.events/dnp3.log
@@ -0,0 +1,75 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2013-08-11-22-53-35
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1097501938.504844	UWkUyAuUGXf	10.0.0.8	2789	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	4096
+1097501941.569134	UWkUyAuUGXf	10.0.0.8	2789	10.0.0.3	20000	WRITE	RESPONSE	0
+1097502061.912093	UWkUyAuUGXf	10.0.0.8	2789	10.0.0.3	20000	DISABLE_UNSOLICITED	RESPONSE	0
+1097502623.047417	arKYeMETxOg	10.0.0.8	2803	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097504102.257400	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	4096
+1097504103.409070	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	WRITE	RESPONSE	0
+1097504186.667107	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	ENABLE_UNSOLICITED	RESPONSE	0
+1097504195.106257	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097504196.566493	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504197.887726	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504199.597084	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504200.719510	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504202.513608	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504203.324245	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504204.663060	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504205.750705	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504210.792443	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	CONFIRM	UNSOLICITED_RESPONSE	0
+1097504223.905294	k6kgXLOoSKl	10.0.0.8	2828	10.0.0.3	20000	COLD_RESTART	RESPONSE	0
+1097505719.083365	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	COLD_RESTART	UNSOLICITED_RESPONSE	0
+1097505719.083898	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097505719.084451	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	RESPONSE	0
+1097505754.654239	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	READ	RESPONSE	32768
+1097505754.654731	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	32768
+1097505754.756391	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	DISABLE_UNSOLICITED	RESPONSE	32768
+1097505754.864882	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	WRITE	RESPONSE	0
+1097505754.977534	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	READ	RESPONSE	0
+1097505769.716268	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097505784.797836	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097505799.908753	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097505839.916865	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097505880.043946	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097505920.204187	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097505960.308661	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097506000.396024	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097506013.373353	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	ENABLE_UNSOLICITED	RESPONSE	0
+1097506013.373850	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097506020.703162	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	ENABLE_UNSOLICITED	RESPONSE	0
+1097506028.446245	nQcgTWjvg4c	10.0.0.9	1080	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	0
+1097507785.885063	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	36864
+1097507788.624309	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	DISABLE_UNSOLICITED	RESPONSE	36864
+1097507788.834395	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	WRITE	RESPONSE	32768
+1097507788.944297	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	DISABLE_UNSOLICITED	RESPONSE	32768
+1097507789.167700	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	WRITE	RESPONSE	32768
+1097507789.274806	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	DISABLE_UNSOLICITED	RESPONSE	32768
+1097507789.484975	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	WRITE	RESPONSE	0
+1097507789.797226	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	READ	RESPONSE	0
+1097507835.030339	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	WARM_RESTART	RESPONSE	0
+1097507856.091024	j4u32Pc5bif	10.0.0.8	1086	10.0.0.3	20000	WARM_RESTART	RESPONSE	0
+1097510947.094289	TEfuqmmG4bh	10.0.0.8	1159	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	256
+1097510959.359091	TEfuqmmG4bh	10.0.0.8	1159	10.0.0.3	20000	DISABLE_UNSOLICITED	-	-
+1097512255.236054	FrJExwHcSal	10.0.0.8	1184	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	4096
+1097512264.723894	FrJExwHcSal	10.0.0.8	1184	10.0.0.3	20000	STOP_APPL	RESPONSE	4097
+1097512267.537969	FrJExwHcSal	10.0.0.8	1184	10.0.0.3	20000	STOP_APPL	RESPONSE	4097
+1097513177.297272	5OKnoww6xl4	10.0.0.9	1084	10.0.0.3	20000	-	UNSOLICITED_RESPONSE	38145
+1097513182.837583	5OKnoww6xl4	10.0.0.9	1084	10.0.0.3	20000	STOP_APPL	-	-
+1178205958.184068	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	READ	RESPONSE	0
+1178205982.425227	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	SELECT	RESPONSE	4
+1178205984.486492	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	SELECT	RESPONSE	4
+1178205985.311235	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	SELECT	RESPONSE	4
+1178205986.029976	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	SELECT	RESPONSE	4
+1178205986.556099	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	SELECT	RESPONSE	4
+1178206042.953163	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	READ	RESPONSE	6
+1178206044.500956	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	READ	RESPONSE	6
+1178206045.032815	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	READ	RESPONSE	6
+1178206045.557097	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	READ	RESPONSE	6
+1178206046.086403	3PKsZ2Uye21	192.168.66.33	1167	192.168.66.34	20000	READ	RESPONSE	6
+#close	2013-08-11-22-53-36

From 21d45a435c97102a4fcb229851d31f1ecc899066 Mon Sep 17 00:00:00 2001
From: Hui Lin <hlin33@illinois.edu>
Date: Wed, 7 Aug 2013 22:06:34 -0500
Subject: [PATCH 03/13] added condition to check DNP3 packet without app layer
 data

