Merge remote-tracking branch 'origin/topic/robin/log-threads' into topic/bernhard/input-threads

2025-10-04 15:48:19 +00:00 · 2012-03-30 11:00:51 -07:00 · 2012-03-30 11:00:51 -07:00 · fd70560017
commit fd70560017
parent e789724935 6e7faafdb7
73 changed files with 1967 additions and 490 deletions
--- a/72
+++ b/72
@ -1,4 +1,76 @@
 2.0-184 | 2012-03-28 15:11:11 -0700
  * Improve handling of IPv6 Routing Type 0 headers.  (Jon Siwek)
    - For RH0 headers with non-zero segments left, a
      "routing0_segleft" flow_weird event is raised (with a
      destination indicating the last address in the routing header),
      and an "rh0_segleft" event can also be handled if the other
      contents of the packet header are of interest. No further
      analysis is done as the complexity required to correctly
      identify destination endpoints of connections doesn't seem worth
      it as RH0 has been deprecated by RFC 5095.
    - For RH0 headers without any segments left, a "routing0_header"
      flow_weird event is raised, but further analysis still occurs as
      normal.
 2.0-182 | 2012-03-28 15:01:57 -0700
  * Remove dead tcp_checksum function from net_util. (Jon Siwek)
  * Change routing0_data_to_addrs BIF to return vector of addresses.
    The order of addresses in type 0 routing headers is
    interesting/important. (Jon Siwek)
 2.0-179 | 2012-03-23 17:43:31 -0700
  * Remove the default "tcp or udp or icmp" filter. In default mode,
    Bro would load the packet filter script framework which installs a
    filter that allows all packets, but in bare mode (the -b option),
    this old filter would not follow IPv6 protocol chains and thus
    filter out packets with extension headers. (Jon Siwek)
  * Update PacketFilter/Discarder code for IP version independence.
    (Jon Siwek)
  * Fix some IPv6 header related bugs. (Jon Siwek)
  * Add IPv6 fragment reassembly. (Jon Siwek)
  * Add handling for IPv6 extension header chains. Addresses #531.
    (Jon Siwek)
    - The script-layer 'pkt_hdr' type is extended with a new 'ip6' field
      representing the full IPv6 header chain.
    - The 'new_packet' event is now raised for IPv6 packets. Addresses
      #523.
    - A new event called 'ipv6_ext_header' is raised for any IPv6
      packet containing extension headers.
    - A new event called 'esp_packet' is raised for any packets using
      ESP ('new_packet' and 'ipv6_ext_header' events provide
      connection info, but that info can't be provided here since the
      upper-layer payload is encrypted).
    - The 'unknown_protocol' weird is now raised more reliably when
      Bro sees a transport protocol or IPv6 extension header it can't
      handle. Addresses #522.
  * Add unit tests for IPv6 fragment reassembly, ipv6_ext_headers and
    esp_packet events. (Jon Siwek)
  * Adapt FreeBSD's inet_ntop implementation for internal use. Now we
    get consistent text representations of IPv6 addresses across
    platforms. (Jon Siwek)
  * Update documentation for new syntax of IPv6 literals. (Jon Siwek)
 2.0-150 | 2012-03-13 16:16:22 -0700
  * Changing the regular expression to allow Site::local_nets in
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -89,11 +89,20 @@ if (LIBGEOIP_FOUND)
 endif ()
 set(USE_PERFTOOLS false)
-if (ENABLE_PERFTOOLS)
+set(USE_PERFTOOLS_DEBUG false)
-    find_package(GooglePerftools)
+
-    if (GOOGLEPERFTOOLS_FOUND)
+find_package(GooglePerftools)
-        set(USE_PERFTOOLS true)
+
-        include_directories(BEFORE ${GooglePerftools_INCLUDE_DIR})
+if (GOOGLEPERFTOOLS_FOUND)
    include_directories(BEFORE ${GooglePerftools_INCLUDE_DIR})
    set(USE_PERFTOOLS true)
    if (ENABLE_PERFTOOLS_DEBUG)
        # Enable heap debugging with perftools.
        set(USE_PERFTOOLS_DEBUG true)
        list(APPEND OPTLIBS ${GooglePerftools_LIBRARIES_DEBUG})
    else ()
        # Link in tcmalloc for better performance.
        list(APPEND OPTLIBS ${GooglePerftools_LIBRARIES})
    endif ()
 endif ()
@ -183,6 +192,7 @@ message(
    "\n"
    "\nGeoIP:             ${USE_GEOIP}"
    "\nGoogle perftools:  ${USE_PERFTOOLS}"
    "\n       debugging:  ${USE_PERFTOOLS_DEBUG}"
    "\n"
    "\n================================================================\n"
 )
--- a/2
+++ b/2
@ -1 +1 @@
-2.0-150
+2.0-184
--- a/aux/binpac
+++ b/aux/binpac
@ -1 +1 @@
-Subproject commit 3034da8f082b61157e234237993ffd7a95be6e62
+Subproject commit dd1a3a95f07082efcd5274b21104a038d523d132
--- a/aux/bro-aux
+++ b/aux/bro-aux
@ -1 +1 @@
-Subproject commit f53bcb2b492cb0db3dd288384040abc2ab711767
+Subproject commit a59b35bdada8f70fb1a59bf7bb2976534c86d378
--- a/aux/broccoli
+++ b/aux/broccoli
@ -1 +1 @@
-Subproject commit a08ca90727c5c4b90aa8633106ec33a5cf7378d4
+Subproject commit a4046c2f79b6ab0ac19ae8be94b79c6ce578bea7
--- a/aux/broctl
+++ b/aux/broctl
@ -1 +1 @@
-Subproject commit 954538514d71983e7ef3f0e109960466096e1c1d
+Subproject commit c86b7e990b4d39cd48c0cb692077aa081b418149
--- a/aux/btest
+++ b/aux/btest
@ -1 +1 @@
-Subproject commit 9c9fde204dd5518bdfdb8b4a86d38ed06e597209
+Subproject commit c8e8fe477b5dec635e5ce00f3f764fad069c549c
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 2cc105577044a2d214124568f3f2496ed2ccbb34
+Subproject commit 550ab2c8d95b1d3e18e40a903152650e6c7a3c45
--- a/9
+++ b/9
@ -27,7 +27,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
  Optional Features:
    --enable-debug         compile in debugging mode
-    --enable-perftools     use Google's perftools
+    --enable-perftools-debug use Google's perftools for debugging
    --disable-broccoli     don't build or install the Broccoli library
    --disable-broctl       don't install Broctl
    --disable-auxtools     don't build or install auxilliary tools
@ -91,7 +91,7 @@ append_cache_entry BRO_ROOT_DIR         PATH   /usr/local/bro
 append_cache_entry PY_MOD_INSTALL_DIR   PATH   /usr/local/bro/lib/broctl
 append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING /usr/local/bro/share/bro
 append_cache_entry ENABLE_DEBUG         BOOL   false
-append_cache_entry ENABLE_PERFTOOLS     BOOL   false
+append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL   false
 append_cache_entry BinPAC_SKIP_INSTALL  BOOL   true
 append_cache_entry BUILD_SHARED_LIBS    BOOL   true
 append_cache_entry INSTALL_AUX_TOOLS    BOOL   true
@ -132,8 +132,8 @@ while [ $# -ne 0 ]; do
        --enable-debug)
            append_cache_entry ENABLE_DEBUG         BOOL   true
            ;;
-        --enable-perftools)
+        --enable-perftools-debug)
-            append_cache_entry ENABLE_PERFTOOLS     BOOL   true
+            append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL   true
            ;;
        --disable-broccoli)
            append_cache_entry INSTALL_BROCCOLI     BOOL   false
@ -178,7 +178,6 @@ while [ $# -ne 0 ]; do
            append_cache_entry LibGeoIP_ROOT_DIR PATH $optarg
            ;;
        --with-perftools=*)
            append_cache_entry ENABLE_PERFTOOLS     BOOL   true
            append_cache_entry GooglePerftools_ROOT_DIR PATH $optarg
            ;;
        --with-python=*)
--- a/doc/scripts/builtins.rst
+++ b/doc/scripts/builtins.rst
@ -162,7 +162,11 @@ The Bro scripting language supports the following built-in types.
    ``A1.A2.A3.A4``, where Ai all lie between 0 and 255.
    IPv6 address constants are written as colon-separated hexadecimal form
-    as described by :rfc:`2373`.
+    as described by :rfc:`2373`, but additionally encased in square brackets.
    The mixed notation with embedded IPv4 addresses as dotted-quads in the
    lower 32 bits is also allowed.
    Some examples: ``[2001:db8::1]``, ``[::ffff:192.168.1.100]``, or
    ``[aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222]``.
    Hostname constants can also be used, but since a hostname can
    correspond to multiple IP addresses, the type of such variable is a
@ -196,7 +200,7 @@ The Bro scripting language supports the following built-in types.
    A type representing a block of IP addresses in CIDR notation.  A
    ``subnet`` constant is written as an :bro:type:`addr` followed by a
    slash (/) and then the network prefix size specified as a decimal
-    number.  For example, ``192.168.0.0/16``.
+    number.  For example, ``192.168.0.0/16`` or ``[fe80::]/64``.
 .. bro:type:: any
--- a/scripts/base/frameworks/cluster/setup-connections.bro
+++ b/scripts/base/frameworks/cluster/setup-connections.bro
@ -44,7 +44,7 @@ event bro_init() &priority=9
 			{
 			if ( n$node_type == WORKER && n$proxy == node )
 				Communication::nodes[i] =
-					[$host=n$ip, $connect=F, $class=i, $sync=T, $auth=T, $events=worker2proxy_events];
+					[$host=n$ip, $connect=F, $class=i, $sync=F, $auth=T, $events=worker2proxy_events];
 			# accepts connections from the previous one. 
 			# (This is not ideal for setups with many proxies)
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -46,6 +46,13 @@ type index_vec: vector of count;
 ##    then remove this alias.
 type string_vec: vector of string;
 ## A vector of addresses.
 ##
 ## .. todo:: We need this type definition only for declaring builtin functions via
 ##    ``bifcl``. We should extend ``bifcl`` to understand composite types directly and
 ##    then remove this alias.
 type addr_vec: vector of addr;
 ## A table of strings indexed by strings.
 ##
 ## .. todo:: We need this type definition only for declaring builtin functions via
@ -303,10 +310,10 @@ type gap_info: record {
 	gap_bytes: count;	##< How many bytes were missing in the gaps.
 };
-## Deprecated. 
+## Deprecated.
-## 
+##
 ## .. todo:: Remove. It's still declared internally but doesn't seem  used anywhere
-##    else.  
+##    else.
 type packet: record {
 	conn: connection;
 	is_orig: bool;
@ -939,12 +946,162 @@ const IPPROTO_IGMP = 2;			##< Group management protocol.
 const IPPROTO_IPIP = 4;			##< IP encapsulation in IP.
 const IPPROTO_TCP = 6;			##< TCP.
 const IPPROTO_UDP = 17;			##< User datagram protocol.
 const IPPROTO_IPV6 = 41;		##< IPv6 header.
 const IPPROTO_RAW = 255;		##< Raw IP packet.
-## Values extracted from an IP header.
+# Definitions for IPv6 extension headers.
 const IPPROTO_HOPOPTS = 0;		##< IPv6 hop-by-hop-options header.
 const IPPROTO_ROUTING = 43;		##< IPv6 routing header.
 const IPPROTO_FRAGMENT = 44;		##< IPv6 fragment header.
 const IPPROTO_ESP = 50;			##< IPv6 encapsulating security payload header.
 const IPPROTO_AH = 51;			##< IPv6 authentication header.
 const IPPROTO_NONE = 59;		##< IPv6 no next header.
 const IPPROTO_DSTOPTS = 60;		##< IPv6 destination options header.
 ## Values extracted from an IPv6 extension header's (e.g. hop-by-hop or
 ## destination option headers) option field.
 ##
-## .. bro:see:: pkt_hdr discarder_check_ip
+## .. bro:see:: ip6_hdr ip6_hdr_chain ip6_hopopts ip6_dstopts
-type ip_hdr: record {
+type ip6_option: record {
 	otype: count;	##< Option type.
 	len: count;		##< Option data length.
 	data: string;	##< Option data.
 };
 ## Values extracted from an IPv6 Hop-by-Hop options extension header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_hdr_chain ip6_option
 type ip6_hopopts: record {
 	## Protocol number of the next header (RFC 1700 et seq., IANA assigned
 	## number), e.g. :bro:id:`IPPROTO_ICMP`.
 	nxt: count;
 	## Length of header in 8-octet units, excluding first unit.
 	len: count;
 	## The TLV encoded options;
 	options: vector of ip6_option;
 };
 ## Values extracted from an IPv6 Destination options extension header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_hdr_chain ip6_option
 type ip6_dstopts: record {
 	## Protocol number of the next header (RFC 1700 et seq., IANA assigned
 	## number), e.g. :bro:id:`IPPROTO_ICMP`.
 	nxt: count;
 	## Length of header in 8-octet units, excluding first unit.
 	len: count;
 	## The TLV encoded options;
 	options: vector of ip6_option;
 };
 ## Values extracted from an IPv6 Routing extension header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_hdr_chain
 type ip6_routing: record {
 	## Protocol number of the next header (RFC 1700 et seq., IANA assigned
 	## number), e.g. :bro:id:`IPPROTO_ICMP`.
 	nxt: count;
 	## Length of header in 8-octet units, excluding first unit.
 	len: count;
 	## Routing type.
 	rtype: count;
 	## Segments left.
 	segleft: count;
 	## Type-specific data.
 	data: string;
 };
 ## Values extracted from an IPv6 Fragment extension header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_hdr_chain
 type ip6_fragment: record {
 	## Protocol number of the next header (RFC 1700 et seq., IANA assigned
 	## number), e.g. :bro:id:`IPPROTO_ICMP`.
 	nxt: count;
 	## 8-bit reserved field.
 	rsv1: count;
 	## Fragmentation offset.
 	offset: count;
 	## 2-bit reserved field.
 	rsv2: count;
 	## More fragments.
 	more: bool;
 	## Fragment identification.
 	id: count;
 };
 ## Values extracted from an IPv6 Authentication extension header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_hdr_chain
 type ip6_ah: record {
 	## Protocol number of the next header (RFC 1700 et seq., IANA assigned
 	## number), e.g. :bro:id:`IPPROTO_ICMP`.
 	nxt: count;
 	## Length of header in 4-octet units, excluding first two units.
 	len: count;
 	## Reserved field.
 	rsv: count;
 	## Security Parameter Index.
 	spi: count;
 	## Sequence number.
 	seq: count;
 	## Authentication data.
 	data: string;
 };
 ## Values extracted from an IPv6 ESP extension header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_hdr_chain
 type ip6_esp: record {
 	## Security Parameters Index.
 	spi: count;
 	## Sequence number.
 	seq: count;
 };
 ## A general container for a more specific IPv6 extension header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hopopts ip6_dstopts ip6_routing ip6_fragment
 ##    ip6_ah ip6_esp
 type ip6_ext_hdr: record {
 	## The RFC 1700 et seq. IANA assigned number identifying the type of
 	## the extension header.
 	id: count;
 	## Hop-by-hop option extension header.
 	hopopts: ip6_hopopts &optional;
 	## Destination option extension header.
 	dstopts: ip6_dstopts &optional;
 	## Routing extension header.
 	routing: ip6_routing &optional;
 	## Fragment header.
 	fragment: ip6_fragment &optional;
 	## Authentication extension header.
 	ah: ip6_ah &optional;
 	## Encapsulating security payload header.
 	esp: ip6_esp &optional;
 };
 ## Values extracted from an IPv6 header.
 ##
 ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr_chain ip6_hopopts ip6_dstopts
 ##    ip6_routing ip6_fragment ip6_ah ip6_esp
 type ip6_hdr: record {
 	class: count;					##< Traffic class.
 	flow: count;					##< Flow label.
 	len: count;					##< Payload length.
 	nxt: count;					##< Protocol number of the next header
 								##< (RFC 1700 et seq., IANA assigned number)
 								##< e.g. :bro:id:`IPPROTO_ICMP`.
 	hlim: count;					##< Hop limit.
 	src: addr;					##< Source address.
 	dst: addr;					##< Destination address.
 	exts: vector of ip6_ext_hdr;			##< Extension header chain.
