Merge branch 'master' into topic/jsiwek/ipv6-comm

2025-10-12 11:38:20 +00:00 · 2012-05-17 14:28:16 -05:00 · 2012-05-17 14:28:16 -05:00 · f819a966d8
commit f819a966d8
parent 74f3a32321 e34f27b928
46 changed files with 487 additions and 160 deletions
--- a/31
+++ b/31
@ -1,4 +1,35 @@

+2.0-341 | 2012-05-17 09:54:30 -0700
+
+  * Add a comment to explain the ICMPv6 error message types. (Daniel Thayer)
+
+  * Quieting external test output somehwat. (Robin Sommer)
+
+2.0-336 | 2012-05-14 17:15:44 -0700
+
+  * Don't print the various "weird" events to stderr. Address #805.
+    (Daniel Thayer)
+
+  * Generate icmp_error_message event for ICMPv6 error msgs.
+    Previously, icmp_sent was being generated, but icmp_error_message
+    contains more info.
+
+  * Improved documentation comments for icmp-related events. (Daniel
+    Thayer)
+
+2.0-330 | 2012-05-14 17:05:56 -0700
+
+  * Add `addr_to_uri` script-level function that adds brackets to an
+    address if it's IPv6 and will be included in a URI or when a
+    ":<port>" needs to be appended to it. (Jon Siwek)
+
+  * Also add a test case for content extraction. (Jon Siwek)
+
+  * Fix typos and improve INSTALL document. (Daniel Thayer)
+    
+  * Switching to new btest command TEST-SERIALIZE for communication
+    tests. (Robin Sommer)
+
 2.0-323 | 2012-05-04 21:04:34 -0700

  * Add SHA1 and SHA256 hashing BIFs. Addresses #542.
--- a/56
+++ b/56
@ -5,34 +5,44 @@ Installing Bro
 Prerequisites
 =============

-Bro relies on the following libraries and tools, which need to be installed
+Bro requires the following libraries and tools to be installed
 before you begin:

    * CMake 2.6.3 or greater            http://www.cmake.org

-    * Libpcap (headers and libraries)   http://www.tcpdump.org
+    * Perl  (used only during the Bro build process)

-    * OpenSSL (headers and libraries)   http://www.openssl.org
+    * Libpcap headers and libraries     http://www.tcpdump.org

-    * SWIG                              http://www.swig.org
+    * OpenSSL headers and libraries     http://www.openssl.org
+
+    * BIND8 headers and libraries

    * Libmagic

    * Libz

-Bro can make uses of some optional libraries if they are found at
-installation time:
+    * SWIG                              http://www.swig.org

-    * LibGeoIP  For geo-locating IP addresses.
-
-Bro also needs the following tools, but on most systems they will
-already come preinstalled:
-
-    * Bash  (For Bro Control).
-    * BIND8 (headers and libraries)
    * Bison (GNU Parser Generator)
+
    * Flex  (Fast Lexical Analyzer)
-    * Perl  (Used only during the Bro build process)
+
+    * Bash  (for BroControl)
+
+
+Bro can make use of some optional libraries and tools if they are found at
+build time:
+
+    * LibGeoIP (for geo-locating IP addresses)
+
+    * gperftools (tcmalloc is used to improve memory and CPU usage)
+
+    * sendmail (for BroControl)
+
+    * ipsumdump (for trace-summary)     http://www.cs.ucla.edu/~kohler/ipsumdump
+
+    * Ruby executable, library, and headers (for Broccoli Ruby bindings)


 Installation
@ -44,7 +54,7 @@ To build and install into ``/usr/local/bro``::
    make
    make install

-This will first build Bro into a directory inside the distribution
+This will first build Bro in a directory inside the distribution
 called ``build/``, using default build options. It then installs all
 required files into ``/usr/local/bro``, including the Bro binary in
 ``/usr/local/bro/bin/bro``.
@ -60,22 +70,22 @@ choices unless you are creating such a package.
 Run ``./configure --help`` for more options.