Conflicts:
	src/analyzer/protocol/dnp3/DNP3.cc
---
 src/analyzer/protocol/dnp3/DNP3.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc
index ec0b02ba37..b3c001350c 100644
--- a/src/analyzer/protocol/dnp3/DNP3.cc
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@@ -198,6 +198,13 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 			// If the checksum works out, we're pretty certainly DNP3.
 			ProtocolConfirmation();
 
+			// (Hui Lin) Make sure that the DNP3 packet includes Pseudo Transport and Pseudo Application Layer data
+			if ( ( endp->buffer[PSEUDO_LENGTH_INDEX] + 3 ) == (u_char)PSEUDO_LINK_LAYER_LEN  )
+				{
+				ClearEndpointState(orig);
+				return true;
+				}
+
 			// Double check the direction in case the first
 			// received packet is a response.
 			u_char ctrl = endp->buffer[PSEUDO_CONTROL_FIELD_INDEX];
@@ -215,6 +222,8 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 			if ( ++endp->pkt_cnt == 1 )
 				interp->NewData(orig, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN);
 
+			
+
 			}
 
 		if ( ! endp->in_hdr )

From bced60f7a81dc680661ac16cb5ad40238b550b97 Mon Sep 17 00:00:00 2001
From: Hui Lin <hlin33@illinois.edu>
Date: Fri, 9 Aug 2013 23:43:36 -0500
Subject: [PATCH 04/13] added a test case for dnp3 packets with only link layer

---
 .../coverage                                  |    1 +
 .../output                                    | 2989 +++++++++++++++++
 testing/btest/Traces/dnp3/dnp3_link_only.pcap |  Bin 0 -> 6907 bytes
 .../base/protocols/dnp3/dnp3_link_only.bro    |    8 +
 4 files changed, 2998 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/coverage
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/output
 create mode 100755 testing/btest/Traces/dnp3/dnp3_link_only.pcap
 create mode 100644 testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro

diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/coverage b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/coverage
new file mode 100644
index 0000000000..62a0937c09
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/coverage
@@ -0,0 +1 @@
+6 of 52 events triggered by trace
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/output
new file mode 100644
index 0000000000..1462ae8fed
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/output
@@ -0,0 +1,2989 @@
+dnp3_header_block, F, 25605, 255, 68, 100, 1
+dnp3_application_response_header, F, 129, 5120
+dnp3_object_header, F, 257, 1, 1024, 0, 1023
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 0
+dnp3_object_header, F, 2562, 1, 512, 0, 511
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 1
+dnp3_object_header, F, 7685, 1, 276, 0, 275
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 1013547336
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 3108291338
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 3118098121
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 979783186
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 1013100050
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 976559429
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 1069427906
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 1114636174
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 982332387
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 987182644
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 3121874082
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_header_block, F, 25605, 255, 68, 100, 1
+dnp3_application_response_header, F, 129, 5120
+dnp3_object_header, F, 7685, 1, 224, 276, 499
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_analog_input_SPwFlag, F, 1, 0
+dnp3_response_data_object, F, 255
+dnp3_object_header, F, 10243, 0, 100, 0, 99
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
+dnp3_object_prefix, F, 0
+dnp3_response_data_object, F, 255
diff --git a/testing/btest/Traces/dnp3/dnp3_link_only.pcap b/testing/btest/Traces/dnp3/dnp3_link_only.pcap
new file mode 100755
index 0000000000000000000000000000000000000000..d08bb39ccae28e43a08115bd9bd1ad388d34899b
GIT binary patch
literal 6907
zcmd^EeN2^A7(eF<c!fk}NS8lKg+y==jSp*dH*bZ=-GVNExF-FP8FMHqP<%+}?b@xm
zS)er>Ijw<x$oM0q=!1x8!ZJ&s07?01AeLM6k3OulhS%pgZ>M|CdD&TWk|^(X*n6L`
z-}^kj-}5}@Iqy5r`Ch$+1Q34te1uT=(UhE@lVP1t9B_||M3f!x878h{kJjW_$!bE9
zESnv~5fl;hd4uaVSeLVx1mvgMzmAOV=`C~F93;|CNMK%|GY|0GPaxj7SHNRP2C9L#
zbKF5ZLAlk4g_r^P*-H=$Fr!_z$+4(PhW8RBd8Dou@f?w%1Rlbc$-h`j0rPKx;$Jji
zdR$=+GItFjjqGXxtOs8Zd^5+og<%CuiG{Joim@VI%A|m2iq##%Vs$F9dLY&Wh;>ko
z74foc+E}+T|K=<HB|xluSggrB)(-*8?Xi+f;0>3dsGviddlUM$?uz2uo_~GwVyq!u
zs6+ZsUB{`N26-<cZnM{_(_<U+5pzY%7xeKE^Kq%@WBpz$$%RD3rD{tbu@oX!`1vWZ
zK#vQ3=%X(kbI+H!VfU_ZLMb5m<{(@_3kEJ;nDz4Ye_4Vpl&r}mK5$RC>cWK|?6$4*
z`dg|hQMC{DX_+o!O#dh|eKLos227v0C^8+bIJthUVxZFzhw+S=jBGI70ZgxiG{a@8
zyI42$Q|N!#uf+a$DAnFw>I(b2I;xlu)a%bzw0adYy?&7O>MrGaJ$^yd>uyD!_DhOk
zChB!pAQbWKlxFVQWT(NM5rgTi^u)%YR=O~IV;Wuf?uNZFcDnk`)HHf5{<BrI+E@5c
z^Dv!Au1cdRE5A#lhXcYtp$|j%H+DL<-NB!f^L|5r2r^A;v`jzEm_8>n-E)95y&igs
zzXvVzgR{G&5ye2ZHOc-E5;Mwu<Nxa|#{MN*)0Zm-DGuX*XEJie4rJO2Olv9wc5<kU
zP;+JUw!6Z7K3*9s_G|TehUqmS>($%N_4@Uss8@_aYwm8vaFg+DcrWJowdKaa#i&<B
zt(NH$#`Ia4>2Jn4(@p0@rk5)z{rb0xf!^#ner?<jP9W1>U|LfdFqcAQ;M}L|8GV7S
zu*r{jWgLD@t5+%0Yh2c=FOchX=_^sMSh4*;Xyq}Af!ums>c1$s_Gi>9;-Hr4GRE|n
z%yfSoXZpp>BGYkFrzhn7NX0NKb_g@~#_qfrnATJVoQR+@*hvG~{^v9a)6_r~OjCut
zGR^{u8y<m6J!g<2OF8Pbs7=;uAdBmDe+cUJ06S+Cjy3{>*t?34DhACSe|ZG6C$3JL
zJ=<CKe6M)3pL_FIiI_bFnQ-cXSt*?UhDRTgQ7AbFmf2jVNx-xwd*G}J*%JaxD}D7;
zt2lAg)@${uV0w+pdYx+JdVSg@>J=|14=GDj470l08{X71{VZd8L}q$$lrufCMPxcb
zDa*PQia}GS{`$W4s>hhcn}KOfWx$&ksElB9Wt^ts#L@khR<BB?*RZVDY0C8~c|+9e
z9*{@uU0=dUSTfA&Sv>lPmgyag=^>fvGs`&B<zI+QC;HQy-7Qdu^BXja$Ic<-De!2l
z!?Q|u@ySpzGcYfvqb`kEJRX?VR0g~$gUXm^u8bk4IB_@|w0iAidYzH=8gg>Ij<C1t
z{LSXQO7I^SDTZlb!+6GY@O-_HjahtOqm_(9M&L5dcKsGNGQB8AW_oxlXS(Wbtc)5q
z+r3=TEH@ldv|TaW*xlJ%jN{`02w0P#@M;he)M`%95gQ+B+5qL%=dHTWKF=}QevxS#
zv2oh0cOY&2vk&66+&9mUXZ{p&6uny4F@;xAE}QRn`BMnu%?%FGeP-}5|Nc_^ivs`N
N!OskTEajgWt^(IGe(wMP