 };
 ## Values extracted from an IPv4 header.
 ##
 ## .. bro:see:: pkt_hdr ip6_hdr discarder_check_ip
 type ip4_hdr: record {
 	hl: count;		##< Header length in bytes.
 	tos: count;		##< Type of service.
 	len: count;		##< Total length.
@ -1000,10 +1157,11 @@ type icmp_hdr: record {
 ##
 ## .. bro:see:: new_packet
 type pkt_hdr: record {
-	ip: ip_hdr;	##< The IP header.
+	ip: ip4_hdr &optional;			##< The IPv4 header if an IPv4 packet.
-	tcp: tcp_hdr &optional;	##< The TCP header if a TCP packet.
+	ip6: ip6_hdr &optional;			##< The IPv6 header if an IPv6 packet.
-	udp: udp_hdr &optional;	##< The UDP header if a UDP packet.
+	tcp: tcp_hdr &optional;			##< The TCP header if a TCP packet.
-	icmp: icmp_hdr &optional;	##< The ICMP header if an ICMP packet.
+	udp: udp_hdr &optional;			##< The UDP header if a UDP packet.
 	icmp: icmp_hdr &optional;		##< The ICMP header if an ICMP packet.
 };
 ## Definition of "secondary filters". A secondary filter is a BPF filter given as
@ -1023,7 +1181,7 @@ global discarder_maxlen = 128 &redef;
 ## analysis. If the function signals to discard a packet, no further processing
 ## will be performed on it.
 ##
-## i: The IP header of the considered packet.
+## p: The IP header of the considered packet.
 ##
 ## Returns: True if the packet should not be analyzed any further.
 ##
@ -1032,15 +1190,15 @@ global discarder_maxlen = 128 &redef;
 ##
 ## .. note:: This is very low-level functionality and potentially expensive.
 ##    Avoid using it.
-global discarder_check_ip: function(i: ip_hdr): bool;
+global discarder_check_ip: function(p: pkt_hdr): bool;
 ## Function for skipping packets based on their TCP header. If defined, this
 ## function will be called for all TCP packets before Bro performs any further
 ## analysis. If the function signals to discard a packet, no further processing
 ## will be performed on it.
 ##
-## i: The IP header of the considered packet.
+## p: The IP and TCP headers of the considered packet.
-## t: The TCP header.
+##
 ## d: Up to :bro:see:`discarder_maxlen` bytes of the TCP payload.
 ##
 ## Returns: True if the packet should not be analyzed any further.
@ -1050,15 +1208,15 @@ global discarder_check_ip: function(i: ip_hdr): bool;
 ##
 ## .. note:: This is very low-level functionality and potentially expensive.
 ##    Avoid using it.
-global discarder_check_tcp: function(i: ip_hdr, t: tcp_hdr, d: string): bool;
+global discarder_check_tcp: function(p: pkt_hdr, d: string): bool;
 ## Function for skipping packets based on their UDP header. If defined, this
 ## function will be called for all UDP packets before Bro performs any further
 ## analysis. If the function signals to discard a packet, no further processing
 ## will be performed on it.
 ##
-## i: The IP header of the considered packet.
+## p: The IP and UDP headers of the considered packet.
-## t: The UDP header.
+##
 ## d: Up to :bro:see:`discarder_maxlen` bytes of the UDP payload.
 ##
 ## Returns: True if the packet should not be analyzed any further.
@ -1068,15 +1226,14 @@ global discarder_check_tcp: function(i: ip_hdr, t: tcp_hdr, d: string): bool;
 ##
 ## .. note:: This is very low-level functionality and potentially expensive.
 ##    Avoid using it.
-global discarder_check_udp: function(i: ip_hdr, u: udp_hdr, d: string): bool;
+global discarder_check_udp: function(p: pkt_hdr, d: string): bool;
 ## Function for skipping packets based on their ICMP header. If defined, this
 ## function will be called for all ICMP packets before Bro performs any further
 ## analysis. If the function signals to discard a packet, no further processing
 ## will be performed on it.
 ##
-## i: The IP header of the considered packet.
+## p: The IP and ICMP headers of the considered packet.
 ## ih: The ICMP header.
 ##
 ## Returns: True if the packet should not be analyzed any further.
 ##
@ -1085,7 +1242,7 @@ global discarder_check_udp: function(i: ip_hdr, u: udp_hdr, d: string): bool;
 ##
 ## .. note:: This is very low-level functionality and potentially expensive.
 ##    Avoid using it.
-global discarder_check_icmp: function(i: ip_hdr, ih: icmp_hdr): bool;
+global discarder_check_icmp: function(p: pkt_hdr): bool;
 ## Bro's watchdog interval.
 const watchdog_interval = 10 sec &redef;
@ -1316,7 +1473,7 @@ export {
 	## NFS file attributes. Field names are based on RFC 1813.
 	##
-	## .. bro:see:: nfs_proc_getattr 
+	## .. bro:see:: nfs_proc_getattr
 	type fattr_t: record {
 		ftype: file_type_t;	##< File type.
 		mode: count;	##< Mode
@ -1335,8 +1492,8 @@ export {
 	};
 	## NFS *readdir* arguments.
-	## 
+	##
-	## .. bro:see:: nfs_proc_readdir 
+	## .. bro:see:: nfs_proc_readdir
 	type diropargs_t : record {
 		dirfh: string;	##< The file handle of the directory.
 		fname: string;	##< The name of the file we are interested in.
@ -1345,7 +1502,7 @@ export {
 	## NFS lookup reply. If the lookup failed, *dir_attr* may be set. If the lookup
 	## succeeded, *fh* is always set and *obj_attr* and *dir_attr* may be set.
 	##
-	## .. bro:see:: nfs_proc_lookup 
+	## .. bro:see:: nfs_proc_lookup
 	type lookup_reply_t: record {
 		fh: string &optional;	##< File handle of object looked up.
 		obj_attr: fattr_t &optional;	##< Optional attributes associated w/ file
@ -1362,7 +1519,7 @@ export {
 	};
 	## NFS *read* reply. If the lookup fails, *attr* may be set. If the lookup succeeds,
-	## *attr* may be set and all other fields are set. 
+	## *attr* may be set and all other fields are set.
 	type read_reply_t: record {
 		attr: fattr_t &optional;	##< Attributes.
 		size: count &optional;	##< Number of bytes read.
@ -1371,7 +1528,7 @@ export {
 	};
 	## NFS *readline* reply. If the request fails, *attr* may be set. If the request
-	## succeeds, *attr* may be set and all other fields are set.  
+	## succeeds, *attr* may be set and all other fields are set.
 	##
 	## .. bro:see:: nfs_proc_readlink
 	type readlink_reply_t: record {
@ -1381,7 +1538,7 @@ export {
 	## NFS *write* arguments.
 	##
-	## .. bro:see:: nfs_proc_write 
+	## .. bro:see:: nfs_proc_write
 	type writeargs_t: record {
 		fh: string;	##< File handle to write to.
 		offset: count;	##< Offset in file.
@ -1391,18 +1548,18 @@ export {
 	};
 	## NFS *wcc* attributes.
-	## 
+	##
 	## .. bro:see:: NFS3::write_reply_t
 	type wcc_attr_t: record {
-		size: count;	##< The dize. 
+		size: count;	##< The dize.
 		atime: time;	##< Access time.
 		mtime: time;	##< Modification time.
 	};
 	## NFS *write* reply. If the request fails, *pre|post* attr may be set. If the
-	## request succeeds, *pre|post* attr may be set and all other fields are set. 
+	## request succeeds, *pre|post* attr may be set and all other fields are set.
 	##
-	## .. bro:see:: nfs_proc_write 
+	## .. bro:see:: nfs_proc_write
 	type write_reply_t: record {
 		preattr: wcc_attr_t &optional;	##< Pre operation attributes.
 		postattr: fattr_t &optional;	##< Post operation attributes.
@ -1413,9 +1570,9 @@ export {
 	## NFS reply for *create*, *mkdir*, and *symlink*. If the proc
 	## failed, *dir_\*_attr* may be set. If the proc succeeded, *fh* and the *attr*'s
-	## may be set. Note: no guarantee that *fh* is set after success. 
+	## may be set. Note: no guarantee that *fh* is set after success.
 	##
-	## .. bro:see:: nfs_proc_create nfs_proc_mkdir 
+	## .. bro:see:: nfs_proc_create nfs_proc_mkdir
 	type newobj_reply_t: record {
 		fh: string &optional;	##< File handle of object created.
 		obj_attr: fattr_t &optional;	##< Optional attributes associated w/ new object.
@ -1423,17 +1580,17 @@ export {
 		dir_post_attr: fattr_t &optional;	##< Optional attributes associated w/ dir.
 	};
-	## NFS reply for *remove*, *rmdir*. Corresponds to *wcc_data* in the spec. 
+	## NFS reply for *remove*, *rmdir*. Corresponds to *wcc_data* in the spec.
 	##
-	## .. bro:see:: nfs_proc_remove nfs_proc_rmdir 
+	## .. bro:see:: nfs_proc_remove nfs_proc_rmdir
 	type delobj_reply_t: record {
 		dir_pre_attr: wcc_attr_t &optional;	##< Optional attributes associated w/ dir.
 		dir_post_attr: fattr_t &optional;	##< Optional attributes associated w/ dir.
 	};
 	## NFS *readdir* arguments. Used for both *readdir* and *readdirplus*.
-	## 
+	##
-	## .. bro:see:: nfs_proc_readdir 
+	## .. bro:see:: nfs_proc_readdir
 	type readdirargs_t: record {
 		isplus: bool;	##< Is this a readdirplus request?
 		dirfh: string;	##< The directory filehandle.
@ -1446,7 +1603,7 @@ export {
 	## NFS *direntry*.  *fh* and *attr* are used for *readdirplus*. However, even
 	## for *readdirplus* they may not be filled out.
 	##
-	## .. bro:see:: NFS3::direntry_vec_t NFS3::readdir_reply_t 
+	## .. bro:see:: NFS3::direntry_vec_t NFS3::readdir_reply_t
 	type direntry_t: record {
 		fileid: count;	##< E.g., inode number.
 		fname:  string;	##< Filename.
@ -1457,7 +1614,7 @@ export {
 	## Vector of NFS *direntry*.
 	##
-	## .. bro:see:: NFS3::readdir_reply_t 
+	## .. bro:see:: NFS3::readdir_reply_t
 	type direntry_vec_t: vector of direntry_t;
 	## NFS *readdir* reply. Used for *readdir* and *readdirplus*. If an is
@ -1496,7 +1653,7 @@ module GLOBAL;
 ## An NTP message.
 ##
-## .. bro:see:: ntp_message 
+## .. bro:see:: ntp_message
 type ntp_msg: record {
 	id: count;	##< Message ID.
 	code: count;	##< Message code.
@ -1518,7 +1675,7 @@ global samba_cmds: table[count] of string &redef
 				{ return fmt("samba-unknown-%d", c); };
 ## An SMB command header.
-## 
+##
 ## .. bro:see:: smb_com_close smb_com_generic_andx smb_com_logoff_andx
 ##    smb_com_negotiate smb_com_negotiate_response smb_com_nt_create_andx
 ##    smb_com_read_andx smb_com_setup_andx smb_com_trans_mailslot
@ -1537,9 +1694,9 @@ type smb_hdr : record {
 };
 ## An SMB transaction.
-## 
+##
 ## .. bro:see:: smb_com_trans_mailslot smb_com_trans_pipe smb_com_trans_rap
-##    smb_com_transaction smb_com_transaction2 
+##    smb_com_transaction smb_com_transaction2
 type smb_trans : record {
 	word_count: count;	##< TODO.
 	total_param_count: count;	##< TODO.
@ -1553,7 +1710,7 @@ type smb_trans : record {
 	param_offset: count;	##< TODO.
 	data_count: count;	##< TODO.
 	data_offset: count;	##< TODO.
-	setup_count: count;	##< TODO. 
+	setup_count: count;	##< TODO.
 	setup0: count;	##< TODO.
 	setup1: count;	##< TODO.
 	setup2: count;	##< TODO.
@ -1564,19 +1721,19 @@ type smb_trans : record {
 ## SMB transaction data.
-## 
+##
 ## .. bro:see:: smb_com_trans_mailslot smb_com_trans_pipe smb_com_trans_rap
-##    smb_com_transaction smb_com_transaction2 
+##    smb_com_transaction smb_com_transaction2
-##    
+##
 ## .. todo:: Should this really be a record type?
 type smb_trans_data : record {
 	data : string;	##< The transaction's data.
 };
-## Deprecated. 
+## Deprecated.
-## 
+##
 ## .. todo:: Remove. It's still declared internally but doesn't seem  used anywhere
-##    else.  
+##    else.
 type smb_tree_connect : record {
 	flags: count;
 	password: string;
@ -1584,21 +1741,21 @@ type smb_tree_connect : record {
 	service: string;
 };
-## Deprecated. 
+## Deprecated.
-## 
+##
 ## .. todo:: Remove. It's still declared internally but doesn't seem  used anywhere
-##    else.  
+##    else.
 type smb_negotiate : table[count] of string;
 ## A list of router addresses offered by a DHCP server.
 ##
-## .. bro:see:: dhcp_ack dhcp_offer 
+## .. bro:see:: dhcp_ack dhcp_offer
 type dhcp_router_list: table[count] of addr;
 ## A DHCP message.
 ##
 ## .. bro:see:: dhcp_ack dhcp_decline dhcp_discover dhcp_inform dhcp_nak
-##    dhcp_offer dhcp_release dhcp_request 
+##    dhcp_offer dhcp_release dhcp_request
 type dhcp_msg: record {
 	op: count;	##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY
 	m_type: count;	##< The type of DHCP message.
@ -1635,7 +1792,7 @@ type dns_msg: record {
 ## A DNS SOA record.
 ##
-## .. bro:see:: dns_SOA_reply 
+## .. bro:see:: dns_SOA_reply
 type dns_soa: record {
 	mname: string;	##< Primary source of data for zone.
 	rname: string;	##< Mailbox for responsible person.
@ -1648,7 +1805,7 @@ type dns_soa: record {
 ## An additional DNS EDNS record.
 ##
-## .. bro:see:: dns_EDNS_addl 
+## .. bro:see:: dns_EDNS_addl
 type dns_edns_additional: record {
 	query: string;	##< Query.
 	qtype: count;	##< Query type.
@ -1663,7 +1820,7 @@ type dns_edns_additional: record {
 ## An additional DNS TSIG record.
 ##
-## bro:see:: dns_TSIG_addl 
+## bro:see:: dns_TSIG_addl
 type dns_tsig_additional: record {
 	query: string;	##< Query.
 	qtype: count;	##< Query type.
@ -1677,9 +1834,9 @@ type dns_tsig_additional: record {
 };
 # DNS answer types.
-# 
+#
 # .. .. bro:see:: dns_answerr
-# 
+#
 # todo::use enum to make them autodoc'able
 const DNS_QUERY = 0;	##< A query. This shouldn't occur, just for completeness.
 const DNS_ANS = 1;	##< An answer record.
@ -1693,7 +1850,7 @@ const DNS_ADDL = 3;	##< An additional record.
 ##    dns_TXT_reply dns_WKS_reply
 type dns_answer: record {
 	## Answer type. One of :bro:see:`DNS_QUERY`, :bro:see:`DNS_ANS`,
-	## :bro:see:`DNS_AUTH` and :bro:see:`DNS_ADDL`. 
+	## :bro:see:`DNS_AUTH` and :bro:see:`DNS_ADDL`.
 	answer_type: count;
 	query: string;	##< Query.
 	qtype: count;	##< Query type.
@ -1713,27 +1870,27 @@ global dns_skip_auth: set[addr] &redef;
 ## .. bro:see:: dns_skip_all_addl dns_skip_auth
 global dns_skip_addl: set[addr] &redef;
-## If true, all DNS AUTH records are skipped.  