 Depending on the Bro package you downloaded, there may be auxiliary
-tools and libraries available in the ``aux/`` directory. All of them
-except for ``aux/bro-aux`` will also be built and installed by doing
-``make install``.  To install the programs that come in the
-``aux/bro-aux`` directory, use ``make install-aux``. There are
+tools and libraries available in the ``aux/`` directory. Some of them
+will be automatically built and installed along with Bro. There are
 ``--disable-*`` options that can be given to the configure script to
-turn off unwanted auxiliary projects.
+turn off unwanted auxiliary projects that would otherwise be installed
+automatically.  Finally, use ``make install-aux`` to install some of
+the other programs that are in the ``aux/bro-aux`` directory.

-OpenBSD users, please see our `FAQ
-<http://www.bro-ids.org/documentation/faq.html>` if you are having
+OpenBSD users, please see our FAQ at
+http://www.bro-ids.org/documentation/faq.html if you are having
 problems installing Bro.

 Running Bro
 ===========

 Bro is a complex program and it takes a bit of time to get familiar
-with it.  A good place for newcomers to start is the Quickstart Guide
+with it.  A good place for newcomers to start is the Quick Start Guide
 at http://www.bro-ids.org/documentation/quickstart.html.

 For developers that wish to run Bro directly from the ``build/``
--- a/2
+++ b/2
@ -1 +1 @@
-2.0-323
+2.0-341
--- a/aux/broctl
+++ b/aux/broctl
@ -1 +1 @@
-Subproject commit 76e6bd4b182e9ff43456890e08aeaf451f9e4615
+Subproject commit 519d2e21ee375833c89eb6f7dc95c1eac3de17ab
--- a/aux/btest
+++ b/aux/btest
@ -1 +1 @@
-Subproject commit c0bbe9b8676f4655e7a984ac5eb8dfba3cd061b2
+Subproject commit 76876ce0e7da4888c91b3aea024c5cfd36405310
--- a/2
+++ b/2
@ -32,7 +32,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
    --enable-perftools-debug use Google's perftools for debugging
    --disable-broccoli     don't build or install the Broccoli library
    --disable-broctl       don't install Broctl
-    --disable-auxtools     don't build or install auxilliary tools
+    --disable-auxtools     don't build or install auxiliary tools
    --disable-python       don't try to build python bindings for broccoli
    --disable-ruby         don't try to build ruby bindings for broccoli

--- a/scripts/base/protocols/ftp/main.bro
+++ b/scripts/base/protocols/ftp/main.bro
@ -6,6 +6,7 @@
@load ./utils-commands
@load base/utils/paths
@load base/utils/numbers
+@load base/utils/addrs

 module FTP;

@ -169,12 +170,7 @@ function ftp_message(s: Info)
 		
 		local arg = s$cmdarg$arg;
 		if ( s$cmdarg$cmd in file_cmds )
-			{
-			if ( is_v4_addr(s$id$resp_h) )
-				arg = fmt("ftp://%s%s", s$id$resp_h, build_path_compressed(s$cwd, arg));
-			else
-				arg = fmt("ftp://[%s]%s", s$id$resp_h, build_path_compressed(s$cwd, arg));
-			}
+			arg = fmt("ftp://%s%s", addr_to_uri(s$id$resp_h), build_path_compressed(s$cwd, arg));
 		
 		s$ts=s$cmdarg$ts;
 		s$command=s$cmdarg$cmd;
--- a/scripts/base/protocols/http/utils.bro
+++ b/scripts/base/protocols/http/utils.bro
@ -1,6 +1,7 @@
 ##! Utilities specific for HTTP processing.