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro
new file mode 100644
index 0000000000..70f1227f6d
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro
@@ -0,0 +1,8 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/event.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+#

From a927189bdbc3fe055f0c44b1e2e010ba3821a457 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Sun, 11 Aug 2013 16:20:08 -0700
Subject: [PATCH 05/13] Tiny bit of cleanup and adapting the new test.

---
 src/analyzer/protocol/dnp3/DNP3.cc                     | 10 ++++------
 .../scripts/base/protocols/dnp3/dnp3_link_only.bro     |  2 +-
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc
index b3c001350c..9dc60a33bb 100644
--- a/src/analyzer/protocol/dnp3/DNP3.cc
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@@ -189,7 +189,7 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 				}
 
 			// Make sure header checksum is correct.
-			if ( ! CheckCRC(PSEUDO_LINK_LAYER_LEN, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN, "header") ) 
+			if ( ! CheckCRC(PSEUDO_LINK_LAYER_LEN, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN, "header") )
 				{
 				ProtocolViolation("broken_checksum");
 				return false;
@@ -198,8 +198,9 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 			// If the checksum works out, we're pretty certainly DNP3.
 			ProtocolConfirmation();
 
-			// (Hui Lin) Make sure that the DNP3 packet includes Pseudo Transport and Pseudo Application Layer data
-			if ( ( endp->buffer[PSEUDO_LENGTH_INDEX] + 3 ) == (u_char)PSEUDO_LINK_LAYER_LEN  )
+			// DNP3 packets without transport and application
+			// layers can happen, we ignore them.
+			if ( (endp->buffer[PSEUDO_LENGTH_INDEX] + 3) == PSEUDO_LINK_LAYER_LEN  )
 				{
 				ClearEndpointState(orig);
 				return true;
@@ -221,9 +222,6 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 			// BinPAC.
 			if ( ++endp->pkt_cnt == 1 )
 				interp->NewData(orig, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN);
-
-			
-
 			}
 
 		if ( ! endp->in_hdr )
diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro
index 70f1227f6d..1ea8df743f 100644
--- a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro
+++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro
@@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.bro >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
-# @TEST-EXEC: cat ${DIST}/src/event.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
 # @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
 # @TEST-EXEC: btest-diff coverage
 #

From 47bf0458938219904b00be50d4db2b94b3a0c6db Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 12 Aug 2013 11:46:27 -0700
Subject: [PATCH 06/13] Updating submodule(s).