+## If true, all DNS AUTH records are skipped.
 ##
 ## .. bro:see:: dns_skip_all_addl dns_skip_auth
 global dns_skip_all_auth = T &redef;
-## If true, all DNS ADDL records are skipped. 
+## If true, all DNS ADDL records are skipped.
 ##
 ## .. bro:see:: dns_skip_all_auth dns_skip_addl
 global dns_skip_all_addl = T &redef;
 ## If a DNS request includes more than this many queries, assume it's non-DNS
-## traffic and do not process it.  Set to 0 to turn off this functionality. 
+## traffic and do not process it.  Set to 0 to turn off this functionality.
 global dns_max_queries = 5;
 ## An X509 certificate.
 ##
-## .. bro:see:: x509_certificate 
+## .. bro:see:: x509_certificate
 type X509: record {
 	version: count;	##< Version number.
 	serial: string;	##< Serial number.
-	subject: string;	##< Subject. 
+	subject: string;	##< Subject.
 	issuer: string;	##< Issuer.
 	not_valid_before: time;	##< Timestamp before when certificate is not valid.
 	not_valid_after: time;	##< Timestamp after when certificate is not valid.
@ -1741,7 +1898,7 @@ type X509: record {
 ## HTTP session statistics.
 ##
-## .. bro:see:: http_stats 
+## .. bro:see:: http_stats
 type http_stats_rec: record {
 	num_requests: count;	##< Number of requests.
 	num_replies: count;	##< Number of replies.
@ -1751,7 +1908,7 @@ type http_stats_rec: record {
 ## HTTP message statistics.
 ##
-## .. bro:see:: http_message_done 
+## .. bro:see:: http_message_done
 type http_message_stat: record {
 	## When the request/reply line was complete.
 	start: time;
@ -1768,26 +1925,26 @@ type http_message_stat: record {
 };
 ## Maximum number of HTTP entity data delivered to events. The amount of data
-## can be limited for better performance, zero disables truncation.  
+## can be limited for better performance, zero disables truncation.
-## 
+##
 ## .. bro:see:: http_entity_data skip_http_entity_data skip_http_data
 global http_entity_data_delivery_size = 1500 &redef;
 ## Skip HTTP data for performance considerations. The skipped
-## portion will not go through TCP reassembly. 
+## portion will not go through TCP reassembly.
-## 
+##
 ## .. bro:see:: http_entity_data skip_http_entity_data http_entity_data_delivery_size
 const skip_http_data = F &redef;
 ## Maximum length of HTTP URIs passed to events. Longer ones will be truncated
 ## to prevent over-long URIs (usually sent by worms) from slowing down event
 ## processing.  A value of -1 means "do not truncate".
-## 
+##
 ## .. bro:see:: http_request
 const truncate_http_URI = -1 &redef;
-## IRC join information. 
+## IRC join information.
-## 
+##
 ## .. bro:see:: irc_join_list
 type irc_join_info: record {
 	nick: string;
@ -1798,13 +1955,13 @@ type irc_join_info: record {
 ## Set of IRC join information.
 ##
-## .. bro:see:: irc_join_message 
+## .. bro:see:: irc_join_message
 type irc_join_list: set[irc_join_info];
-## Deprecated. 
+## Deprecated.
-## 
+##
 ## .. todo:: Remove. It's still declared internally but doesn't seem  used anywhere
-##    else.  
+##    else.
 global irc_servers : set[addr] &redef;
 ## Internal to the stepping stone detector.
@ -1868,7 +2025,7 @@ type backdoor_endp_stats: record {
 ## Description of a signature match.
 ##
-## .. bro:see:: signature_match 
+## .. bro:see:: signature_match
 type signature_state: record {
 	sig_id:       string;	##< ID of the matching signature.
 	conn:         connection;	##< Matching connection.
@ -1876,10 +2033,10 @@ type signature_state: record {
 	payload_size: count;	##< Payload size of the first matching packet of current endpoint.
 };
-# Deprecated. 
+# Deprecated.
-# 
+#
 # .. todo:: This type is no longer used. Remove any reference of this from the
-#    core. 
+#    core.
 type software_version: record {
 	major: int;
 	minor: int;
@ -1887,10 +2044,10 @@ type software_version: record {
 	addl: string;
 };
-# Deprecated. 
+# Deprecated.
-# 
+#
 # .. todo:: This type is no longer used. Remove any reference of this from the
-#    core. 
+#    core.
 type software: record {
 	name: string;
 	version: software_version;
@ -1907,7 +2064,7 @@ type OS_version_inference: enum {
 ## Passive fingerprinting match.
 ##
-## .. bro:see:: OS_version_found 
+## .. bro:see:: OS_version_found
 type OS_version: record {
 	genre: string;	##< Linux, Windows, AIX, ...
 	detail: string;	##< Lernel version or such.
@ -1917,20 +2074,20 @@ type OS_version: record {
 ## Defines for which subnets we should do passive fingerprinting.
 ##
-## .. bro:see:: OS_version_found 
+## .. bro:see:: OS_version_found
 global generate_OS_version_event: set[subnet] &redef;
 # Type used to report load samples via :bro:see:`load_sample`. For now, it's a
 # set of names (event names, source file names, and perhaps ``<source file, line
-# number>``, which were seen during the sample. 
+# number>``, which were seen during the sample.
 type load_sample_info: set[string];
 ## ID for NetFlow header. This is primarily a means to sort together NetFlow
-## headers and flow records at the script level.  
+## headers and flow records at the script level.
 type nfheader_id: record {
 	## Name of the NetFlow file (e.g., ``netflow.dat``) or the receiving socket address
 	## (e.g., ``127.0.0.1:5555``), or an explicit name if specified to
-	## ``-y`` or ``-Y``.  
+	## ``-y`` or ``-Y``.
 	rcvr_id: string;
 	## A serial number, ignoring any overflows.
 	pdu_id: count;
@ -1938,7 +2095,7 @@ type nfheader_id: record {
 ## A NetFlow v5 header.
 ##
-## .. bro:see:: netflow_v5_header 
+## .. bro:see:: netflow_v5_header
 type nf_v5_header: record {
 	h_id: nfheader_id;	##< ID for sorting.
 	cnt: count;	##< TODO.
@ -1954,7 +2111,7 @@ type nf_v5_header: record {
 ## A NetFlow v5 record.
 ##
 ## .. bro:see:: netflow_v5_record
-type nf_v5_record: record {     
+type nf_v5_record: record {
 	h_id: nfheader_id;	##< ID for sorting.
 	id: conn_id;	##< Connection ID.
 	nexthop: addr;	##< Address of next hop.
@ -1988,7 +2145,7 @@ type bittorrent_peer: record {
 };
 ## A set of BitTorrent peers.
-##    
+##
 ## .. bro:see:: bt_tracker_response
 type bittorrent_peer_set: set[bittorrent_peer];
@ -2011,12 +2168,12 @@ type bittorrent_benc_dir: table[string] of bittorrent_benc_value;
 ## Header table type used by BitTorrent analyzer.
 ##
 ## .. bro:see:: bt_tracker_request bt_tracker_response
-##    bt_tracker_response_not_ok 
+##    bt_tracker_response_not_ok
 type bt_tracker_headers: table[string] of string;
@load base/event.bif
-## BPF filter the user has set via the -f command line options. Empty if none.   
+## BPF filter the user has set via the -f command line options. Empty if none.
 const cmd_line_bpf_filter = "" &redef;
 ## Deprecated.
@ -2034,24 +2191,24 @@ const log_encryption_key = "<undefined>" &redef;
 ## Write profiling info into this file in regular intervals. The easiest way to
 ## activate profiling is loading  :doc:`/scripts/policy/misc/profiling`.
 ##
-## .. bro:see:: profiling_interval expensive_profiling_multiple segment_profiling 
+## .. bro:see:: profiling_interval expensive_profiling_multiple segment_profiling
 global profiling_file: file &redef;
 ## Update interval for profiling (0 disables).  The easiest way to activate
 ## profiling is loading  :doc:`/scripts/policy/misc/profiling`.
 ##
-## .. bro:see:: profiling_file expensive_profiling_multiple segment_profiling  
+## .. bro:see:: profiling_file expensive_profiling_multiple segment_profiling
 const profiling_interval = 0 secs &redef;
 ## Multiples of profiling_interval at which (more expensive) memory profiling is
 ## done (0 disables).
 ##
-## .. bro:see:: profiling_interval profiling_file segment_profiling 
+## .. bro:see:: profiling_interval profiling_file segment_profiling
 const expensive_profiling_multiple = 0 &redef;
 ## If true, then write segment profiling information (very high volume!)
 ## in addition to profiling statistics.
-## 
+##
 ## .. bro:see:: profiling_interval expensive_profiling_multiple profiling_file
 const segment_profiling = F &redef;
@ -2090,42 +2247,42 @@ global load_sample_freq = 20 &redef;
 ## Rate at which to generate :bro:see:`gap_report`  events assessing to what degree
 ## the measurement process appears to exhibit loss.
-## 
+##
 ## .. bro:see:: gap_report
 const gap_report_freq = 1.0 sec &redef;
 ## Whether we want :bro:see:`content_gap`  and :bro:see:`gap_report`  for partial
 ## connections. A connection is partial if it is missing a full handshake. Note
 ## that gap reports for partial connections might not be reliable.
-## 
+##
 ## .. bro:see:: content_gap gap_report partial_connection
 const report_gaps_for_partial = F &redef;
 ## The CA certificate file to authorize remote Bros/Broccolis.
-## 
+##
 ## .. bro:see:: ssl_private_key ssl_passphrase
 const ssl_ca_certificate = "<undefined>" &redef;
 ## File containing our private key and our certificate.
-## 
+##
 ## .. bro:see:: ssl_ca_certificate ssl_passphrase
 const ssl_private_key = "<undefined>" &redef;
 ## The passphrase for our private key. Keeping this undefined
 ## causes Bro to prompt for the passphrase.
-## 
+##
 ## .. bro:see:: ssl_private_key ssl_ca_certificate
 const ssl_passphrase = "<undefined>" &redef;
 ## Default mode for Bro's user-space dynamic packet filter. If true, packets that
-## aren't explicitly allowed through, are dropped from any further processing. 
+## aren't explicitly allowed through, are dropped from any further processing.
-## 
+##
 ## .. note:: This is not the BPF packet filter but an additional dynamic filter
-##    that Bro optionally applies just before normal processing starts. 
+##    that Bro optionally applies just before normal processing starts.
-##    
+##
-## .. bro:see:: install_dst_addr_filter install_dst_net_filter 
+## .. bro:see:: install_dst_addr_filter install_dst_net_filter
 ##    install_src_addr_filter install_src_net_filter  uninstall_dst_addr_filter
-##    uninstall_dst_net_filter uninstall_src_addr_filter uninstall_src_net_filter 
+##    uninstall_dst_net_filter uninstall_src_addr_filter uninstall_src_net_filter
 const packet_filter_default = F &redef;
 ## Maximum size of regular expression groups for signature matching.
@ -2137,17 +2294,17 @@ const enable_syslog = F &redef;
 ## Description transmitted to remote communication peers for identification.
 const peer_description = "bro" &redef;
-## If true, broadcast events received from one peer to all other peers.  
+## If true, broadcast events received from one peer to all other peers.
-## 
+##
 ## .. bro:see:: forward_remote_state_changes
 ##
 ## .. note:: This option is only temporary and  will disappear once we get a more
 ##    sophisticated script-level communication framework.
 const forward_remote_events = F &redef;
-## If true, broadcast state updates received from one peer to all other peers.  
+## If true, broadcast state updates received from one peer to all other peers.
-## 
+##
-## .. bro:see:: forward_remote_events 
+## .. bro:see:: forward_remote_events
 ##
 ## .. note:: This option is only temporary and  will disappear once we get a more
 ##    sophisticated script-level communication framework.
@ -2176,23 +2333,23 @@ const REMOTE_SRC_PARENT = 2;	##< Message from the parent process.
 const REMOTE_SRC_SCRIPT = 3;	##< Message from a policy script.
 ## Synchronize trace processing at a regular basis in pseudo-realtime mode.
-## 
+##
 ## .. bro:see:: remote_trace_sync_peers
 const remote_trace_sync_interval = 0 secs &redef;
 ## Number of peers across which to synchronize trace processing in
-## pseudo-realtime mode. 
+## pseudo-realtime mode.
-## 
+##
 ## .. bro:see:: remote_trace_sync_interval
 const remote_trace_sync_peers = 0 &redef;
 ## Whether for :bro:attr:`&synchronized` state to send the old value as a
-## consistency check. 
+## consistency check.
 const remote_check_sync_consistency = F &redef;
 ## Analyzer tags. The core automatically defines constants
 ## ``ANALYZER_<analyzer-name>*``, e.g., ``ANALYZER_HTTP``.
-## 
+##
 ## .. bro:see:: dpd_config
 ##
 ## .. todo::We should autodoc these automaticallty generated constants.
@ -2210,7 +2367,7 @@ type dpd_protocol_config: record {
 ## This table defines the ports.
 ##
 ## .. bro:see:: dpd_reassemble_first_packets dpd_buffer_size
-##    dpd_match_only_beginning dpd_ignore_ports 
+##    dpd_match_only_beginning dpd_ignore_ports
 const dpd_config: table[AnalyzerTag] of dpd_protocol_config = {} &redef;
 ## Reassemble the beginning of all TCP connections before doing
@ -2218,10 +2375,10 @@ const dpd_config: table[AnalyzerTag] of dpd_protocol_config = {} &redef;
 ## expensive of CPU cycles.
 ##
 ## .. bro:see:: dpd_config dpd_buffer_size
-##    dpd_match_only_beginning dpd_ignore_ports 
+##    dpd_match_only_beginning dpd_ignore_ports
-## 
+##
 ## .. note:: Despite the name, this option affects *all* signature matching, not
-##    only signatures used for dynamic protocol detection. 
+##    only signatures used for dynamic protocol detection.
 const dpd_reassemble_first_packets = T &redef;
 ## Size of per-connection buffer used for dynamic protocol detection. For each
@ -2230,23 +2387,23 @@ const dpd_reassemble_first_packets = T &redef;
 ## already passed through (i.e., when a DPD signature matches only later).
 ## However, once the buffer is full, data is deleted and lost to analyzers that are
 ## activated afterwards. Then only analyzers that can deal with partial
-## connections will be able to analyze the session. 
+## connections will be able to analyze the session.
 ##
 ## .. bro:see:: dpd_reassemble_first_packets dpd_config dpd_match_only_beginning
-##    dpd_ignore_ports 
+##    dpd_ignore_ports
 const dpd_buffer_size = 1024 &redef;
 ## If true, stops signature matching if dpd_buffer_size has been reached.
 ##
 ## .. bro:see:: dpd_reassemble_first_packets dpd_buffer_size
-##    dpd_config dpd_ignore_ports 
+##    dpd_config dpd_ignore_ports
-## 
+##
 ## .. note:: Despite the name, this option affects *all* signature matching, not
-##    only signatures used for dynamic protocol detection. 
+##    only signatures used for dynamic protocol detection.
 const dpd_match_only_beginning = T &redef;
 ## If true, don't consider any ports for deciding which protocol analyzer to
-## use. If so, the value of :bro:see:`dpd_config` is ignored. 
+## use. If so, the value of :bro:see:`dpd_config` is ignored.
 ##
 ## .. bro:see:: dpd_reassemble_first_packets dpd_buffer_size
 ##    dpd_match_only_beginning dpd_config
@ -2254,14 +2411,14 @@ const dpd_ignore_ports = F &redef;
 ## Ports which the core considers being likely used by servers. For ports in
 ## this set, is may heuristically decide to flip the direction of the
-## connection if it misses the initial handshake. 
+## connection if it misses the initial handshake.
 const likely_server_ports: set[port] &redef;
 ## Deprated. Set of all ports for which we know an analyzer, built by
-## :doc:`/scripts/base/frameworks/dpd/main`. 
+## :doc:`/scripts/base/frameworks/dpd/main`.
 ##
 ## .. todo::This should be defined by :doc:`/scripts/base/frameworks/dpd/main`
-##    itself we still need it. 