@load ./main
+@load base/utils/addrs

 module HTTP;

@ -51,7 +52,7 @@ function extract_keys(data: string, kv_splitter: pattern): string_vec
 function build_url(rec: Info): string
 	{
 	local uri  = rec?$uri ? rec$uri : "/<missed_request>";
-	local host = rec?$host ? rec$host : fmt("%s", rec$id$resp_h);
+	local host = rec?$host ? rec$host : addr_to_uri(rec$id$resp_h);
 	if ( rec$id$resp_p != 80/tcp )
 		host = fmt("%s:%s", host, rec$id$resp_p);
 	return fmt("%s%s", host, uri);
--- a/scripts/base/utils/files.bro
+++ b/scripts/base/utils/files.bro
@ -1,10 +1,11 @@
+@load ./addrs

 ## This function can be used to generate a consistent filename for when
 ## contents of a file, stream, or connection are being extracted to disk.
 function generate_extraction_filename(prefix: string, c: connection, suffix: string): string
 	{
-	local conn_info = fmt("%s:%d-%s:%d", 
-	                      c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p);
+	local conn_info = fmt("%s:%d-%s:%d", addr_to_uri(c$id$orig_h), c$id$orig_p,
+	                      addr_to_uri(c$id$resp_h), c$id$resp_p);
 	
 	if ( prefix != "" )
 		conn_info = fmt("%s_%s", prefix, conn_info);
--- a/src/ICMP.cc
+++ b/src/ICMP.cc
@ -181,6 +181,12 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c
 		case MLD_LISTENER_REDUCTION:
 #endif
 		default:
+			// Error messages (i.e., ICMPv6 type < 128) all have
+			// the same structure for their context, and are
+			// handled by the same function.
+			if ( icmpp->icmp_type < 128 )
+				Context6(t, icmpp, len, caplen, data, ip_hdr);
+			else
 				ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr);
 			break;
 		}
@ -663,6 +669,10 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
 		case ICMP6_PACKET_TOO_BIG:
 			f = icmp_packet_too_big;
 			break;
+
+		default:
+			f = icmp_error_message;
+			break;
 		}

 	if ( f )
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@ -149,7 +149,7 @@ void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* add

 	va_list ap;
 	va_start(ap, fmt_name);
-	DoLog("weird", event, stderr, 0, vl, false, false, 0, fmt_name, ap);
+	DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap);
 	va_end(ap);

 	delete vl;
@ -163,7 +163,7 @@ void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const cha

 	va_list ap;
 	va_start(ap, fmt_name);
-	DoLog("weird", flow_weird, stderr, 0, vl, false, false, 0, fmt_name, ap);
+	DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap);
 	va_end(ap);

 	delete vl;
@ -326,6 +326,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Conne
 		s += buffer;
 		s += "\n";

+		if ( out )
 			fprintf(out, "%s", s.c_str());

 		if ( addl )
--- a/src/event.bif
+++ b/src/event.bif
@ -762,10 +762,9 @@ event udp_contents%(u: connection, is_orig: bool, contents: string%);
 ## .. bro:see:: udp_contents udp_reply udp_request
 event udp_session_done%(u: connection%);

-## Generated for all ICMP messages that are not handled separetely with dedicated
+## Generated for all ICMP messages that are not handled separately with dedicated
 ## ICMP events. Bro's ICMP analyzer handles a number of ICMP messages directly
-## with dedicated events. This handlers acts as a fallback for those it doesn't.
-## The *icmp* record provides more information about the message.
+## with dedicated events. This event acts as a fallback for those it doesn't.
 ##
 ## See `Wikipedia
 ## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
@ -776,8 +775,7 @@ event udp_session_done%(u: connection%);
 ## icmp: Additional ICMP-specific information augmenting the standard
 ##       connection record *c*.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect
-##    icmp_time_exceeded icmp_unreachable
+## .. bro:see:: icmp_error_message
 event icmp_sent%(c: connection, icmp: icmp_conn%);