 [nomail]
---
 aux/broctl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aux/broctl b/aux/broctl
index c9293bad3b..01ac8e2859 160000
--- a/aux/broctl
+++ b/aux/broctl
@@ -1 +1 @@
-Subproject commit c9293bad3bf4d6fc3e1808a315e791140a632961
+Subproject commit 01ac8e28595636e9bb170cb3cb9cd50da0890f31

From b72c2a9764c743e7101523fd3631e600431cd349 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 12 Aug 2013 14:38:14 -0700
Subject: [PATCH 07/13] Fixing bug in DNP3 analyzer flagged by compiler
 warning.

---
 CHANGES                            | 5 +++++
 VERSION                            | 2 +-
 src/analyzer/protocol/dnp3/DNP3.cc | 6 +++---
 src/analyzer/protocol/dnp3/DNP3.h  | 2 +-
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 708010935c..ce59ca0afc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,9 @@
 
+2.1-1052 | 2013-08-12 14:38:14 -0700
+
+  * Fixing bug in DNP3 analyzer flagged by compiler warning. (Robin
+    Sommer)
+
 2.1-1050 | 2013-08-12 11:37:44 -0700
 
   * Experimental DNP3 analyzer. This includes only very basic
diff --git a/VERSION b/VERSION
index e8e2e55bd6..0a5530766f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.1-1050
+2.1-1052
diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc
index e74f1f2bdb..ee90a0c74d 100644
--- a/src/analyzer/protocol/dnp3/DNP3.cc
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@@ -159,10 +159,10 @@ void DNP3_Analyzer::Undelivered(int seq, int len, bool orig)
 	interp->NewGap(orig, len);
 	}
 
-void DNP3_Analyzer::EndpointEOF(tcp::TCP_Reassembler* endp)
+void DNP3_Analyzer::EndpointEOF(bool is_orig)
 	{
-	TCP_ApplicationAnalyzer::EndpointEOF(endp);
-	interp->FlowEOF(endp->IsOrig());
+	TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
+	interp->FlowEOF(is_orig);
 	}
 
 bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
diff --git a/src/analyzer/protocol/dnp3/DNP3.h b/src/analyzer/protocol/dnp3/DNP3.h
index 9ccabae44c..b84d3874b4 100644
--- a/src/analyzer/protocol/dnp3/DNP3.h
+++ b/src/analyzer/protocol/dnp3/DNP3.h
@@ -15,7 +15,7 @@ public:
 	virtual void Done();
 	virtual void DeliverStream(int len, const u_char* data, bool orig);
 	virtual void Undelivered(int seq, int len, bool orig);
-	virtual void EndpointEOF(tcp::TCP_Reassembler* endp);
+	virtual void EndpointEOF(bool is_orig);
 
 	static Analyzer* InstantiateAnalyzer(Connection* conn)
 		{ return new DNP3_Analyzer(conn); }

From 2bef4111a36fee0f8cfe6ef6e145b7185a849fab Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 12 Aug 2013 16:05:14 -0700
Subject: [PATCH 08/13] Updating submodule(s).

 [nomail]
---
 aux/btest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aux/btest b/aux/btest
index 69606f8f3c..066ad931c2 160000
--- a/aux/btest
+++ b/aux/btest
@@ -1 +1 @@
-Subproject commit 69606f8f3cc84d694ca1da14868a5fecd4abbc96
+Subproject commit 066ad931c2257f41ef33a4fe28fce4337aedc684

From d4820cd43beae880bad5127ab9629b7801ad482c Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 12 Aug 2013 16:18:55 -0700
Subject: [PATCH 09/13] Updating submodule(s).

 [nomail]
---
 aux/btest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aux/btest b/aux/btest
index 066ad931c2..1b114401e5 160000
--- a/aux/btest
+++ b/aux/btest
@@ -1 +1 @@
-Subproject commit 066ad931c2257f41ef33a4fe28fce4337aedc684
+Subproject commit 1b114401e5eeea0ab2f0ba266f5c79f1e8060f34

From 0bde911bd4ef716a4a19fc099e77f48ccb07f4f7 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 13 Aug 2013 13:21:08 -0400
Subject: [PATCH 10/13] Add file support to intel framework and slightly
 restructure intel http handling.