+##    itself we still need it.
 global dpd_analyzer_ports: table[port] of set[AnalyzerTag];
 ## Per-incident timer managers are drained after this amount of inactivity.
@ -2274,7 +2431,7 @@ const time_machine_profiling = F &redef;
 const check_for_unused_event_handlers = F &redef;
 # If true, dumps all invoked event handlers at startup.
-# todo::Still used? 
+# todo::Still used?
 # const dump_used_event_handlers = F &redef;
 ## Deprecated.
@ -2290,7 +2447,7 @@ const trace_output_file = "";
 ## of setting this to true is that we can write the packets out before we actually
 ## process them, which can be helpful for debugging in case the analysis triggers a
 ## crash.
-## 
+##
 ## .. bro:see:: trace_output_file
 const record_all_packets = F &redef;
@ -2303,7 +2460,7 @@ const record_all_packets = F &redef;
 const ignore_keep_alive_rexmit = F &redef;
 ## Whether the analysis engine parses IP packets encapsulated in
-## UDP tunnels. 
+## UDP tunnels.
 ##
 ## .. bro:see:: tunnel_port
 const parse_udp_tunnels = F &redef;
@ -2311,7 +2468,7 @@ const parse_udp_tunnels = F &redef;
 ## Number of bytes per packet to capture from live interfaces.
 const snaplen = 8192 &redef;
-# Load the logging framework here because it uses fairly deep integration with 
+# Load the logging framework here because it uses fairly deep integration with
 # BiFs and script-land defined types.
@load base/frameworks/logging
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -333,6 +333,7 @@ set(bro_SRCS
    IntSet.cc
    InterConn.cc
    IOSource.cc
    IP.cc
    IPAddr.cc
    IRC.cc
    List.cc
@ -401,6 +402,7 @@ set(bro_SRCS
    XDR.cc
    ZIP.cc
    bsd-getopt-long.c
    bro_inet_ntop.c
    cq.c
    md5.c
    patricia.c
--- a/src/DPM.cc
+++ b/src/DPM.cc
@ -74,7 +74,7 @@ void DPM::PostScriptInit()
 void DPM::AddConfig(const Analyzer::Config& cfg)
 	{
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	HeapLeakChecker::Disabler disabler;
 #endif
--- a/src/Discard.cc
+++ b/src/Discard.cc
@ -10,11 +10,6 @@
 Discarder::Discarder()
 	{
 	ip_hdr = internal_type("ip_hdr")->AsRecordType();
 	tcp_hdr = internal_type("tcp_hdr")->AsRecordType();
 	udp_hdr = internal_type("udp_hdr")->AsRecordType();
 	icmp_hdr = internal_type("icmp_hdr")->AsRecordType();
 	check_ip = internal_func("discarder_check_ip");
 	check_tcp = internal_func("discarder_check_tcp");
 	check_udp = internal_func("discarder_check_udp");
@ -36,12 +31,10 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 	{
 	int discard_packet = 0;
 	const struct ip* ip4 = ip->IP4_Hdr();
 	if ( check_ip )
 		{
 		val_list* args = new val_list;
-		args->append(BuildHeader(ip4));
+		args->append(ip->BuildPktHdrVal());
 		try
 			{
@ -59,19 +52,18 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 			return discard_packet;
 		}
-	int proto = ip4->ip_p;
+	int proto = ip->NextProto();
 	if ( proto != IPPROTO_TCP && proto != IPPROTO_UDP &&
 	     proto != IPPROTO_ICMP )
 		// This is not a protocol we understand.
 		return 0;
 	// XXX shall we only check the first packet???
-	uint32 frag_field = ntohs(ip4->ip_off);
+	if ( ip->IsFragment() )
 	if ( (frag_field & 0x3fff) != 0 )
 		// Never check any fragment.
 		return 0;
-	int ip_hdr_len = ip4->ip_hl * 4;
+	int ip_hdr_len = ip->HdrLen();
 	len -= ip_hdr_len;	// remove IP header
 	caplen -= ip_hdr_len;
@ -87,7 +79,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 	// Where the data starts - if this is a protocol we know about,
 	// this gets advanced past the transport header.
-	const u_char* data = ((u_char*) ip4 + ip_hdr_len);
+	const u_char* data = ip->Payload();
 	if ( is_tcp )
 		{
@ -97,8 +89,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 			int th_len = tp->th_off * 4;
 			val_list* args = new val_list;
-			args->append(BuildHeader(ip4));
+			args->append(ip->BuildPktHdrVal());
 			args->append(BuildHeader(tp, len));
 			args->append(BuildData(data, th_len, len, caplen));
 			try
@ -123,8 +114,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 			int uh_len = sizeof (struct udphdr);
 			val_list* args = new val_list;
-			args->append(BuildHeader(ip4));
+			args->append(ip->BuildPktHdrVal());
 			args->append(BuildHeader(up));
 			args->append(BuildData(data, uh_len, len, caplen));
 			try
@ -148,8 +138,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 			const struct icmp* ih = (const struct icmp*) data;
 			val_list* args = new val_list;
-			args->append(BuildHeader(ip4));
+			args->append(ip->BuildPktHdrVal());
 			args->append(BuildHeader(ih));
 			try
 				{
@ -168,62 +157,6 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 	return discard_packet;
 	}
 Val* Discarder::BuildHeader(const struct ip* ip)
 	{
 	RecordVal* hdr = new RecordVal(ip_hdr);
 	hdr->Assign(0, new Val(ip->ip_hl * 4, TYPE_COUNT));
 	hdr->Assign(1, new Val(ip->ip_tos, TYPE_COUNT));
 	hdr->Assign(2, new Val(ntohs(ip->ip_len), TYPE_COUNT));
 	hdr->Assign(3, new Val(ntohs(ip->ip_id), TYPE_COUNT));
 	hdr->Assign(4, new Val(ip->ip_ttl, TYPE_COUNT));
 	hdr->Assign(5, new Val(ip->ip_p, TYPE_COUNT));
 	hdr->Assign(6, new AddrVal(ip->ip_src.s_addr));
 	hdr->Assign(7, new AddrVal(ip->ip_dst.s_addr));
 	return hdr;
 	}
 Val* Discarder::BuildHeader(const struct tcphdr* tp, int tcp_len)
 	{
 	RecordVal* hdr = new RecordVal(tcp_hdr);
 	hdr->Assign(0, new PortVal(ntohs(tp->th_sport), TRANSPORT_TCP));
 	hdr->Assign(1, new PortVal(ntohs(tp->th_dport), TRANSPORT_TCP));
 	hdr->Assign(2, new Val(uint32(ntohl(tp->th_seq)), TYPE_COUNT));
 	hdr->Assign(3, new Val(uint32(ntohl(tp->th_ack)), TYPE_COUNT));
 	int tcp_hdr_len = tp->th_off * 4;
 	hdr->Assign(4, new Val(tcp_hdr_len, TYPE_COUNT));
 	hdr->Assign(5, new Val(tcp_len - tcp_hdr_len, TYPE_COUNT));
 	hdr->Assign(6, new Val(tp->th_flags, TYPE_COUNT));
 	hdr->Assign(7, new Val(ntohs(tp->th_win), TYPE_COUNT));
 	return hdr;
 	}
 Val* Discarder::BuildHeader(const struct udphdr* up)
 	{
 	RecordVal* hdr = new RecordVal(udp_hdr);
 	hdr->Assign(0, new PortVal(ntohs(up->uh_sport), TRANSPORT_UDP));
 	hdr->Assign(1, new PortVal(ntohs(up->uh_dport), TRANSPORT_UDP));
 	hdr->Assign(2, new Val(ntohs(up->uh_ulen), TYPE_COUNT));
 	return hdr;
 	}
 Val* Discarder::BuildHeader(const struct icmp* icmp)
 	{
 	RecordVal* hdr = new RecordVal(icmp_hdr);
 	hdr->Assign(0, new Val(icmp->icmp_type, TYPE_COUNT));
 	return hdr;
 	}
 Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen)
 	{
 	len -= hdrlen;
--- a/src/Discard.h
+++ b/src/Discard.h
@ -25,17 +25,8 @@ public:
 	int NextPacket(const IP_Hdr* ip, int len, int caplen);
 protected:
 	Val* BuildHeader(const struct ip* ip);
 	Val* BuildHeader(const struct tcphdr* tp, int tcp_len);
 	Val* BuildHeader(const struct udphdr* up);
 	Val* BuildHeader(const struct icmp* icmp);
 	Val* BuildData(const u_char* data, int hdrlen, int len, int caplen);
 	RecordType* ip_hdr;
 	RecordType* tcp_hdr;
 	RecordType* udp_hdr;
 	RecordType* icmp_hdr;
 	Func* check_ip;
 	Func* check_tcp;
 	Func* check_udp;
--- a/src/File.cc
+++ b/src/File.cc
@ -232,7 +232,7 @@ BroFile::~BroFile()
 	delete [] access;
 	delete [] cipher_buffer;
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	heap_checker->UnIgnoreObject(this);
 #endif
 	}
@ -255,7 +255,7 @@ void BroFile::Init()
 	cipher_ctx = 0;
 	cipher_buffer = 0;
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	heap_checker->IgnoreObject(this);
 #endif
 	}
--- a/src/Frag.cc
+++ b/src/Frag.cc
@ -27,21 +27,32 @@ void FragTimer::Dispatch(double t, int /* is_expire */)
 FragReassembler::FragReassembler(NetSessions* arg_s,
 			const IP_Hdr* ip, const u_char* pkt,
-			uint32 frag_field, HashKey* k, double t)
+			HashKey* k, double t)
 : Reassembler(0, ip->DstAddr(), REASSEM_IP)
 	{
 	s = arg_s;
 	key = k;
 	const struct ip* ip4 = ip->IP4_Hdr();
-	proto_hdr_len = ip4->ip_hl * 4;
+	if ( ip4 )
-	proto_hdr = (struct ip*) new u_char[64];	// max IP header + slop
+		{
-	// Don't do a structure copy - need to pick up options, too.
+		proto_hdr_len = ip->HdrLen();
-	memcpy((void*) proto_hdr, (const void*) ip4, proto_hdr_len);
+		proto_hdr = new u_char[64];	// max IP header + slop
 		// Don't do a structure copy - need to pick up options, too.
 		memcpy((void*) proto_hdr, (const void*) ip4, proto_hdr_len);
 		}
 	else
 		{
 		proto_hdr_len = ip->HdrLen() - 8; // minus length of fragment header
 		proto_hdr = new u_char[proto_hdr_len];
 		memcpy(proto_hdr, ip->IP6_Hdr(), proto_hdr_len);
 		}
 	reassembled_pkt = 0;
 	frag_size = 0;	// flag meaning "not known"
 	next_proto = ip->NextProto();
-	AddFragment(t, ip, pkt, frag_field);
+	AddFragment(t, ip, pkt);
 	if ( frag_timeout != 0.0 )
 		{
@ -60,28 +71,42 @@ FragReassembler::~FragReassembler()
 	delete key;
 	}
-void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt,
+void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt)
 				uint32 frag_field)
 	{
 	const struct ip* ip4 = ip->IP4_Hdr();
-	if ( ip4->ip_p != proto_hdr->ip_p || ip4->ip_hl != proto_hdr->ip_hl )
+	if ( ip4 )
 		{
 		if ( ip4->ip_p != ((const struct ip*)proto_hdr)->ip_p ||
 		     ip4->ip_hl != ((const struct ip*)proto_hdr)->ip_hl )
 		// || ip4->ip_tos != proto_hdr->ip_tos
 		// don't check TOS, there's at least one stack that actually
 		// uses different values, and it's hard to see an associated
 		// attack.
 		s->Weird("fragment_protocol_inconsistency", ip);
 		}
 	else
 		{
 		if ( ip->NextProto() != next_proto ||
 		     ip->HdrLen() - 8 != proto_hdr_len )
 			s->Weird("fragment_protocol_inconsistency", ip);
 		// TODO: more detailed unfrag header consistency checks?
 		}
-	if ( frag_field & 0x4000 )
+	if ( ip->DF() )
 		// Linux MTU discovery for UDP can do this, for example.
 		s->Weird("fragment_with_DF", ip);
-	int offset = (ntohs(ip4->ip_off) & 0x1fff) * 8;
+	int offset = ip->FragOffset();
-	int len = ntohs(ip4->ip_len);
+	int len = ip->TotalLen();
-	int hdr_len = proto_hdr->ip_hl * 4;
+	int hdr_len = ip->HdrLen();
 	int upper_seq = offset + len - hdr_len;
-	if ( (frag_field & 0x2000) == 0 )
+	if ( ! offset )
 		// Make sure to use the first fragment header's next field.
 		next_proto = ip->NextProto();
 	if ( ! ip->MF() )
 		{
 		// Last fragment.