 ## Generated for ICMP *echo request* messages.
@ -798,8 +796,7 @@ event icmp_sent%(c: connection, icmp: icmp_conn%);
 ## payload: The message-specific data of the packet payload, i.e., everything after
 ##          the first 8 bytes of the ICMP header.
 ##
-## .. bro:see:: icmp_echo_reply  icmp_redirect icmp_sent
-##    icmp_time_exceeded icmp_unreachable
+## .. bro:see:: icmp_echo_reply
 event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%);

 ## Generated for ICMP *echo reply* messages.
@ -820,26 +817,30 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count,
 ## payload: The message-specific data of the packet payload, i.e., everything after
 ##          the first 8 bytes of the ICMP header.
 ##
-## .. bro:see::  icmp_echo_request icmp_redirect icmp_sent
-##    icmp_time_exceeded icmp_unreachable
+## .. bro:see:: icmp_echo_request
 event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%);

-## Generated for all ICMP error messages that are not handled separately with dedicated
-## ICMP events. Bro's ICMP analyzer handles a number of ICMP messages directly
-## with dedicated events. This handler acts as a fallback for those it doesn't.
-## The *icmp* record provides more information about the message.
+## Generated for all ICMPv6 error messages that are not handled
+## separately with dedicated events. Bro's ICMP analyzer handles a number
+## of ICMP error messages directly with dedicated events. This event acts
+## as a fallback for those it doesn't.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
-## information about the ICMP protocol.
+## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
+## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
 ##
 ## icmp: Additional ICMP-specific information augmenting the standard
 ##       connection record *c*.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect
-##    icmp_time_exceeded icmp_unreachable
+## code: The ICMP code of the error message.
+##
+## context: A record with specifics of the original packet that the message refers
+##          to.
+##
+## .. bro:see:: icmp_unreachable icmp_packet_too_big
+##    icmp_time_exceeded icmp_parameter_problem
 event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);

 ## Generated for ICMP *destination unreachable* messages.
@ -861,15 +862,15 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context:
 ##          that if the *unreachable* includes only a partial IP header for some reason, no
 ##          fields of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
-##    icmp_time_exceeded
+## .. bro:see:: icmp_error_message icmp_packet_too_big
+##    icmp_time_exceeded icmp_parameter_problem
 event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);

-## Generated for ICMP *packet too big* messages.
+## Generated for ICMPv6 *packet too big* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
-## information about the ICMP protocol.
+## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
+## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
 ##
@ -884,8 +885,8 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic
 ##          that if the *too big* includes only a partial IP header for some reason, no
 ##          fields of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
-##    icmp_time_exceeded
+## .. bro:see:: icmp_error_message icmp_unreachable
+##    icmp_time_exceeded icmp_parameter_problem
 event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);

 ## Generated for ICMP *time exceeded* messages.
@ -907,15 +908,15 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context:
 ##          if the *exceeded* includes only a partial IP header for some reason, no fields
 ##          of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
-##     icmp_unreachable
+## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big
+##    icmp_parameter_problem
 event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);

-## Generated for ICMP *parameter problem* messages.
+## Generated for ICMPv6 *parameter problem* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
-## information about the ICMP protocol.
+## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
+## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
 ##
@ -930,8 +931,8 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context:
 ##          if the *parameter problem* includes only a partial IP header for some reason, no fields
 ##          of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
-##     icmp_unreachable
+## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big
+##    icmp_time_exceeded
 event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);

 ## Generated for ICMP *router solicitation* messages.
@ -945,8 +946,8 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte
 ## icmp: Additional ICMP-specific information augmenting the standard connection
 ##       record *c*.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
-##    icmp_time_exceeded icmp_unreachable
+## .. bro:see:: icmp_router_advertisement
+##    icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect
 event icmp_router_solicitation%(c: connection, icmp: icmp_conn%);

 ## Generated for ICMP *router advertisement* messages.
@ -975,8 +976,14 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn%);
 ##
 ## rsv: Remaining two reserved bits of router advertisement flags.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
-##    icmp_time_exceeded icmp_unreachable
+## router_lifetime: How long this router should be used as a default router.
+##
+## reachable_time: How long a neighbor should be considered reachable.
+##
+## retrans_timer: How long a host should wait before retransmitting.
+##
+## .. bro:see:: icmp_router_solicitation
+##    icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect
 event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval%);