---
 scripts/base/frameworks/intel/main.bro        | 31 ++++++++++++-
 .../policy/frameworks/intel/seen/__load__.bro |  4 +-
 .../frameworks/intel/seen/file-hashes.bro     | 12 +++++
 .../frameworks/intel/seen/http-headers.bro    | 46 +++++++++++++++++++
 .../intel/seen/http-host-header.bro           | 11 -----
 .../intel/seen/http-user-agents.bro           | 12 -----
 .../frameworks/intel/seen/where-locations.bro |  3 ++
 7 files changed, 93 insertions(+), 26 deletions(-)
 create mode 100644 scripts/policy/frameworks/intel/seen/file-hashes.bro
 create mode 100644 scripts/policy/frameworks/intel/seen/http-headers.bro
 delete mode 100644 scripts/policy/frameworks/intel/seen/http-host-header.bro
 delete mode 100644 scripts/policy/frameworks/intel/seen/http-user-agents.bro

diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index a201a7a041..b6cedbdd38 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -80,6 +80,10 @@ export {
 		## If the data was discovered within a connection, the 
 		## connection record should go into get to give context to the data.
 		conn:            connection    &optional;
+
+		## If the data was discovered within a file, the file record
+		## should go here to provide context to the data.
+		f:               fa_file       &optional;
 	};
 
 	## Record used for the logging framework representing a positive
@@ -95,6 +99,16 @@ export {
 		## this is the conn_id for the connection.
 		id:       conn_id        &log &optional;
 
+		## If a file was associated with this intelligence hit,
+		## this is the uid for the file.
+		fuid:           string          &log &optional;
+		## A mime type if the intelligence hit is related to a file.  
+		## If the $f field is provided this will be automatically filled out.
+		file_mime_type: string          &log &optional;
+		## Frequently files can be "described" to give a bit more context.
+		## If the $f field is provided this field will be automatically filled out.
+		file_desc:      string          &log &optional;
+
 		## Where the data was seen.
 		seen:     Seen           &log;
 		## Sources which supplied data that resulted in this match.
@@ -248,7 +262,22 @@ function has_meta(check: MetaData, metas: set[MetaData]): bool
 
 event Intel::match(s: Seen, items: set[Item]) &priority=5
 	{
-	local info: Info = [$ts=network_time(), $seen=s];
+	if ( s$f?$conns && |s$f$conns| == 1 )
+		{
+		for ( cid in s$f$conns )
+			s$conn = s$f$conns[cid];
+		}
+
+	local info = Info($ts=network_time(), $seen=s);
+
+	if ( ! info?$fuid )
+		info$fuid = s$f$id;
+
+	if ( ! info?$file_mime_type && s$f?$mime_type )
+		info$file_mime_type = s$f$mime_type;
+
+	if ( ! info?$file_desc )
+		info$file_desc = Files::describe(s$f);
 
 	if ( s?$conn )
 		{
diff --git a/scripts/policy/frameworks/intel/seen/__load__.bro b/scripts/policy/frameworks/intel/seen/__load__.bro
index 3ffbc35378..f4b5c3ce02 100644
--- a/scripts/policy/frameworks/intel/seen/__load__.bro
+++ b/scripts/policy/frameworks/intel/seen/__load__.bro
@@ -1,8 +1,8 @@
 @load ./conn-established
 @load ./dns
-@load ./http-host-header
+@load ./file-hashes
+@load ./http-headers
 @load ./http-url
-@load ./http-user-agents
 @load ./ssl
 @load ./smtp
 @load ./smtp-url-extraction
\ No newline at end of file
diff --git a/scripts/policy/frameworks/intel/seen/file-hashes.bro b/scripts/policy/frameworks/intel/seen/file-hashes.bro
new file mode 100644
index 0000000000..6c4a1161d6
--- /dev/null
+++ b/scripts/policy/frameworks/intel/seen/file-hashes.bro
@@ -0,0 +1,12 @@
+@load base/frameworks/intel
+@load ./where-locations
+
+event file_hash(f: fa_file , kind: string , hash: string)
+	{
+	local seen = Intel::Seen($indicator=hash,
+	                         $indicator_type=Intel::FILE_HASH,
+	                         $f=f,
+	                         $where=Files::IN_HASH);
+	
+	Intel::seen(seen);
+	}
\ No newline at end of file
diff --git a/scripts/policy/frameworks/intel/seen/http-headers.bro b/scripts/policy/frameworks/intel/seen/http-headers.bro
new file mode 100644
index 0000000000..53aeec4394
--- /dev/null
+++ b/scripts/policy/frameworks/intel/seen/http-headers.bro
@@ -0,0 +1,46 @@
+@load base/frameworks/intel
+@load ./where-locations
+
+event http_header(c: connection, is_orig: bool, name: string, value: string)
+	{
+	if ( is_orig )
+		{
+		switch ( name ) 
+			{
+			case "HOST": 
+			Intel::seen([$indicator=value,
+			             $indicator_type=Intel::DOMAIN,
+			             $conn=c,
+			             $where=HTTP::IN_HOST_HEADER]);
+			break;
+
+			case "REFERER":
+			Intel::seen([$indicator=sub(value, /^.*:\/\//, ""),
+			             $indicator_type=Intel::URL,
+			             $conn=c,
+			             $where=HTTP::IN_REFERRER_HEADER]);
+			break;
+
+			case "X-FORWARDED-FOR":
+			if ( is_valid_ip(value) )
+				{
+				local addrs = find_ip_addresses(value);
+				for ( i in addrs )
+					{
+					Intel::seen([$host=to_addr(addrs[i]),
+					             $indicator_type=Intel::ADDR,
+					             $conn=c,
+					             $where=HTTP::IN_X_FORWARDED_FOR_HEADER]);
+					}
+				}
+			break;
+
+			case "USER-AGENT":
+			Intel::seen([$indicator=value,
+			             $indicator_type=Intel::SOFTWARE,
+			             $conn=c,
+			             $where=HTTP::IN_USER_AGENT_HEADER]);
+			break;
+			}
+		}
+	}
diff --git a/scripts/policy/frameworks/intel/seen/http-host-header.bro b/scripts/policy/frameworks/intel/seen/http-host-header.bro
deleted file mode 100644
index 3fd28b8ef9..0000000000
--- a/scripts/policy/frameworks/intel/seen/http-host-header.bro
+++ /dev/null
@@ -1,11 +0,0 @@
-@load base/frameworks/intel
-@load ./where-locations
-
-event http_header(c: connection, is_orig: bool, name: string, value: string)
-	{
-	if ( is_orig && name == "HOST" )
-		Intel::seen([$indicator=value,
-		             $indicator_type=Intel::DOMAIN,
-		             $conn=c,
-		             $where=HTTP::IN_HOST_HEADER]);
-	}
diff --git a/scripts/policy/frameworks/intel/seen/http-user-agents.bro b/scripts/policy/frameworks/intel/seen/http-user-agents.bro
deleted file mode 100644
index 7c4558d2a5..0000000000
--- a/scripts/policy/frameworks/intel/seen/http-user-agents.bro
+++ /dev/null
@@ -1,12 +0,0 @@
-@load base/frameworks/intel
-@load ./where-locations
-
-event http_header(c: connection, is_orig: bool, name: string, value: string)
-	{
-	if ( is_orig && name == "USER-AGENT" )
-		Intel::seen([$indicator=value,
-		             $indicator_type=Intel::SOFTWARE,
-		             $conn=c,
-		             $where=HTTP::IN_USER_AGENT_HEADER]);
-	}
-
diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.bro
index 4773de9c73..f3bdb6a2bd 100644
--- a/scripts/policy/frameworks/intel/seen/where-locations.bro
+++ b/scripts/policy/frameworks/intel/seen/where-locations.bro
@@ -4,10 +4,13 @@ export {
 	redef enum Intel::Where += {
 		Conn::IN_ORIG,
 		Conn::IN_RESP,
+		Files::IN_HASH,
 		DNS::IN_REQUEST,
 		DNS::IN_RESPONSE,
 		HTTP::IN_HOST_HEADER,
+		HTTP::IN_REFERRER_HEADER,
 		HTTP::IN_USER_AGENT_HEADER,
+		HTTP::IN_X_FORWARDED_FOR_HEADER,
 		HTTP::IN_URL,
 		SMTP::IN_MAIL_FROM,
 		SMTP::IN_RCPT_TO,