 		if ( frag_size == 0 )
@ -193,8 +218,7 @@ void FragReassembler::BlockInserted(DataBlock* /* start_block */)
 	u_char* pkt = new u_char[n];
 	memcpy((void*) pkt, (const void*) proto_hdr, proto_hdr_len);
-	struct ip* reassem4 = (struct ip*) pkt;
+	u_char* pkt_start = pkt;
 	reassem4->ip_len = htons(frag_size + proto_hdr_len);
 	pkt += proto_hdr_len;
@ -214,7 +238,27 @@ void FragReassembler::BlockInserted(DataBlock* /* start_block */)
 		}
 	delete reassembled_pkt;
-	reassembled_pkt = new IP_Hdr(reassem4, true);
+
 	if ( ((const struct ip*)pkt_start)->ip_v == 4 )
 		{
 		struct ip* reassem4 = (struct ip*) pkt_start;
 		reassem4->ip_len = htons(frag_size + proto_hdr_len);
 		reassembled_pkt = new IP_Hdr(reassem4, true);
 		}
 	else if ( ((const struct ip*)pkt_start)->ip_v == 6 )
 		{
 		struct ip6_hdr* reassem6 = (struct ip6_hdr*) pkt_start;
 		reassem6->ip6_plen = htons(frag_size + proto_hdr_len - 40);
 		const IPv6_Hdr_Chain* chain = new IPv6_Hdr_Chain(reassem6, next_proto);
 		reassembled_pkt = new IP_Hdr(reassem6, true, chain);
 		}
 	else
 		{
 		reporter->InternalError("bad IP version in fragment reassembly");
 		}
 	DeleteTimer();
 	}
--- a/src/Frag.h
+++ b/src/Frag.h
@ -20,11 +20,10 @@ typedef void (FragReassembler::*frag_timer_func)(double t);
 class FragReassembler : public Reassembler {
 public:
 	FragReassembler(NetSessions* s, const IP_Hdr* ip, const u_char* pkt,
-			uint32 frag_field, HashKey* k, double t);
+			HashKey* k, double t);
 	~FragReassembler();
-	void AddFragment(double t, const IP_Hdr* ip, const u_char* pkt,
+	void AddFragment(double t, const IP_Hdr* ip, const u_char* pkt);
 				uint32 frag_field);
 	void Expire(double t);
 	void DeleteTimer();
@ -37,11 +36,12 @@ protected:
 	void BlockInserted(DataBlock* start_block);
 	void Overlap(const u_char* b1, const u_char* b2, int n);
-	struct ip* proto_hdr;
+	u_char* proto_hdr;
 	IP_Hdr* reassembled_pkt;
 	int proto_hdr_len;
 	NetSessions* s;
 	int frag_size;	// size of fully reassembled fragment
 	uint16 next_proto; // first IPv6 fragment header's next proto field
 	HashKey* key;
 	FragTimer* expire_timer;
--- a/src/ID.cc
+++ b/src/ID.cc
@ -372,7 +372,7 @@ ID* ID::Unserialize(UnserialInfo* info)
 		Ref(id);
 		global_scope()->Insert(id->Name(), id);
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 		heap_checker->IgnoreObject(id);
 #endif
 		}
--- a/src/IP.cc
+++ b/src/IP.cc
@ -0,0 +1,382 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 #include "IP.h"
 #include "Type.h"
 #include "Val.h"
 #include "Var.h"
 static RecordType* ip4_hdr_type = 0;
 static RecordType* ip6_hdr_type = 0;
 static RecordType* ip6_ext_hdr_type = 0;
 static RecordType* ip6_option_type = 0;
 static RecordType* ip6_hopopts_type = 0;
 static RecordType* ip6_dstopts_type = 0;
 static RecordType* ip6_routing_type = 0;
 static RecordType* ip6_fragment_type = 0;
 static RecordType* ip6_ah_type = 0;
 static RecordType* ip6_esp_type = 0;
 static inline RecordType* hdrType(RecordType*& type, const char* name)
 	{
 	if ( ! type )
 		type = internal_type(name)->AsRecordType();
 	return type;
 	}
 static VectorVal* BuildOptionsVal(const u_char* data, uint16 len)
 	{
 	VectorVal* vv = new VectorVal(new VectorType(
 	        hdrType(ip6_option_type, "ip6_option")->Ref()));
 	while ( len > 0 )
 		{
 		const struct ip6_opt* opt = (const struct ip6_opt*) data;
 		RecordVal* rv = new RecordVal(ip6_option_type);
 		rv->Assign(0, new Val(opt->ip6o_type, TYPE_COUNT));
 		if ( opt->ip6o_type == 0 )
 			{
 			// Pad1 option
 			rv->Assign(1, new Val(0, TYPE_COUNT));
 			rv->Assign(2, new StringVal(""));
 			data += sizeof(uint8);
 			len -= sizeof(uint8);
 			}
 		else
 			{
 			// PadN or other option
 			uint16 off = 2 * sizeof(uint8);
 			rv->Assign(1, new Val(opt->ip6o_len, TYPE_COUNT));
 			rv->Assign(2, new StringVal(
 			        new BroString(data + off, opt->ip6o_len, 1)));
 			data += opt->ip6o_len + off;
 			len -= opt->ip6o_len + off;
 			}
 		vv->Assign(vv->Size(), rv, 0);
 		}
 	return vv;
 	}
 RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
 	{
 	RecordVal* rv = 0;
 	switch ( type ) {
 	case IPPROTO_IPV6:
 		{
 		rv = new RecordVal(hdrType(ip6_hdr_type, "ip6_hdr"));
 		const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
 		rv->Assign(0, new Val((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20, TYPE_COUNT));
 		rv->Assign(1, new Val(ntohl(ip6->ip6_flow) & 0x000fffff, TYPE_COUNT));
 		rv->Assign(2, new Val(ntohs(ip6->ip6_plen), TYPE_COUNT));
 		rv->Assign(3, new Val(ip6->ip6_nxt, TYPE_COUNT));
 		rv->Assign(4, new Val(ip6->ip6_hlim, TYPE_COUNT));
 		rv->Assign(5, new AddrVal(IPAddr(ip6->ip6_src)));
 		rv->Assign(6, new AddrVal(IPAddr(ip6->ip6_dst)));
 		if ( ! chain )
 			chain = new VectorVal(new VectorType(
 			        hdrType(ip6_ext_hdr_type, "ip6_ext_hdr")->Ref()));
 		rv->Assign(7, chain);
 		}
 		break;
 	case IPPROTO_HOPOPTS:
 		{
 		rv = new RecordVal(hdrType(ip6_hopopts_type, "ip6_hopopts"));
 		const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
 		rv->Assign(0, new Val(hbh->ip6h_nxt, TYPE_COUNT));
 		rv->Assign(1, new Val(hbh->ip6h_len, TYPE_COUNT));
 		uint16 off = 2 * sizeof(uint8);
 		rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
 		}
 		break;
 	case IPPROTO_DSTOPTS:
 		{
 		rv = new RecordVal(hdrType(ip6_dstopts_type, "ip6_dstopts"));
 		const struct ip6_dest* dst = (const struct ip6_dest*)data;
 		rv->Assign(0, new Val(dst->ip6d_nxt, TYPE_COUNT));
 		rv->Assign(1, new Val(dst->ip6d_len, TYPE_COUNT));
 		uint16 off = 2 * sizeof(uint8);
 		rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
 		}
 		break;
 	case IPPROTO_ROUTING:
 		{
 		rv = new RecordVal(hdrType(ip6_routing_type, "ip6_routing"));
 		const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
 		rv->Assign(0, new Val(rt->ip6r_nxt, TYPE_COUNT));
 		rv->Assign(1, new Val(rt->ip6r_len, TYPE_COUNT));
 		rv->Assign(2, new Val(rt->ip6r_type, TYPE_COUNT));
 		rv->Assign(3, new Val(rt->ip6r_segleft, TYPE_COUNT));
 		uint16 off = 4 * sizeof(uint8);
 		rv->Assign(4, new StringVal(new BroString(data + off, Length() - off, 1)));
 		}
 		break;
 	case IPPROTO_FRAGMENT:
 		{
 		rv = new RecordVal(hdrType(ip6_fragment_type, "ip6_fragment"));
 		const struct ip6_frag* frag = (const struct ip6_frag*)data;
 		rv->Assign(0, new Val(frag->ip6f_nxt, TYPE_COUNT));
 		rv->Assign(1, new Val(frag->ip6f_reserved, TYPE_COUNT));
 		rv->Assign(2, new Val((ntohs(frag->ip6f_offlg) & 0xfff8)>>3, TYPE_COUNT));
 		rv->Assign(3, new Val((ntohs(frag->ip6f_offlg) & 0x0006)>>1, TYPE_COUNT));
 		rv->Assign(4, new Val(ntohs(frag->ip6f_offlg) & 0x0001, TYPE_BOOL));
 		rv->Assign(5, new Val(ntohl(frag->ip6f_ident), TYPE_COUNT));
 		}
 		break;
 	case IPPROTO_AH:
 		{
 		rv = new RecordVal(hdrType(ip6_ah_type, "ip6_ah"));
 		rv->Assign(0, new Val(((ip6_ext*)data)->ip6e_nxt, TYPE_COUNT));
 		rv->Assign(1, new Val(((ip6_ext*)data)->ip6e_len, TYPE_COUNT));
 		rv->Assign(2, new Val(ntohs(((uint16*)data)[1]), TYPE_COUNT));
 		rv->Assign(3, new Val(ntohl(((uint32*)data)[1]), TYPE_COUNT));
 		rv->Assign(4, new Val(ntohl(((uint32*)data)[2]), TYPE_COUNT));
 		uint16 off = 3 * sizeof(uint32);
 		rv->Assign(5, new StringVal(new BroString(data + off, Length() - off, 1)));
 		}
 		break;
 	case IPPROTO_ESP:
 		{
 		rv = new RecordVal(hdrType(ip6_esp_type, "ip6_esp"));
 		const uint32* esp = (const uint32*)data;
 		rv->Assign(0, new Val(ntohl(esp[0]), TYPE_COUNT));
 		rv->Assign(1, new Val(ntohl(esp[1]), TYPE_COUNT));
 		}
 		break;
 	default:
 		break;
 	}
 	return rv;
 	}
 RecordVal* IP_Hdr::BuildIPHdrVal() const
 	{
 	RecordVal* rval = 0;
 	if ( ip4 )
 		{
 		rval = new RecordVal(hdrType(ip4_hdr_type, "ip4_hdr"));
 		rval->Assign(0, new Val(ip4->ip_hl * 4, TYPE_COUNT));
 		rval->Assign(1, new Val(ip4->ip_tos, TYPE_COUNT));
 		rval->Assign(2, new Val(ntohs(ip4->ip_len), TYPE_COUNT));
 		rval->Assign(3, new Val(ntohs(ip4->ip_id), TYPE_COUNT));
 		rval->Assign(4, new Val(ip4->ip_ttl, TYPE_COUNT));
 		rval->Assign(5, new Val(ip4->ip_p, TYPE_COUNT));
 		rval->Assign(6, new AddrVal(ip4->ip_src.s_addr));
 		rval->Assign(7, new AddrVal(ip4->ip_dst.s_addr));
 		}
 	else
 		{
 		rval = ((*ip6_hdrs)[0])->BuildRecordVal(ip6_hdrs->BuildVal());
 		}
 	return rval;
 	}
 RecordVal* IP_Hdr::BuildPktHdrVal() const
 	{
 	static RecordType* pkt_hdr_type = 0;
 	static RecordType* tcp_hdr_type = 0;
 	static RecordType* udp_hdr_type = 0;
 	static RecordType* icmp_hdr_type = 0;
 	if ( ! pkt_hdr_type )
 		{
 		pkt_hdr_type = internal_type("pkt_hdr")->AsRecordType();
 		tcp_hdr_type = internal_type("tcp_hdr")->AsRecordType();
 		udp_hdr_type = internal_type("udp_hdr")->AsRecordType();
 		icmp_hdr_type = internal_type("icmp_hdr")->AsRecordType();
 		}
 	RecordVal* pkt_hdr = new RecordVal(pkt_hdr_type);
 	if ( ip4 )
 		pkt_hdr->Assign(0, BuildIPHdrVal());
 	else
 		pkt_hdr->Assign(1, BuildIPHdrVal());
 	// L4 header.
 	const u_char* data = Payload();
 	int proto = NextProto();
 	switch ( proto ) {
 	case IPPROTO_TCP:
 		{
 		const struct tcphdr* tp = (const struct tcphdr*) data;
 		RecordVal* tcp_hdr = new RecordVal(tcp_hdr_type);
 		int tcp_hdr_len = tp->th_off * 4;
 		int data_len = PayloadLen() - tcp_hdr_len;
 		tcp_hdr->Assign(0, new PortVal(ntohs(tp->th_sport), TRANSPORT_TCP));
 		tcp_hdr->Assign(1, new PortVal(ntohs(tp->th_dport), TRANSPORT_TCP));
 		tcp_hdr->Assign(2, new Val(uint32(ntohl(tp->th_seq)), TYPE_COUNT));
 		tcp_hdr->Assign(3, new Val(uint32(ntohl(tp->th_ack)), TYPE_COUNT));
 		tcp_hdr->Assign(4, new Val(tcp_hdr_len, TYPE_COUNT));
 		tcp_hdr->Assign(5, new Val(data_len, TYPE_COUNT));
 		tcp_hdr->Assign(6, new Val(tp->th_flags, TYPE_COUNT));
 		tcp_hdr->Assign(7, new Val(ntohs(tp->th_win), TYPE_COUNT));
 		pkt_hdr->Assign(2, tcp_hdr);
 		break;
 		}
 	case IPPROTO_UDP:
 		{
 		const struct udphdr* up = (const struct udphdr*) data;
 		RecordVal* udp_hdr = new RecordVal(udp_hdr_type);
 		udp_hdr->Assign(0, new PortVal(ntohs(up->uh_sport), TRANSPORT_UDP));
 		udp_hdr->Assign(1, new PortVal(ntohs(up->uh_dport), TRANSPORT_UDP));
 		udp_hdr->Assign(2, new Val(ntohs(up->uh_ulen), TYPE_COUNT));
 		pkt_hdr->Assign(3, udp_hdr);
 		break;
 		}
 	case IPPROTO_ICMP:
 		{
 		const struct icmp* icmpp = (const struct icmp *) data;
 		RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type);
 		icmp_hdr->Assign(0, new Val(icmpp->icmp_type, TYPE_COUNT));
 		pkt_hdr->Assign(4, icmp_hdr);
 		break;
 		}
 	default:
 		{
 		// This is not a protocol we understand.
 		break;
 		}
 	}
 	return pkt_hdr;
 	}
 static inline bool isIPv6ExtHeader(uint8 type)
 	{
 	switch (type) {
 	case IPPROTO_HOPOPTS:
 	case IPPROTO_ROUTING:
 	case IPPROTO_DSTOPTS:
 	case IPPROTO_FRAGMENT:
 	case IPPROTO_AH:
 	case IPPROTO_ESP:
 		return true;
 	default:
 		return false;
 	}
 	}
 void IPv6_Hdr_Chain::Init(const struct ip6_hdr* ip6, bool set_next, uint16 next)
 	{
 	length = 0;
 	uint8 current_type, next_type;
 	next_type = IPPROTO_IPV6;
 	const u_char* hdrs = (const u_char*) ip6;
 	do
 		{
 		current_type = next_type;
 		IPv6_Hdr* p = new IPv6_Hdr(current_type, hdrs);
 		next_type = p->NextHdr();
 		uint16 len = p->Length();
 		if ( set_next && next_type == IPPROTO_FRAGMENT )
 			{
 			p->ChangeNext(next);
 			next_type = next;
 			}
 		chain.push_back(p);
 		// RFC 5095 deprecates routing type 0 headers, so raise weirds for that.
 		if ( current_type == IPPROTO_ROUTING &&
 		     ((const struct ip6_rthdr*)hdrs)->ip6r_type == 0 )
 			{
 			IPAddr src(((const struct ip6_hdr*)(chain[0]->Data()))->ip6_src);
 			if ( ((const struct ip6_rthdr*)hdrs)->ip6r_segleft > 0 )
 				{
 				const in6_addr* a = (const in6_addr*)(hdrs+len-16);
 				reporter->Weird(src, IPAddr(*a), "routing0_segleft");
 				}
 			else
 				{
 				IPAddr dst(((const struct ip6_hdr*)(chain[0]->Data()))->ip6_dst);
 				reporter->Weird(src, dst, "routing0_header");
 				}
 			}
 		hdrs += len;
 		length += len;
 		} while ( current_type != IPPROTO_FRAGMENT &&
 				  current_type != IPPROTO_ESP &&
 				  isIPv6ExtHeader(next_type) );
 	}
 VectorVal* IPv6_Hdr_Chain::BuildVal() const
 	{
 	if ( ! ip6_ext_hdr_type )
 		{
 		ip6_ext_hdr_type = internal_type("ip6_ext_hdr")->AsRecordType();
 		ip6_hopopts_type = internal_type("ip6_hopopts")->AsRecordType();
 		ip6_dstopts_type = internal_type("ip6_dstopts")->AsRecordType();
 		ip6_routing_type = internal_type("ip6_routing")->AsRecordType();
 		ip6_fragment_type = internal_type("ip6_fragment")->AsRecordType();
 		ip6_ah_type = internal_type("ip6_ah")->AsRecordType();
 		ip6_esp_type = internal_type("ip6_esp")->AsRecordType();
 		}
 	VectorVal* rval = new VectorVal(new VectorType(ip6_ext_hdr_type->Ref()));
 	for ( size_t i = 1; i < chain.size(); ++i )
 		{
 		RecordVal* v = chain[i]->BuildRecordVal();
 		RecordVal* ext_hdr = new RecordVal(ip6_ext_hdr_type);
 		uint8 type = chain[i]->Type();
 		ext_hdr->Assign(0, new Val(type, TYPE_COUNT));
 		switch (type) {
 		case IPPROTO_HOPOPTS:
 			ext_hdr->Assign(1, v);
 			break;
 		case IPPROTO_DSTOPTS:
 			ext_hdr->Assign(2, v);
 			break;
 		case IPPROTO_ROUTING:
 			ext_hdr->Assign(3, v);
 			break;
 		case IPPROTO_FRAGMENT:
 			ext_hdr->Assign(4, v);
 			break;
 		case IPPROTO_AH:
 			ext_hdr->Assign(5, v);
 			break;
 		case IPPROTO_ESP:
 			ext_hdr->Assign(6, v);
 			break;
 		default:
 			reporter->InternalError("IPv6_Hdr_Chain bad header %d", type);
 			break;
 		}
 		rval->Assign(rval->Size(), ext_hdr, 0);
 		}
 	return rval;
 	}
--- a/src/IP.h
+++ b/src/IP.h
@ -4,23 +4,248 @@
 #define ip_h
 #include "config.h"
 #include "net_util.h"
 #include "IPAddr.h"
-#include <net_util.h>
+#include "Reporter.h"
 #include "Val.h"
 #include "Type.h"
 #include <vector>
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <netinet/ip6.h>
 /**
 * Base class for IPv6 header/extensions.
 */
 class IPv6_Hdr {
 public:
 	/**
 	 * Construct an IPv6 header or extension header from assigned type number.