 ## Generated for ICMP *neighbor solicitation* messages.
@ -992,8 +999,8 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit:
 ##
 ## tgt: The IP address of the target of the solicitation.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
-##    icmp_time_exceeded icmp_unreachable
+## .. bro:see:: icmp_router_solicitation icmp_router_advertisement
+##    icmp_neighbor_advertisement icmp_redirect
 event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%);

 ## Generated for ICMP *neighbor advertisement* messages.
@ -1016,8 +1023,8 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%);
 ## tgt: the Target Address in the soliciting message or the address whose
 ##      link-layer address has changed for unsolicited adverts.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
-##    icmp_time_exceeded icmp_unreachable
+## .. bro:see:: icmp_router_solicitation icmp_router_advertisement
+##    icmp_neighbor_solicitation icmp_redirect
 event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt:addr%);

 ## Generated for ICMP *redirect* messages.
@ -1036,10 +1043,8 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool,
 ##
 ## dest: The address of the destination which is redirected to the target.
 ##
-## a: The new destination address the message is redirecting to.
-##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
-##    icmp_time_exceeded icmp_unreachable
+## .. bro:see:: icmp_router_solicitation icmp_router_advertisement
+##    icmp_neighbor_solicitation icmp_neighbor_advertisement
 event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr%);

 ## Generated when a TCP connection terminated, passing on statistics about the
--- a/src/logging/WriterBackend.cc
+++ b/src/logging/WriterBackend.cc
@ -1,6 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.

 #include "util.h"
+#include "bro_inet_ntop.h"
 #include "threading/SerialTypes.h"

 #include "WriterBackend.h"
@ -248,7 +249,7 @@ string WriterBackend::Render(const threading::Value::addr_t& addr) const
 		{
 		char s[INET_ADDRSTRLEN];

-		if ( inet_ntop(AF_INET, &addr.in.in4, s, INET_ADDRSTRLEN) == NULL )
+		if ( ! bro_inet_ntop(AF_INET, &addr.in.in4, s, INET_ADDRSTRLEN) )
 			return "<bad IPv4 address conversion>";
 		else
 			return s;
@ -257,7 +258,7 @@ string WriterBackend::Render(const threading::Value::addr_t& addr) const
 		{
 		char s[INET6_ADDRSTRLEN];