From ed14bdc77e0587f9eba0afc321633a247927e931 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 13 Aug 2013 13:21:31 -0400
Subject: [PATCH 11/13] Add file name support to intel framework.

---
 scripts/base/frameworks/intel/main.bro                |  3 +++
 scripts/policy/frameworks/intel/seen/__load__.bro     |  1 +
 scripts/policy/frameworks/intel/seen/file-hashes.bro  |  2 +-
 scripts/policy/frameworks/intel/seen/file-names.bro   | 11 +++++++++++
 .../policy/frameworks/intel/seen/where-locations.bro  |  1 +
 5 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 scripts/policy/frameworks/intel/seen/file-names.bro

diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index b6cedbdd38..94ff8103a8 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -27,6 +27,9 @@ export {
 		## File hash which is non-hash type specific.  It's up to the user to query
 		## for any relevant hash types.
 		FILE_HASH,
+		## File names.  Typically with protocols with definite indications
+		## of a file name.
+		FILE_NAME,
 		## Certificate SHA-1 hash.
 		CERT_HASH,
 	};
diff --git a/scripts/policy/frameworks/intel/seen/__load__.bro b/scripts/policy/frameworks/intel/seen/__load__.bro
index f4b5c3ce02..01034d95e2 100644
--- a/scripts/policy/frameworks/intel/seen/__load__.bro
+++ b/scripts/policy/frameworks/intel/seen/__load__.bro
@@ -1,6 +1,7 @@
 @load ./conn-established
 @load ./dns
 @load ./file-hashes
+@load ./file-names
 @load ./http-headers
 @load ./http-url
 @load ./ssl
diff --git a/scripts/policy/frameworks/intel/seen/file-hashes.bro b/scripts/policy/frameworks/intel/seen/file-hashes.bro
index 6c4a1161d6..2e56ad3c48 100644
--- a/scripts/policy/frameworks/intel/seen/file-hashes.bro
+++ b/scripts/policy/frameworks/intel/seen/file-hashes.bro
@@ -1,7 +1,7 @@
 @load base/frameworks/intel
 @load ./where-locations
 