 	 */
 	IPv6_Hdr(uint8 t, const u_char* d) : type(t), data(d) {}
 	/**
 	 * Replace the value of the next protocol field.
 	 */
 	void ChangeNext(uint8 next_type)
 		{
 		switch ( type ) {
 		case IPPROTO_IPV6:
 			((ip6_hdr*)data)->ip6_nxt = next_type;
 			break;
 		case IPPROTO_HOPOPTS:
 		case IPPROTO_DSTOPTS:
 		case IPPROTO_ROUTING:
 		case IPPROTO_FRAGMENT:
 		case IPPROTO_AH:
 			((ip6_ext*)data)->ip6e_nxt = next_type;
 			break;
 		case IPPROTO_ESP:
 		default:
 			break;
 		}
 		}
 	~IPv6_Hdr() {}
 	/**
 	 * Returns the assigned IPv6 extension header type number of the header
 	 * that immediately follows this one.
 	 */
 	uint8 NextHdr() const
 		{
 		switch ( type ) {
 		case IPPROTO_IPV6:
 			return ((ip6_hdr*)data)->ip6_nxt;
 		case IPPROTO_HOPOPTS:
 		case IPPROTO_DSTOPTS:
 		case IPPROTO_ROUTING:
 		case IPPROTO_FRAGMENT:
 		case IPPROTO_AH:
 			return ((ip6_ext*)data)->ip6e_nxt;
 		case IPPROTO_ESP:
 		default:
 			return IPPROTO_NONE;
 		}
 		}
 	/**
 	 * Returns the length of the header in bytes.
 	 */
 	uint16 Length() const
 		{
 		switch ( type ) {
 		case IPPROTO_IPV6:
 			return 40;
 		case IPPROTO_HOPOPTS:
 		case IPPROTO_DSTOPTS:
 		case IPPROTO_ROUTING:
 			return 8 + 8 * ((ip6_ext*)data)->ip6e_len;
 		case IPPROTO_FRAGMENT:
 			return 8;
 		case IPPROTO_AH:
 			return 8 + 4 * ((ip6_ext*)data)->ip6e_len;
 		case IPPROTO_ESP:
 			return 8; //encrypted payload begins after 8 bytes
 		default:
 			return 0;
 		}
 		}
 	/**
 	 * Returns the RFC 1700 et seq. IANA assigned number for the header.
 	 */
 	uint8 Type() const { return type; }
 	/**
 	 * Returns pointer to the start of where header structure resides in memory.
 	 */
 	const u_char* Data() const { return data; }
 	/**
 	 * Returns the script-layer record representation of the header.
 	 */
 	RecordVal* BuildRecordVal(VectorVal* chain = 0) const;
 protected:
 	uint8 type;
 	const u_char* data;
 };
 class IPv6_Hdr_Chain {
 public:
 	/**
 	 * Initializes the header chain from an IPv6 header structure.
 	 */
 	IPv6_Hdr_Chain(const struct ip6_hdr* ip6) { Init(ip6, false); }
 	~IPv6_Hdr_Chain()
 		{ for ( size_t i = 0; i < chain.size(); ++i ) delete chain[i]; }
 	/**
 	 * Returns the number of headers in the chain.
 	 */
 	size_t Size() const { return chain.size(); }
 	/**
 	 * Returns the sum of the length of all headers in the chain in bytes.
 	 */
 	uint16 TotalLength() const { return length; }
 	/**
 	 * Accesses the header at the given location in the chain.
 	 */
 	const IPv6_Hdr* operator[](const size_t i) const { return chain[i]; }
 	/**
 	 * Returns whether the header chain indicates a fragmented packet.
 	 */
 	bool IsFragment() const
 		{ return chain[chain.size()-1]->Type() == IPPROTO_FRAGMENT; }
 	/**
 	 * Returns pointer to fragment header structure if the chain contains one.
 	 */
 	const struct ip6_frag* GetFragHdr() const
 		{ return IsFragment() ?
 				(const struct ip6_frag*)chain[chain.size()-1]->Data(): 0; }
 	/**
 	 * If the header chain is a fragment, returns the offset in number of bytes
 	 * relative to the start of the Fragmentable Part of the original packet.
 	 */
 	uint16 FragOffset() const
 		{ return IsFragment() ?
 				(ntohs(GetFragHdr()->ip6f_offlg) & 0xfff8) : 0; }
 	/**
 	 * If the header chain is a fragment, returns the identification field.
 	 */
 	uint32 ID() const
 		{ return IsFragment() ?	ntohl(GetFragHdr()->ip6f_ident) : 0; }
 	/**
 	 * If the header chain is a fragment, returns the M (more fragments) flag.
 	 */
 	int MF() const
 		{ return IsFragment() ?
 				(ntohs(GetFragHdr()->ip6f_offlg) & 0x0001) != 0 : 0; }
 	/**
 	 * Returns whether the chain contains a routing type 0 extension header
 	 * with nonzero segments left.
 	 */
 	bool RH0SegLeft() const
 		{
 		for ( size_t i = 0; i < chain.size(); ++i )
 			if ( chain[i]->Type() == IPPROTO_ROUTING  &&
 			     ((const struct ip6_rthdr*)chain[i]->Data())->ip6r_type == 0 &&
 			     ((const struct ip6_rthdr*)chain[i]->Data())->ip6r_segleft > 0 )
 				return true;
 		return false;
 		}
 	/**
 	 * Returns a vector of ip6_ext_hdr RecordVals that includes script-layer
 	 * representation of all extension headers in the chain.
 	 */
 	VectorVal* BuildVal() const;
 protected:
 	// for access to protected ctor that changes next header values that
 	// point to a fragment
 	friend class FragReassembler;
 	/**
 	 * Initializes the header chain from an IPv6 header structure, and replaces
 	 * the first next protocol pointer field that points to a fragment header.
 	 */
 	IPv6_Hdr_Chain(const struct ip6_hdr* ip6, uint16 next)
 		{ Init(ip6, true, next); }
 	void Init(const struct ip6_hdr* ip6, bool set_next, uint16 next = 0);
 	vector<IPv6_Hdr*> chain;
 	uint16 length; // The summation of all header lengths in the chain in bytes.
 };
 class IP_Hdr {
 public:
 	IP_Hdr(const u_char* p, bool arg_del)
 		: ip4(0), ip6(0), del(arg_del), ip6_hdrs(0)
 		{
 		if ( ((const struct ip*)p)->ip_v == 4 )
 			ip4 = (const struct ip*)p;
 		else if ( ((const struct ip*)p)->ip_v == 6 )
 			{
 			ip6 = (const struct ip6_hdr*)p;
 			ip6_hdrs = new IPv6_Hdr_Chain(ip6);
 			}
 		else
 			{
 			if ( arg_del )
 				delete [] p;
 			reporter->InternalError("bad IP version in IP_Hdr ctor");
 			}
 		}
 	IP_Hdr(const struct ip* arg_ip4, bool arg_del)
-		: ip4(arg_ip4), ip6(0), del(arg_del)
+		: ip4(arg_ip4), ip6(0), del(arg_del), ip6_hdrs(0)
 		{
 		}
-	IP_Hdr(const struct ip6_hdr* arg_ip6, bool arg_del)
+	IP_Hdr(const struct ip6_hdr* arg_ip6, bool arg_del,
-		: ip4(0), ip6(arg_ip6), del(arg_del)
+	       const IPv6_Hdr_Chain* c = 0)
 		: ip4(0), ip6(arg_ip6), del(arg_del),
 		  ip6_hdrs(c ? c : new IPv6_Hdr_Chain(ip6))
 		{
 		}
 	~IP_Hdr()
 		{
 		if ( ip6 )
 			delete ip6_hdrs;
 		if ( del )
 			{
 			if ( ip4 )
@ -31,56 +256,130 @@ public:
 		}
 	const struct ip* IP4_Hdr() const	{ return ip4; }
 	const struct ip6_hdr* IP6_Hdr() const	{ return ip6; }
 	IPAddr SrcAddr() const
 		{ return ip4 ? IPAddr(ip4->ip_src) : IPAddr(ip6->ip6_src); }
 	IPAddr DstAddr() const
 		{ return ip4 ? IPAddr(ip4->ip_dst) : IPAddr(ip6->ip6_dst); }
-	//TODO: needs adapting/replacement for IPv6 support
+	/**
-	uint16 ID4() const	{ return ip4 ? ip4->ip_id : 0; }
+	 * Returns a pointer to the payload of the IP packet, usually an
-
+	 * upper-layer protocol.
 	 */
 	const u_char* Payload() const
 		{
 		if ( ip4 )
 			return ((const u_char*) ip4) + ip4->ip_hl * 4;
 		else
-			return ((const u_char*) ip6) + 40;
+			return ((const u_char*) ip6) + ip6_hdrs->TotalLength();
 		}
 	/**
 	 * Returns the length of the IP packet's payload (length of packet minus
 	 * header length or, for IPv6, also minus length of all extension headers).
 	 */
 	uint16 PayloadLen() const
 		{
 		if ( ip4 )
 			return ntohs(ip4->ip_len) - ip4->ip_hl * 4;
 		else
-			return ntohs(ip6->ip6_plen);
+			return ntohs(ip6->ip6_plen) + 40 - ip6_hdrs->TotalLength();
 		}
-	uint16 TotalLen() const
+	/**
-		{
+	 * Returns the length of the IP packet (length of headers and payload).
-		if ( ip4 )
+	 */
-			return ntohs(ip4->ip_len);
+	uint32 TotalLen() const
-		else
+		{ return ip4 ? ntohs(ip4->ip_len) : ntohs(ip6->ip6_plen) + 40; }
 			return ntohs(ip6->ip6_plen) + 40;
 		}
-	uint16 HdrLen() const	{ return ip4 ? ip4->ip_hl * 4 : 40; }
+	/**
 	 * Returns length of IP packet header (includes extension headers for IPv6).
 	 */
 	uint16 HdrLen() const
 		{ return ip4 ? ip4->ip_hl * 4 : ip6_hdrs->TotalLength(); }
 	/**
 	 * For IPv6 header chains, returns the type of the last header in the chain.
 	 */
 	uint8 LastHeader() const
 		{ return ip4 ? IPPROTO_RAW :
 				((*ip6_hdrs)[ip6_hdrs->Size()-1])->Type(); }
 	/**
 	 * Returns the protocol type of the IP packet's payload, usually an
 	 * upper-layer protocol.  For IPv6, this returns the last (extension)
 	 * header's Next Header value.
 	 */
 	unsigned char NextProto() const
-		{ return ip4 ? ip4->ip_p : ip6->ip6_nxt; }
+		{ return ip4 ? ip4->ip_p :
 				((*ip6_hdrs)[ip6_hdrs->Size()-1])->NextHdr(); }
 	unsigned char TTL() const
 		{ return ip4 ? ip4->ip_ttl : ip6->ip6_hlim; }
-	uint16 FragField() const
+
-		{ return ntohs(ip4 ? ip4->ip_off : 0); }
+	bool IsFragment() const
 		{ return ip4 ? (ntohs(ip4->ip_off) & 0x3fff) != 0 :
 				ip6_hdrs->IsFragment(); }
 	/**
 	 * Returns the fragment packet's offset in relation to the original
 	 * packet in bytes.
 	 */
 	uint16 FragOffset() const
 		{ return ip4 ? (ntohs(ip4->ip_off) & 0x1fff) * 8 :
 				ip6_hdrs->FragOffset(); }
 	/**
 	 * Returns the fragment packet's identification field.
 	 */
 	uint32 ID() const
 		{ return ip4 ? ntohs(ip4->ip_id) : ip6_hdrs->ID(); }
 	/**
 	 * Returns whether a fragment packet's "More Fragments" field is set.
 	 */
 	int MF() const
 		{ return ip4 ? (ntohs(ip4->ip_off) & 0x2000) != 0 : ip6_hdrs->MF(); }
 	/**
 	 * Returns whether a fragment packet's "Don't Fragment" field is set.
 	 * Note that IPv6 has no such field.
 	 */
 	int DF() const
-		{ return ip4 ? ((ntohs(ip4->ip_off) & IP_DF) != 0) : 0; }
+		{ return ip4 ? ((ntohs(ip4->ip_off) & 0x4000) != 0) : 0; }
-	uint16 IP_ID() const
+
-		{ return ip4 ? (ntohs(ip4->ip_id)) : 0; }
+	/**
 	 * Returns number of IP headers in packet (includes IPv6 extension headers).
 	 */
 	size_t NumHeaders() const
 		{ return ip4 ? 1 : ip6_hdrs->Size(); }
 	/**
 	 * Returns true if this is an IPv6 header containing a routing type 0
 	 * extension with nonzero segments left, else returns false.
 	 */
 	bool RH0SegLeft() const
 		{ return ip4 ? false : ip6_hdrs->RH0SegLeft(); }
 	/**
 	 * Returns an ip_hdr or ip6_hdr_chain RecordVal.
 	 */
 	RecordVal* BuildIPHdrVal() const;
 	/**
 	 * Returns a pkt_hdr RecordVal, which includes not only the IP header, but
 	 * also upper-layer (tcp/udp/icmp) headers.
 	 */
 	RecordVal* BuildPktHdrVal() const;
 private:
 	const struct ip* ip4;
 	const struct ip6_hdr* ip6;
 	bool del;
 	const IPv6_Hdr_Chain* ip6_hdrs;
 };
 #endif
--- a/src/IPAddr.cc
+++ b/src/IPAddr.cc
@ -6,6 +6,7 @@
 #include "Reporter.h"
 #include "Conn.h"
 #include "DPM.h"
 #include "bro_inet_ntop.h"
 const uint8_t IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0,
                                               0, 0, 0, 0,
@ -159,7 +160,7 @@ string IPAddr::AsString() const
 		{
 		char s[INET_ADDRSTRLEN];
-		if ( inet_ntop(AF_INET, &in6.s6_addr[12], s, INET_ADDRSTRLEN) == NULL )
+		if ( ! bro_inet_ntop(AF_INET, &in6.s6_addr[12], s, INET_ADDRSTRLEN) )
 			return "<bad IPv4 address conversion";
 		else
 			return s;
@ -168,7 +169,7 @@ string IPAddr::AsString() const
 		{
 		char s[INET6_ADDRSTRLEN];
-		if ( inet_ntop(AF_INET6, in6.s6_addr, s, INET6_ADDRSTRLEN) == NULL )
+		if ( ! bro_inet_ntop(AF_INET6, in6.s6_addr, s, INET6_ADDRSTRLEN) )
 			return "<bad IPv6 address conversion";
 		else
 			return s;
--- a/src/Login.cc
+++ b/src/Login.cc
@ -38,7 +38,7 @@ Login_Analyzer::Login_Analyzer(AnalyzerTag::Tag tag, Connection* conn)
 	if ( ! re_skip_authentication )
 		{
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 		HeapLeakChecker::Disabler disabler;
 #endif
 		re_skip_authentication = init_RE(skip_authentication);
--- a/src/Net.cc
+++ b/src/Net.cc
@ -42,7 +42,6 @@ extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
 PList(PktSrc) pkt_srcs;
 // FIXME: We should really merge PktDumper and PacketDumper.
 // It's on my to-do [Robin].