-		if ( inet_ntop(AF_INET6, &addr.in.in6, s, INET6_ADDRSTRLEN) == NULL )
+		if ( ! bro_inet_ntop(AF_INET6, &addr.in.in6, s, INET6_ADDRSTRLEN) )
 			return "<bad IPv6 address conversion>";
 		else
 			return s;
--- a/testing/btest/Baseline/core.checksums/bad.out
+++ b/testing/btest/Baseline/core.checksums/bad.out
@ -1,13 +1,83 @@
-1332784981.078396 weird: bad_IP_checksum
-1332784885.686428 weird: bad_TCP_checksum
-1332784933.501023 weird: bad_UDP_checksum
-1334075363.536871 weird: bad_ICMP_checksum
-1332785210.013051 weird: routing0_hdr
-1332785210.013051 weird: bad_TCP_checksum
-1332782580.798420 weird: routing0_hdr
-1332782580.798420 weird: bad_UDP_checksum
-1334075111.800086 weird: routing0_hdr
-1334075111.800086 weird: bad_ICMP_checksum
-1332785250.469132 weird: bad_TCP_checksum
-1332781342.923813 weird: bad_UDP_checksum
-1334074939.467194 weird: bad_ICMP_checksum
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784981.078396	-	-	-	-	-	bad_IP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784885.686428	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784933.501023	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075363.536871	UWkUyAuUGXf	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785210.013051	-	-	-	-	-	routing0_hdr	-	F	bro
+1332785210.013051	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782580.798420	-	-	-	-	-	routing0_hdr	-	F	bro
+1332782580.798420	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075111.800086	-	-	-	-	-	routing0_hdr	-	F	bro
+1334075111.800086	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785250.469132	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332781342.923813	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
--- a/testing/btest/Baseline/core.checksums/good.out
+++ b/testing/btest/Baseline/core.checksums/good.out
@ -1,3 +1,56 @@
-1332785125.596793 weird: routing0_hdr
-1332782508.592037 weird: routing0_hdr
-1334075027.053380 weird: routing0_hdr
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785125.596793	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782508.592037	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
--- a/testing/btest/Baseline/core.disable-mobile-ipv6/output
+++ b/testing/btest/Baseline/core.disable-mobile-ipv6/output
@ -1 +0,0 @@
-1333663011.602839 weird: unknown_protocol_135
--- a/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log
+++ b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log
@ -0,0 +1,8 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1333663011.602839	-	-	-	-	-	unknown_protocol_135	-	F	bro
--- a/testing/btest/Baseline/core.truncation/output
+++ b/testing/btest/Baseline/core.truncation/output
@ -1,3 +1,24 @@
-1334160095.895421 weird: truncated_IP
-1334156241.519125 weird: truncated_IP
-1334094648.590126 weird: truncated_IP
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334160095.895421	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334156241.519125	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334094648.590126	-	-	-	-	-	truncated_IP	-	F	bro
--- a/testing/btest/Baseline/istate.pybroccoli/bro..stdout
+++ b/testing/btest/Baseline/istate.pybroccoli/bro..stdout
@ -1,7 +1,7 @@
 ==== atomic
 -10
 2
-1330035434.516896
+1336411585.166009
 2.0 mins
 F
 1.5
--- a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered
+++ b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered
@ -1,7 +1,7 @@
 ==== atomic a 1 ====
 -4L -4
 42 42
-1330035434.5180
+1336411585.1711
 60.0
 True True
 3.14
@ -14,7 +14,7 @@ True True
 ==== atomic a 2 ====
 -10L -10
 2 2
-1330035434.5169
+1336411585.1660
 120.0
 False False
 1.5
@ -27,7 +27,7 @@ False False
 ==== atomic b 2 ====
 -10L -10
 <broccoli.count instance at > 2
-<broccoli.time instance at > 1330035434.5169
+<broccoli.time instance at > 1336411585.1660
 <broccoli.interval instance at > 120.0
 False False
 1.5
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log
@ -5,15 +5,15 @@
 #path	local
 #fields	ts	id.orig_h
 #types	time	addr
-1300475168.855330	141.142.220.118
+1300475168.859163	141.142.220.118
 1300475168.652003	141.142.220.118
 1300475168.895267	141.142.220.118
+1300475168.902635	141.142.220.118
+1300475168.892936	141.142.220.118
 1300475168.855305	141.142.220.118
-1300475168.859163	141.142.220.118
 1300475168.892913	141.142.220.118
 1300475168.724007	141.142.220.118
-1300475168.892936	141.142.220.118
-1300475168.902635	141.142.220.118