-event file_hash(f: fa_file , kind: string , hash: string)
+event file_hash(f: fa_file, kind: string, hash: string)
 	{
 	local seen = Intel::Seen($indicator=hash,
 	                         $indicator_type=Intel::FILE_HASH,
diff --git a/scripts/policy/frameworks/intel/seen/file-names.bro b/scripts/policy/frameworks/intel/seen/file-names.bro
new file mode 100644
index 0000000000..ade0d0f18a
--- /dev/null
+++ b/scripts/policy/frameworks/intel/seen/file-names.bro
@@ -0,0 +1,11 @@
+@load base/frameworks/intel
+@load ./where-locations
+
+event file_new(f: fa_file)
+	{
+	if ( f?$info && f$info?$filename )
+		Intel::seen([$indicator=f$info$filename,
+		             $indicator_type=Intel::FILE_NAME,
+		             $f=f,
+		             $where=Files::IN_NAME]);
+	}
\ No newline at end of file
diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.bro
index f3bdb6a2bd..0387814ea7 100644
--- a/scripts/policy/frameworks/intel/seen/where-locations.bro
+++ b/scripts/policy/frameworks/intel/seen/where-locations.bro
@@ -5,6 +5,7 @@ export {
 		Conn::IN_ORIG,
 		Conn::IN_RESP,
 		Files::IN_HASH,
+		Files::IN_NAME,
 		DNS::IN_REQUEST,
 		DNS::IN_RESPONSE,
 		HTTP::IN_HOST_HEADER,

From b8f47cc3db83f628a2e13ae5ebb7bdc053bf348a Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Tue, 13 Aug 2013 18:44:13 -0700
Subject: [PATCH 12/13] Updating submodule(s).

 [nomail]
---
 aux/btest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aux/btest b/aux/btest
index 1b114401e5..be7c653dcd 160000
--- a/aux/btest
+++ b/aux/btest
@@ -1 +1 @@
-Subproject commit 1b114401e5eeea0ab2f0ba266f5c79f1e8060f34
+Subproject commit be7c653dcdc30384d4d17359d19d94540fdedaa5

From a98c78c0d13ecc0282b1fb8447dce25aa448fa7c Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 13 Aug 2013 23:49:39 -0400
Subject: [PATCH 13/13] Fixing intel framework tests.

---
 doc/scripts/DocSourcesList.cmake              |  5 +--
 scripts/base/frameworks/intel/main.bro        | 33 ++++++++++---------
 scripts/test-all-policy.bro                   |  5 +--
 .../manager-1.intel.log                       | 10 +++---
 .../broproc.intel.log                         | 12 +++----
 .../manager-1.intel.log                       | 16 ++++-----
 6 files changed, 43 insertions(+), 38 deletions(-)

diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake
index 63d2f35562..5756d75ea3 100644
--- a/doc/scripts/DocSourcesList.cmake
+++ b/doc/scripts/DocSourcesList.cmake
@@ -199,9 +199,10 @@ rest_target(${psd} policy/frameworks/files/hash-all-files.bro)
 rest_target(${psd} policy/frameworks/intel/do_notice.bro)
 rest_target(${psd} policy/frameworks/intel/seen/conn-established.bro)
 rest_target(${psd} policy/frameworks/intel/seen/dns.bro)
-rest_target(${psd} policy/frameworks/intel/seen/http-host-header.bro)
+rest_target(${psd} policy/frameworks/intel/seen/file-hashes.bro)
+rest_target(${psd} policy/frameworks/intel/seen/file-names.bro)
+rest_target(${psd} policy/frameworks/intel/seen/http-headers.bro)
 rest_target(${psd} policy/frameworks/intel/seen/http-url.bro)
-rest_target(${psd} policy/frameworks/intel/seen/http-user-agents.bro)
 rest_target(${psd} policy/frameworks/intel/seen/smtp-url-extraction.bro)
 rest_target(${psd} policy/frameworks/intel/seen/smtp.bro)
 rest_target(${psd} policy/frameworks/intel/seen/ssl.bro)
diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index 94ff8103a8..b3dcfda00d 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -104,13 +104,13 @@ export {
 
 		## If a file was associated with this intelligence hit,
 		## this is the uid for the file.
-		fuid:           string          &log &optional;
+		fuid:           string   &log &optional;
 		## A mime type if the intelligence hit is related to a file.  
 		## If the $f field is provided this will be automatically filled out.
-		file_mime_type: string          &log &optional;
+		file_mime_type: string   &log &optional;
 		## Frequently files can be "described" to give a bit more context.
 		## If the $f field is provided this field will be automatically filled out.
-		file_desc:      string          &log &optional;
+		file_desc:      string   &log &optional;
 
 		## Where the data was seen.
 		seen:     Seen           &log;
@@ -265,22 +265,25 @@ function has_meta(check: MetaData, metas: set[MetaData]): bool
 
 event Intel::match(s: Seen, items: set[Item]) &priority=5
 	{
-	if ( s$f?$conns && |s$f$conns| == 1 )
-		{
-		for ( cid in s$f$conns )
-			s$conn = s$f$conns[cid];
-		}
-
 	local info = Info($ts=network_time(), $seen=s);
 