 PktDumper* pkt_dumper = 0;
 int reading_live = 0;
--- a/src/PacketFilter.cc
+++ b/src/PacketFilter.cc
@ -71,9 +71,7 @@ bool PacketFilter::MatchFilter(const Filter& f, const IP_Hdr& ip,
 	if ( ip.NextProto() == IPPROTO_TCP && f.tcp_flags )
 		{
 		// Caution! The packet sanity checks have not been performed yet
-		const struct ip* ip4 = ip.IP4_Hdr();
+		int ip_hdr_len = ip.HdrLen();
 		int ip_hdr_len = ip4->ip_hl * 4;
 		len -= ip_hdr_len;	// remove IP header
 		caplen -= ip_hdr_len;
@ -82,8 +80,7 @@ bool PacketFilter::MatchFilter(const Filter& f, const IP_Hdr& ip,
 			// Packet too short, will be dropped anyway.
 			return false;
-		const struct tcphdr* tp =
+		const struct tcphdr* tp = (const struct tcphdr*) ip.Payload();
 			(const struct tcphdr*) ((u_char*) ip4 + ip_hdr_len);
 		if ( tp->th_flags & f.tcp_flags )
 			 // At least one of the flags is set, so don't drop
--- a/src/PacketSort.cc
+++ b/src/PacketSort.cc
@ -28,12 +28,15 @@ PacketSortElement::PacketSortElement(PktSrc* arg_src,
 		const struct ip* ip = (const struct ip*) (pkt + hdr_size);
 		if ( ip->ip_v == 4 )
 			ip_hdr = new IP_Hdr(ip, false);
-		else
+		else if ( ip->ip_v == 6 )
 			ip_hdr = new IP_Hdr((const struct ip6_hdr*) ip, false);
 		else
 			// Weird will be generated later in NetSessions::NextPacket.
 			return;
 		if ( ip_hdr->NextProto() == IPPROTO_TCP &&
 		      // Note: can't sort fragmented packets
-		     (ip_hdr->FragField() & 0x3fff) == 0 )
+		     ( ! ip_hdr->IsFragment() ) )
 			{
 			tcp_offset = hdr_size + ip_hdr->HdrLen();
 			if ( caplen >= tcp_offset + sizeof(struct tcphdr) )
--- a/src/PersistenceSerializer.cc
+++ b/src/PersistenceSerializer.cc
@ -137,7 +137,7 @@ bool PersistenceSerializer::CheckForFile(UnserialInfo* info, const char* file,
 bool PersistenceSerializer::ReadAll(bool is_init, bool delete_files)
 	{
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	HeapLeakChecker::Disabler disabler;
 #endif
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@ -187,6 +187,7 @@
 #include "threading/SerialTypes.h"
 #include "logging/Manager.h"
 #include "IPAddr.h"
 #include "bro_inet_ntop.h"
 extern "C" {
 #include "setsignal.h"
@ -234,7 +235,7 @@ static const int PRINT_BUFFER_SIZE = 10 * 1024;
 static const int SOCKBUF_SIZE = 1024 * 1024;
 // Buffer size for remote-log data.
-static const int LOG_BUFFER_SIZE = 512;
+static const int LOG_BUFFER_SIZE = 50 * 1024;
 struct ping_args {
 	uint32 seq;
@ -465,7 +466,7 @@ static inline const char* ip2a(uint32 ip)
 	addr.s_addr = htonl(ip);
-	return inet_ntop(AF_INET, &addr, buffer, 32);
+	return bro_inet_ntop(AF_INET, &addr, buffer, 32);
 	}
 static pid_t child_pid = 0;
@ -2645,7 +2646,7 @@ bool RemoteSerializer::ProcessLogCreateWriter()
 	if ( current_peer->state == Peer::CLOSING )
 		return false;
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	// Don't track allocations here, they'll be released only after the
 	// main loop exists. And it's just a tiny amount anyway.
 	HeapLeakChecker::Disabler disabler;
@ -2866,7 +2867,7 @@ void RemoteSerializer::GotID(ID* id, Val* val)
 					(desc && *desc) ? desc : "not set"),
 			current_peer);
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 		// May still be cached, but we don't care.
 		heap_checker->IgnoreObject(id);
 #endif
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -191,7 +191,7 @@ void RuleMatcher::Delete(RuleHdrTest* node)
 bool RuleMatcher::ReadFiles(const name_list& files)
 	{
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	HeapLeakChecker::Disabler disabler;
 #endif
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -332,7 +332,8 @@ void NetSessions::NextPacketSecondary(double /* t */, const struct pcap_pkthdr*
 			StringVal* cmd_val =
 				new StringVal(sp->Event()->Filter());
 			args->append(cmd_val);
-			args->append(BuildHeader(ip));
+			IP_Hdr ip_hdr(ip, false);
 			args->append(ip_hdr.BuildPktHdrVal());
 			// ### Need to queue event here.
 			try
 				{
@ -400,18 +401,6 @@ int NetSessions::CheckConnectionTag(Connection* conn)
 	return 1;
 	}
 static bool looks_like_IPv4_packet(int len, const struct ip* ip_hdr)
 	{
 	if ( (unsigned int) len < sizeof(struct ip) )
 		return false;
 	if ( ip_hdr->ip_v == 4 && ntohs(ip_hdr->ip_len) == len )
 		return true;
 	else
 		return false;
 	}
 void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 				const IP_Hdr* ip_hdr, const u_char* const pkt,
 				int hdr_size)
@ -441,18 +430,9 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	if ( discarder && discarder->NextPacket(ip_hdr, len, caplen) )
 		return;
 	int proto = ip_hdr->NextProto();
 	if ( proto != IPPROTO_TCP && proto != IPPROTO_UDP &&
 	     proto != IPPROTO_ICMP )
 		{
 		dump_this_packet = 1;
 		return;
 		}
 	FragReassembler* f = 0;
 	uint32 frag_field = ip_hdr->FragField();
-	if ( (frag_field & 0x3fff) != 0 )
+	if ( ip_hdr->IsFragment() )
 		{
 		dump_this_packet = 1;	// always record fragments
@ -463,12 +443,12 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 			// Don't try to reassemble, that's doomed.
 			// Discard all except the first fragment (which
 			// is useful in analyzing header-only traces)
-			if ( (frag_field & 0x1fff) != 0 )
+			if ( ip_hdr->FragOffset() != 0 )
 				return;
 			}
 		else
 			{
-			f = NextFragment(t, ip_hdr, pkt + hdr_size, frag_field);
+			f = NextFragment(t, ip_hdr, pkt + hdr_size);
 			const IP_Hdr* ih = f->ReassembledPkt();
 			if ( ! ih )
 				// It didn't reassemble into anything yet.
@ -485,21 +465,43 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	len -= ip_hdr_len;	// remove IP header
 	caplen -= ip_hdr_len;
-	uint32 min_hdr_len = (proto == IPPROTO_TCP) ?  sizeof(struct tcphdr) :
+	// We stop building the chain when seeing IPPROTO_ESP so if it's 
-		(proto == IPPROTO_UDP ? sizeof(struct udphdr) : ICMP_MINLEN);
+	// there, it's always the last.
-
+	if ( ip_hdr->LastHeader() == IPPROTO_ESP )
 	if ( len < min_hdr_len )
 		{
-		Weird("truncated_header", hdr, pkt);
+		dump_this_packet = 1;
-		if ( f )
+		if ( esp_packet )
-			Remove(f);	// ###
+			{
 			val_list* vl = new val_list();
 			vl->append(ip_hdr->BuildPktHdrVal());
 			mgr.QueueEvent(esp_packet, vl);
 			}
 		Remove(f);
 		// Can't do more since upper-layer payloads are going to be encrypted.
 		return;
 		}
-	if ( caplen < min_hdr_len )
+
 	// Stop analyzing IPv6 packets that use routing type 0 headers with segments
 	// left since RH0 headers are deprecated by RFC 5095 and we'd have to make
 	// extra effort to get the destination in the connection/flow endpoint right.
 	if ( ip_hdr->RH0SegLeft() )
 		{
-		Weird("internally_truncated_header", hdr, pkt);
+		dump_this_packet = 1;
-		if ( f )
+		if ( rh0_segleft )
-			Remove(f);	// ###
+			{
 			val_list* vl = new val_list();
 			vl->append(ip_hdr->BuildPktHdrVal());
 			mgr.QueueEvent(rh0_segleft, vl);
 			}
 		Remove(f);
 		return;
 		}
 	int proto = ip_hdr->NextProto();
 	if ( CheckHeaderTrunc(proto, len, caplen, hdr, pkt) )
 		{
 		Remove(f);
 		return;
 		}
@ -548,7 +550,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		}
 	default:
-		Weird(fmt("unknown_protocol %d", proto), hdr, pkt);
+		Weird(fmt("unknown_protocol_%d", proto), hdr, pkt);
 		Remove(f);
 		return;
 	}
@ -574,6 +577,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		if ( consistent < 0 )
 			{
 			delete h;
 			Remove(f);
 			return;
 			}
@ -592,10 +596,11 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		}
 	if ( ! conn )
 		{
 		delete h;
-
+		Remove(f);
 	if ( ! conn )
 		return;
 		}
 	int record_packet = 1;	// whether to record the packet at all
 	int record_content = 1;	// whether to record its data
@ -603,8 +608,17 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	int is_orig = (id.src_addr == conn->OrigAddr()) &&
 			(id.src_port == conn->OrigPort());
-	if ( new_packet && ip4 )
+	Val* pkt_hdr_val = 0;
-		conn->Event(new_packet, 0, BuildHeader(ip4));
+
 	if ( ipv6_ext_headers && ip_hdr->NumHeaders() > 1 )
 		{
 		pkt_hdr_val = ip_hdr->BuildPktHdrVal();
 		conn->Event(ipv6_ext_headers, 0, pkt_hdr_val);
 		}
 	if ( new_packet )
 		conn->Event(new_packet, 0,
 		        pkt_hdr_val ? pkt_hdr_val->Ref() : ip_hdr->BuildPktHdrVal());
 	conn->NextPacket(t, is_orig, ip_hdr, len, caplen, data,
 				record_packet, record_content,
@ -614,7 +628,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		{
 		// Above we already recorded the fragment in its entirety.
 		f->DeleteTimer();
-		Remove(f);	// ###
+		Remove(f);
 		}
 	else if ( record_packet )
@ -630,104 +644,42 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		}
 	}
-Val* NetSessions::BuildHeader(const struct ip* ip)
+bool NetSessions::CheckHeaderTrunc(int proto, uint32 len, uint32 caplen,
                                   const struct pcap_pkthdr* h, const u_char* p)
 	{
-	static RecordType* pkt_hdr_type = 0;
+	uint32 min_hdr_len = 0;
 	static RecordType* ip_hdr_type = 0;
 	static RecordType* tcp_hdr_type = 0;
 	static RecordType* udp_hdr_type = 0;
 	static RecordType* icmp_hdr_type;
 	if ( ! pkt_hdr_type )
 		{
 		pkt_hdr_type = internal_type("pkt_hdr")->AsRecordType();
 		ip_hdr_type = internal_type("ip_hdr")->AsRecordType();
 		tcp_hdr_type = internal_type("tcp_hdr")->AsRecordType();
 		udp_hdr_type = internal_type("udp_hdr")->AsRecordType();
 		icmp_hdr_type = internal_type("icmp_hdr")->AsRecordType();
 		}
 	RecordVal* pkt_hdr = new RecordVal(pkt_hdr_type);
 	RecordVal* ip_hdr = new RecordVal(ip_hdr_type);
 	int ip_hdr_len = ip->ip_hl * 4;
 	int ip_pkt_len = ntohs(ip->ip_len);
 	ip_hdr->Assign(0, new Val(ip->ip_hl * 4, TYPE_COUNT));
 	ip_hdr->Assign(1, new Val(ip->ip_tos, TYPE_COUNT));
 	ip_hdr->Assign(2, new Val(ip_pkt_len, TYPE_COUNT));
 	ip_hdr->Assign(3, new Val(ntohs(ip->ip_id), TYPE_COUNT));
 	ip_hdr->Assign(4, new Val(ip->ip_ttl, TYPE_COUNT));
 	ip_hdr->Assign(5, new Val(ip->ip_p, TYPE_COUNT));
 	ip_hdr->Assign(6, new AddrVal(ip->ip_src.s_addr));
 	ip_hdr->Assign(7, new AddrVal(ip->ip_dst.s_addr));
 	pkt_hdr->Assign(0, ip_hdr);
 	// L4 header.
 	const u_char* data = ((const u_char*) ip) + ip_hdr_len;
 	int proto = ip->ip_p;
 	switch ( proto ) {
 	case IPPROTO_TCP:
-		{
+		min_hdr_len = sizeof(struct tcphdr);
 		const struct tcphdr* tp = (const struct tcphdr*) data;
 		RecordVal* tcp_hdr = new RecordVal(tcp_hdr_type);
 		int tcp_hdr_len = tp->th_off * 4;
 		int data_len = ip_pkt_len - ip_hdr_len - tcp_hdr_len;
 		tcp_hdr->Assign(0, new PortVal(ntohs(tp->th_sport), TRANSPORT_TCP));
 		tcp_hdr->Assign(1, new PortVal(ntohs(tp->th_dport), TRANSPORT_TCP));
 		tcp_hdr->Assign(2, new Val(uint32(ntohl(tp->th_seq)), TYPE_COUNT));
 		tcp_hdr->Assign(3, new Val(uint32(ntohl(tp->th_ack)), TYPE_COUNT));
 		tcp_hdr->Assign(4, new Val(tcp_hdr_len, TYPE_COUNT));
 		tcp_hdr->Assign(5, new Val(data_len, TYPE_COUNT));
 		tcp_hdr->Assign(6, new Val(tp->th_flags, TYPE_COUNT));
 		tcp_hdr->Assign(7, new Val(ntohs(tp->th_win), TYPE_COUNT));
 		pkt_hdr->Assign(1, tcp_hdr);
 		break;
 		}
 	case IPPROTO_UDP:
-		{
+		min_hdr_len = sizeof(struct udphdr);
 		const struct udphdr* up = (const struct udphdr*) data;
 		RecordVal* udp_hdr = new RecordVal(udp_hdr_type);
 		udp_hdr->Assign(0, new PortVal(ntohs(up->uh_sport), TRANSPORT_UDP));
 		udp_hdr->Assign(1, new PortVal(ntohs(up->uh_dport), TRANSPORT_UDP));
 		udp_hdr->Assign(2, new Val(ntohs(up->uh_ulen), TYPE_COUNT));
 		pkt_hdr->Assign(2, udp_hdr);
 		break;
 		}
 	case IPPROTO_ICMP:
 		{
 		const struct icmp* icmpp = (const struct icmp *) data;
 		RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type);
 		icmp_hdr->Assign(0, new Val(icmpp->icmp_type, TYPE_COUNT));
 		pkt_hdr->Assign(3, icmp_hdr);
 		break;
 		}
 	default:
-		{
+		// Use for all other packets.
-		// This is not a protocol we understand.
+		min_hdr_len = ICMP_MINLEN;
 		}
 	}
-	return pkt_hdr;
+	if ( len < min_hdr_len )
 		{
 		Weird("truncated_header", h, p);
 		return true;
 		}
 	if ( caplen < min_hdr_len )
 		{
 		Weird("internally_truncated_header", h, p);
 		return true;
 		}
 	return false;
 	}
 FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip,
-					const u_char* pkt, uint32 frag_field)
+					const u_char* pkt)
 	{
-	uint32 frag_id = ntohs(ip->ID4());	// we actually could skip conv.
+	uint32 frag_id = ip->ID();
 	ListVal* key = new ListVal(TYPE_ANY);
 	key->Append(new AddrVal(ip->SrcAddr()));
@ -741,7 +693,7 @@ FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip,
 	FragReassembler* f = fragments.Lookup(h);
 	if ( ! f )
 		{
-		f = new FragReassembler(this, ip, pkt, frag_field, h, t);
+		f = new FragReassembler(this, ip, pkt, h, t);
 		fragments.Insert(h, f);
 		Unref(key);
 		return f;
@ -750,7 +702,7 @@ FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip,
 	delete h;
 	Unref(key);
-	f->AddFragment(t, ip, pkt, frag_field);
+	f->AddFragment(t, ip, pkt);
 	return f;
 	}
@ -909,6 +861,7 @@ void NetSessions::Remove(Connection* c)
 void NetSessions::Remove(FragReassembler* f)
 	{
 	if ( ! f ) return;
 	HashKey* k = f->Key();
 	if ( ! k )
 		reporter->InternalError("fragment block not in dictionary");
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -79,7 +79,7 @@ public:
 	// Returns a reassembled packet, or nil if there are still
 	// some missing fragments.