+1300475168.855330	141.142.220.118
 1300475168.891644	141.142.220.118
 1300475170.862384	141.142.220.226
 1300475168.853899	141.142.220.118
--- a/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat
+++ b/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat
@ -0,0 +1,22 @@
+USER anonymous
+PASS test
+SYST
+FEAT
+PWD
+EPSV
+LIST
+EPSV
+NLST
+TYPE I
+SIZE robots.txt
+EPSV
+RETR robots.txt
+MDTM robots.txt
+SIZE robots.txt
+EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49189|
+RETR robots.txt
+MDTM robots.txt
+TYPE A
+EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49190|
+LIST
+QUIT
--- a/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat
+++ b/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat
@ -0,0 +1,73 @@
+220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready.
+331 Guest login ok, type your name as password.
+230-
+    The NetBSD Project FTP Server located in Redwood City, CA, USA
+    1 Gbps connectivity courtesy of                          ,        ,
+    Internet Systems Consortium                 WELCOME!    /(        )`
+                                                            \ \___   / |
+      +--- Currently Supported Platforms ----+              /- _  `-/  '
+      |  acorn[26,32], algor, alpha, amd64,  |             (/\/ \ \   /\
+      |   amiga[,ppc], arc, atari, bebox,    |             / /   | `    \
+      |   cats, cesfic, cobalt, dreamcast,   |             O O   ) /    |
+      |  evb[arm,mips,ppc,sh3], hp[300,700], |             `-^--'`<     '
+      |       hpc[arm,mips,sh], i386,        |            (_.)  _  )   /
+      |      ibmnws, iyonix, luna68k,        |              .___/`    /
+      |    mac[m68k,ppc], mipsco, mmeye,     |               `-----' /
+      |      mvme[m68k,ppc], netwinders,     |  <----.     __ / __   \
+      |   news[m68k,mips], next68k, ofppc,   |  <----|====O)))==) \) /====
+      | playstation2, pmax, prep, sandpoint, |  <----'    `--' `.__,' \
+      |  sbmips, sgimips, shark, sparc[,64], |               |        |
+      |      sun[2,3], vax, x68k, xen        |                \       /
+      +--------------------------------------+           ______( (_  / \_____
+      See our website at http://www.NetBSD.org/        ,'  ,-----'   |       \
+       We log all FTP transfers and commands.          `--{__________)  (FL) \/
+230-
+    EXPORT NOTICE
+    
+    Please note that portions of this FTP site contain cryptographic
+    software controlled under the Export Administration Regulations (EAR).
+    
+    None of this software may be downloaded or otherwise exported or
+    re-exported into (or to a national or resident of) Cuba, Iran, Libya,
+    Sudan, North Korea, Syria or any other country to which the U.S. has
+    embargoed goods.
+    
+    By downloading or using said software, you are agreeing to the
+    foregoing and you are representing and warranting that you are not
+    located in, under the control of, or a national or resident of any
+    such country or on any such list.
+230 Guest login ok, access restrictions apply.
+215 UNIX Type: L8 Version: NetBSD-ftpd 20100320
+211-Features supported
+ MDTM
+ MLST Type*;Size*;Modify*;Perm*;Unique*;
+ REST STREAM
+ SIZE
+ TVFS
+211 End
+257 "/" is the current directory.
+229 Entering Extended Passive Mode (|||57086|)
+150 Opening ASCII mode data connection for '/bin/ls'.
+226 Transfer complete.
+229 Entering Extended Passive Mode (|||57087|)
+150 Opening ASCII mode data connection for 'file list'.
+226 Transfer complete.
+200 Type set to I.
+213 77
+229 Entering Extended Passive Mode (|||57088|)
+150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
+226 Transfer complete.
+213 20090816112038
+213 77
+200 EPRT command successful.
+150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
+226 Transfer complete.
+213 20090816112038
+200 Type set to A.
+200 EPRT command successful.
+150 Opening ASCII mode data connection for '/bin/ls'.
+226 Transfer complete.
+221-
+    Data traffic for this session was 154 bytes in 2 files.
+    Total traffic for this session was 4512 bytes in 5 transfers.
+221 Thank you for using the FTP service on ftp.NetBSD.org.
--- a/testing/btest/core/checksums.test
+++ b/testing/btest/core/checksums.test
@ -1,23 +1,42 @@
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap
+# @TEST-EXEC: mv weird.log bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out