-	if ( ! info?$fuid )
-		info$fuid = s$f$id;
+	if ( s?$f )
+		{
+		if ( s$f?$conns && |s$f$conns| == 1 )
+			{
+			for ( cid in s$f$conns )
+				s$conn = s$f$conns[cid];
+			}
 
-	if ( ! info?$file_mime_type && s$f?$mime_type )
-		info$file_mime_type = s$f$mime_type;
+		if ( ! info?$fuid )
+			info$fuid = s$f$id;
 
-	if ( ! info?$file_desc )
-		info$file_desc = Files::describe(s$f);
+		if ( ! info?$file_mime_type && s$f?$mime_type )
+			info$file_mime_type = s$f$mime_type;
+
+		if ( ! info?$file_desc )
+			info$file_desc = Files::describe(s$f);
+		}
 
 	if ( s?$conn )
 		{
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index 7d582bf82f..63b9b5998c 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -18,9 +18,10 @@
 @load frameworks/intel/seen/__load__.bro
 @load frameworks/intel/seen/conn-established.bro
 @load frameworks/intel/seen/dns.bro
-@load frameworks/intel/seen/http-host-header.bro
+@load frameworks/intel/seen/file-hashes.bro
+@load frameworks/intel/seen/file-names.bro
+@load frameworks/intel/seen/http-headers.bro
 @load frameworks/intel/seen/http-url.bro
-@load frameworks/intel/seen/http-user-agents.bro
 @load frameworks/intel/seen/smtp-url-extraction.bro
 @load frameworks/intel/seen/smtp.bro
 @load frameworks/intel/seen/ssl.bro
diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.cluster-transparency/manager-1.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.cluster-transparency/manager-1.intel.log
index 00871e7d93..27a1f2d2f8 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.intel.cluster-transparency/manager-1.intel.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.intel.cluster-transparency/manager-1.intel.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	intel
-#open	2013-07-19-17-05-48
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	seen.indicator	seen.indicator_type	seen.where	sources
-#types	time	string	addr	port	addr	port	string	enum	enum	table[string]
-1374253548.038580	-	-	-	-	-	123.123.123.123	Intel::ADDR	Intel::IN_ANYWHERE	worker-1
-#close	2013-07-19-17-05-57
+#open	2013-08-14-03-46-32
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	seen.indicator	seen.indicator_type	seen.where	sources
+#types	time	string	addr	port	addr	port	string	string	string	string	enum	enum	table[string]
+1376451992.872806	-	-	-	-	-	-	-	-	123.123.123.123	Intel::ADDR	Intel::IN_ANYWHERE	worker-1
+#close	2013-08-14-03-46-42
diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log
index 8c01ae5c27..ea57d77b18 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	intel
-#open	2013-07-19-17-04-26
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	seen.indicator	seen.indicator_type	seen.where	sources
-#types	time	string	addr	port	addr	port	string	enum	enum	table[string]
-1374253466.857185	-	-	-	-	-	e@mail.com	Intel::EMAIL	SOMEWHERE	source1
-1374253466.857185	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	source1
-#close	2013-07-19-17-04-26
+#open	2013-08-14-03-47-03
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	seen.indicator	seen.indicator_type	seen.where	sources
+#types	time	string	addr	port	addr	port	string	string	string	string	enum	enum	table[string]
+1376452023.137179	-	-	-	-	-	-	-	-	e@mail.com	Intel::EMAIL	SOMEWHERE	source1
+1376452023.137179	-	-	-	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	source1
+#close	2013-08-14-03-47-03
diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1.intel.log
index 70d92a3604..bf9aa50fef 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1.intel.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1.intel.log
@@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	intel
-#open	2013-07-19-17-06-57
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	seen.indicator	seen.indicator_type	seen.where	sources
-#types	time	string	addr	port	addr	port	string	enum	enum	table[string]
-1374253617.312158	-	-	-	-	-	1.2.3.4	Intel::ADDR	Intel::IN_A_TEST	source1
-1374253617.312158	-	-	-	-	-	e@mail.com	Intel::EMAIL	Intel::IN_A_TEST	source1
-1374253618.332565	-	-	-	-	-	1.2.3.4	Intel::ADDR	Intel::IN_A_TEST	source1
-1374253618.332565	-	-	-	-	-	e@mail.com	Intel::EMAIL	Intel::IN_A_TEST	source1
-#close	2013-07-19-17-07-06
+#open	2013-08-14-03-47-23
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	seen.indicator	seen.indicator_type	seen.where	sources
+#types	time	string	addr	port	addr	port	string	string	string	string	enum	enum	table[string]
+1376452043.835810	-	-	-	-	-	-	-	-	1.2.3.4	Intel::ADDR	Intel::IN_A_TEST	source1
+1376452043.835810	-	-	-	-	-	-	-	-	e@mail.com	Intel::EMAIL	Intel::IN_A_TEST	source1
+1376452044.855238	-	-	-	-	-	-	-	-	1.2.3.4	Intel::ADDR	Intel::IN_A_TEST	source1
+1376452044.855238	-	-	-	-	-	-	-	-	e@mail.com	Intel::EMAIL	Intel::IN_A_TEST	source1
+#close	2013-08-14-03-47-32