+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap
+# @TEST-EXEC: mv weird.log good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out

-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap >>good.out 2>&1
 # @TEST-EXEC: btest-diff bad.out
 # @TEST-EXEC: btest-diff good.out
--- a/testing/btest/core/disable-mobile-ipv6.test
+++ b/testing/btest/core/disable-mobile-ipv6.test
@ -1,6 +1,6 @@
 # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h
-# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output 2>&1
-# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT
+# @TEST-EXEC: btest-diff weird.log

 event mobile_ipv6_message(p: pkt_hdr)
 	{
--- a/testing/btest/core/truncation.test
+++ b/testing/btest/core/truncation.test
@ -1,6 +1,9 @@
 # Truncated IP packet's should not be analyzed, and generate truncated_IP weird

-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1
+# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap
+# @TEST-EXEC: mv weird.log output
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
 # @TEST-EXEC: btest-diff output
--- a/testing/btest/istate/broccoli-ipv6.bro
+++ b/testing/btest/istate/broccoli-ipv6.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 #
--- a/testing/btest/istate/broccoli.bro
+++ b/testing/btest/istate/broccoli.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 #
--- a/testing/btest/istate/events-ssl.bro
+++ b/testing/btest/istate/events-ssl.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro
--- a/testing/btest/istate/events.bro
+++ b/testing/btest/istate/events.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro
--- a/testing/btest/istate/pybroccoli.py
+++ b/testing/btest/istate/pybroccoli.py
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/bindings/broccoli-python/_broccoli_intern.so
--- a/testing/btest/istate/sync.bro
+++ b/testing/btest/istate/sync.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro %INPUT ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro %INPUT ../receiver.bro
--- a/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro
+++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
--- a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro
+++ b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run receiver bro -b ../receiver.bro
 # @TEST-EXEC: btest-bg-run sender   bro -b ../sender.bro
--- a/testing/btest/scripts/base/frameworks/control/configuration_update.bro
+++ b/testing/btest/scripts/base/frameworks/control/configuration_update.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update
--- a/testing/btest/scripts/base/frameworks/control/id_value.bro
+++ b/testing/btest/scripts/base/frameworks/control/id_value.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var
--- a/testing/btest/scripts/base/frameworks/control/shutdown.bro
+++ b/testing/btest/scripts/base/frameworks/control/shutdown.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp 
 # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown
--- a/testing/btest/scripts/base/frameworks/logging/remote-types.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote-types.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro
--- a/testing/btest/scripts/base/frameworks/logging/remote.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
 # @TEST-EXEC: sleep 1
--- a/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro
+++ b/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
--- a/testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro
+++ b/testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
--- a/testing/btest/scripts/base/frameworks/notice/cluster.bro
+++ b/testing/btest/scripts/base/frameworks/notice/cluster.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
--- a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro
+++ b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro
@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
--- a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test
+++ b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test
@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ipv6-ftp.trace "Conn::default_extract=T"
+# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat
+# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat
--- a/testing/external/Makefile
+++ b/testing/external/Makefile
@ -6,11 +6,11 @@ DIAG=diag.log

 all:
 	@rm -f $(DIAG)
-	@for repo in $(REPOS); do (cd $$repo && make ); done
+	@for repo in $(REPOS); do (cd $$repo && make -s ); done

 brief:
 	@rm -f $(DIAG)
-	@for repo in $(REPOS); do (cd $$repo && make brief ); done
+	@for repo in $(REPOS); do (cd $$repo && make -s brief ); done

 init:
 	git clone $(PUBLIC_REPO)
--- a/testing/external/scripts/update-traces
+++ b/testing/external/scripts/update-traces
@ -69,8 +69,8 @@ cat $cfg | while read line; do
        eval "$proxy curl $auth -f --anyauth $url -o $file"
        echo
        mv $fp.tmp $fp
-    else
-        echo "`basename $file` already available."
+     #else
+     #  echo "`basename $file` already available."
     fi

    rm -f $fp.tmp
 @ -1 +1 @@
 .0-323
 .0-341
				`@ -1 +0,0 @@`
				`1333663011.602839 weird: unknown_protocol_135`