 	FragReassembler* NextFragment(double t, const IP_Hdr* ip,
-				const u_char* pkt, uint32 frag_field);
+				const u_char* pkt);
 	int Get_OS_From_SYN(struct os_type* retval,
 			uint16 tot, uint8 DF_flag, uint8 TTL, uint16 WSS,
@ -190,10 +190,11 @@ protected:
 	void Internal(const char* msg, const struct pcap_pkthdr* hdr,
 			const u_char* pkt);
-	// Builds a record encapsulating a packet.  This should be more
+	// For a given protocol, checks whether the header's length as derived
-	// general, including the equivalent of a union of tcp/udp/icmp
+	// from lower-level headers or the length actually captured is less
-	// headers .
+	// than that protocol's minimum header size.
-	Val* BuildHeader(const struct ip* ip);
+	bool CheckHeaderTrunc(int proto, uint32 len, uint32 caplen,
 	                      const struct pcap_pkthdr* hdr, const u_char* pkt);
 	CompositeHash* ch;
 	PDict(Connection) tcp_conns;
--- a/src/StateAccess.cc
+++ b/src/StateAccess.cc
@ -678,7 +678,7 @@ bool StateAccess::DoUnserialize(UnserialInfo* info)
 			target.id = new ID(name, SCOPE_GLOBAL, true);
 			Ref(target.id);
 			global_scope()->Insert(name, target.id);
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 			heap_checker->IgnoreObject(target.id);
 #endif
 			}
--- a/src/Stats.cc
+++ b/src/Stats.cc
@ -210,11 +210,16 @@ void ProfileLogger::Log()
 	      i != thread_stats.end(); ++i ) 
 		{
 		threading::MsgThread::Stats s = i->second;
-		file->Write(fmt("%0.6f   %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64 "\n",
+		file->Write(fmt("%0.6f   %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64
 				" (#queue r/w: in=%" PRIu64 "/%" PRIu64 " out=%" PRIu64 "/%" PRIu64 ")"
 			        "\n",
 			    network_time,
 			    i->first.c_str(),
 			    s.sent_in, s.sent_out,
-			    s.pending_in, s.pending_out));
+			    s.pending_in, s.pending_out,
 			    s.queue_in_stats.num_reads, s.queue_in_stats.num_writes,
 			    s.queue_out_stats.num_reads, s.queue_out_stats.num_writes
 			    ));
 		}
 	// Script-level state.
--- a/src/TCP.cc
+++ b/src/TCP.cc
@ -1203,7 +1203,7 @@ RecordVal* TCP_Analyzer::BuildOSVal(int is_orig, const IP_Hdr* ip,
 	if ( ip->HdrLen() > 20 )
 		quirks |= QUIRK_IPOPT;
-	if ( ip->IP_ID() == 0 )
+	if ( ip->ID() == 0 )
 		quirks |= QUIRK_ZEROID;
 	if ( tcp->th_seq == 0 )
@ -1942,11 +1942,11 @@ int TCPStats_Endpoint::DataSent(double /* t */, int seq, int len, int caplen,
 	{
 	if ( ++num_pkts == 1 )
 		{ // First packet.
-		last_id = ntohs(ip->ID4());
+		last_id = ip->ID();
 		return 0;
 		}
-	int id = ntohs(ip->ID4());
+	int id = ip->ID();
 	if ( id == last_id )
 		{
--- a/src/bro.bif
+++ b/src/bro.bif
@ -2049,6 +2049,36 @@ function is_v6_addr%(a: addr%): bool
 #
 # ===========================================================================
 ## Converts the *data* field of :bro:type:`ip6_routing` records that have
 ## *rtype* of 0 into a vector of addresses.
 ##
 ## s: The *data* field of an :bro:type:`ip6_routing` record that has
 ##    an *rtype* of 0.
 ##
 ## Returns: The vector of addresses contained in the routing header data.
 function routing0_data_to_addrs%(s: string%): addr_vec
 	%{
 	VectorVal* rval = new VectorVal(new VectorType(base_type(TYPE_ADDR)));
 	int len = s->Len();
 	const u_char* bytes = s->Bytes();
 	bytes += 4; // go past 32-bit reserved field
 	len -= 4;
 	if ( ( len % 16 ) != 0 )
 		reporter->Warning("Bad ip6_routing data length: %d", s->Len());
 	while ( len > 0 )
 		{
 		IPAddr a(IPv6, (const uint32*) bytes, IPAddr::Network);
 		rval->Assign(rval->Size(), new AddrVal(a), 0);
 		bytes += 16;
 		len -= 16;
 		}
 	return rval;
 	%}
 ## Converts a :bro:type:`addr` to a :bro:type:`index_vec`.
 ##
 ## a: The address to convert into a vector of counts.
--- a/src/bro_inet_ntop.c
+++ b/src/bro_inet_ntop.c
@ -0,0 +1,189 @@
 /* Taken/adapted from FreeBSD 9.0.0 inet_ntop.c (CVS revision 1.3.16.1.2.1) */
 /*
 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
 * Copyright (c) 1996-1999 by Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "bro_inet_ntop.h"
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <arpa/nameser.h>
 #include <errno.h>
 #include <stdio.h>
 #include <string.h>
 /*%
 * WARNING: Don't even consider trying to compile this on a system where
 * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
 */
 static const char *bro_inet_ntop4(const u_char *src, char *dst, socklen_t size);
 static const char *bro_inet_ntop6(const u_char *src, char *dst, socklen_t size);
 /* char *
 * bro_inet_ntop(af, src, dst, size)
 *	convert a network format address to presentation format.
 * return:
 *	pointer to presentation format address (`dst'), or NULL (see errno).
 * author:
 *	Paul Vixie, 1996.
 */
 const char *
 bro_inet_ntop(int af, const void * __restrict src, char * __restrict dst,
    socklen_t size)
 {
 	switch (af) {
 	case AF_INET:
 		return (bro_inet_ntop4(src, dst, size));
 	case AF_INET6:
 		return (bro_inet_ntop6(src, dst, size));
 	default:
 		errno = EAFNOSUPPORT;
 		return (NULL);
 	}
 	/* NOTREACHED */
 }
 /* const char *
 * bro_inet_ntop4(src, dst, size)
 *	format an IPv4 address
 * return:
 *	`dst' (as a const)
 * notes:
 *	(1) uses no statics
 *	(2) takes a u_char* not an in_addr as input
 * author:
 *	Paul Vixie, 1996.  Modified by Jon Siwek, 2012, to replace strlcpy
 */
 static const char *
 bro_inet_ntop4(const u_char *src, char *dst, socklen_t size)
 {
 	static const char fmt[] = "%u.%u.%u.%u";
 	char tmp[sizeof "255.255.255.255"];
 	int l;
 	l = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);
 	if (l <= 0 || (socklen_t) l >= size) {
 		errno = ENOSPC;
 		return (NULL);
 	}
 	strncpy(dst, tmp, size - 1);
 	dst[size - 1] = 0;
 	return (dst);
 }
 /* const char *
 * bro_inet_ntop6(src, dst, size)
 *	convert IPv6 binary address into presentation (printable) format
 * author:
 *	Paul Vixie, 1996.  Modified by Jon Siwek, 2012, for IPv4-translated format
 */
 static const char *
 bro_inet_ntop6(const u_char *src, char *dst, socklen_t size)
 {
 	/*
 	 * Note that int32_t and int16_t need only be "at least" large enough
 	 * to contain a value of the specified size.  On some systems, like
 	 * Crays, there is no such thing as an integer variable with 16 bits.
 	 * Keep this in mind if you think this function should have been coded
 	 * to use pointer overlays.  All the world's not a VAX.
 	 */
 	char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
 	struct { int base, len; } best, cur;
 	u_int words[NS_IN6ADDRSZ / NS_INT16SZ];
 	int i;
 	/*
 	 * Preprocess:
 	 *	Copy the input (bytewise) array into a wordwise array.
 	 *	Find the longest run of 0x00's in src[] for :: shorthanding.
 	 */
 	memset(words, '\0', sizeof words);
 	for (i = 0; i < NS_IN6ADDRSZ; i++)
 		words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3));
 	best.base = -1;
 	best.len = 0;
 	cur.base = -1;
 	cur.len = 0;
 	for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
 		if (words[i] == 0) {
 			if (cur.base == -1)
 				cur.base = i, cur.len = 1;
 			else
 				cur.len++;
 		} else {
 			if (cur.base != -1) {
 				if (best.base == -1 || cur.len > best.len)
 					best = cur;
 				cur.base = -1;
 			}
 		}
 	}
 	if (cur.base != -1) {
 		if (best.base == -1 || cur.len > best.len)
 			best = cur;
 	}
 	if (best.base != -1 && best.len < 2)
 		best.base = -1;
 	/*
 	 * Format the result.
 	 */
 	tp = tmp;
 	for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
 		/* Are we inside the best run of 0x00's? */
 		if (best.base != -1 && i >= best.base &&
 		    i < (best.base + best.len)) {
 			if (i == best.base)
 				*tp++ = ':';
 			continue;
 		}
 		/* Are we following an initial run of 0x00s or any real hex? */
 		if (i != 0)
 			*tp++ = ':';
 		/* Is this address an encapsulated IPv4? */
 		if (i == 6 && best.base == 0 && (best.len == 6 ||
 		    (best.len == 7 && words[7] != 0x0001) ||
 		    (best.len == 5 && words[5] == 0xffff) ||
 		    (best.len == 4 && words[4] == 0xffff && words[5] == 0))) {
 			if (!bro_inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp)))
 				return (NULL);
 			tp += strlen(tp);
 			break;
 		}
 		tp += sprintf(tp, "%x", words[i]);
 	}
 	/* Was it a trailing run of 0x00's? */
 	if (best.base != -1 && (best.base + best.len) ==
 	    (NS_IN6ADDRSZ / NS_INT16SZ))
 		*tp++ = ':';
 	*tp++ = '\0';
 	/*
 	 * Check for overflow, copy, and we're done.
 	 */
 	if ((socklen_t)(tp - tmp) > size) {
 		errno = ENOSPC;
 		return (NULL);
 	}
 	strcpy(dst, tmp);
 	return (dst);
 }
--- a/src/bro_inet_ntop.h
+++ b/src/bro_inet_ntop.h
@ -0,0 +1,18 @@
 #ifndef BRO_INET_NTOP_H
 #define BRO_INET_NTOP_H
 #ifdef __cplusplus
 extern "C" {
 #endif
 #include <sys/socket.h>
 const char * 
 bro_inet_ntop(int af, const void * __restrict src, char * __restrict dst,
    socklen_t size);
 #ifdef __cplusplus
 }
 #endif
 #endif
--- a/src/event.bif
+++ b/src/event.bif
@ -454,11 +454,38 @@ event expected_connection_seen%(c: connection, a: count%);
 ##
 ## c: The connection the packet is part of.
 ##
-## p: Informattion from the header of the packet that triggered the event.
+## p: Information from the header of the packet that triggered the event.
 ##
 ## .. bro:see:: tcp_packet packet_contents
 event new_packet%(c: connection, p: pkt_hdr%);
 ## Generated for every IPv6 packet that contains extension headers.
 ## This is potentially an expensive event to handle if analysiing IPv6 traffic
 ## that happens to utilize extension headers frequently.
 ##
 ## c: The connection the packet is part of.
 ##
 ## p: Information from the header of the packet that triggered the event.
 ##
 ## .. bro:see:: new_packet tcp_packet packet_contents esp_packet
 event ipv6_ext_headers%(c: connection, p: pkt_hdr%);
 ## Generated for any packets using the IPv6 Encapsulating Security Payload (ESP)
 ## extension header.
 ##
 ## p: Information from the header of the packet that triggered the event.
 ##
 ## .. bro:see:: new_packet tcp_packet ipv6_ext_headers
 event esp_packet%(p: pkt_hdr%);
 ## Generated for any packets using an IPv6 Routing Type 0 extension header
 ## with non-zero segments left.
 ##
 ## p: Information from the header of the packet that triggered the event.
 ##
 ## .. bro:see:: new_packet tcp_packet ipv6_ext_headers
 event rh0_segleft%(p: pkt_hdr%);
 ## Generated for every packet that has non-empty transport-layer payload. This is a
 ## very low-level and expensive event that should be avoided when at all possible.
 ## It's usually  infeasible to handle when processing even medium volumes of
--- a/src/logging/WriterFrontend.h
+++ b/src/logging/WriterFrontend.h
@ -212,7 +212,7 @@ protected:
 	const threading::Field* const*  fields;	// The log fields.
 	// Buffer for bulk writes.
-	static const int WRITER_BUFFER_SIZE = 50;
+	static const int WRITER_BUFFER_SIZE = 1000;
 	int write_buffer_pos;	// Position of next write in buffer.
 	threading::Value*** write_buffer;	// Buffer of size WRITER_BUFFER_SIZE.
 };
--- a/src/main.cc
+++ b/src/main.cc
@ -67,7 +67,7 @@ extern "C" {
 #include "setsignal.h"
 };
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 HeapLeakChecker* heap_checker = 0;
 int perftools_leaks = 0;
 int perftools_profile = 0;
@ -180,7 +180,7 @@ void usage()
 	fprintf(stderr, "    -W|--watchdog                  | activate watchdog timer\n");
 	fprintf(stderr, "    -Z|--doc-scripts               | generate documentation for all loaded scripts\n");
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	fprintf(stderr, "    -m|--mem-leaks                 | show leaks  [perftools]\n");
 	fprintf(stderr, "    -M|--mem-profile               | record heap [perftools]\n");
 #endif
@ -247,7 +247,7 @@ void done_with_network()
 	net_finish(1);
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 		if ( perftools_profile )
 			{
@ -428,7 +428,7 @@ int main(int argc, char** argv)
 #ifdef	USE_IDMEF
 		{"idmef-dtd",		required_argument,	0,	'n'},
 #endif
-#ifdef	USE_PERFTOOLS
+#ifdef	USE_PERFTOOLS_DEBUG
 		{"mem-leaks",	no_argument,		0,	'm'},
 		{"mem-profile",	no_argument,		0,	'M'},
 #endif
@ -470,7 +470,7 @@ int main(int argc, char** argv)
 	safe_strncpy(opts, "B:D:e:f:I:i:K:l:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGLOPSWbdghvZ",
 		     sizeof(opts));
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	strncat(opts, "mM", 2);
 #endif
@ -626,7 +626,7 @@ int main(int argc, char** argv)
 			exit(0);
 			break;
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 		case 'm':
 			perftools_leaks = 1;
 			break;
@ -763,14 +763,14 @@ int main(int argc, char** argv)
 	// nevertheless reported; see perftools docs), thus
 	// we suppress some messages here.
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	{
 	HeapLeakChecker::Disabler disabler;
 #endif
 	yyparse();
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 	}
 #endif
@ -858,7 +858,7 @@ int main(int argc, char** argv)
 	if ( dns_type != DNS_PRIME )
 		net_init(interfaces, read_files, netflows, flow_files,
-			writefile, "tcp or udp or icmp",
+			writefile, "",
 			secondary_path->Filter(), do_watchdog);
 	BroFile::SetDefaultRotation(log_rotate_interval, log_max_size);
@ -1024,7 +1024,7 @@ int main(int argc, char** argv)
 		if ( profiling_logger )
 			profiling_logger->Log();
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 		if ( perftools_leaks )
 			heap_checker = new HeapLeakChecker("net_run");
--- a/src/net_util.cc
+++ b/src/net_util.cc
@ -38,33 +38,6 @@ int ones_complement_checksum(const IPAddr& a, uint32 sum)
 	return ones_complement_checksum(bytes, len*4, sum);
 	}
 int tcp_checksum(const struct ip* ip, const struct tcphdr* tp, int len)
 	{
 	// ### Note, this is only correct for IPv4.  This routine is only
 	// used by the connection compressor (which we turn off for IPv6
 	// traffic).
 	int tcp_len = tp->th_off * 4 + len;
 	uint32 sum;
 	if ( len % 2 == 1 )
 		// Add in pad byte.
 		sum = htons(((const u_char*) tp)[tcp_len - 1] << 8);
 	else
 		sum = 0;
 	sum = ones_complement_checksum((void*) &ip->ip_src.s_addr, 4, sum);
 	sum = ones_complement_checksum((void*) &ip->ip_dst.s_addr, 4, sum);
 	uint32 addl_pseudo =
 		(htons(IPPROTO_TCP) << 16) | htons((unsigned short) tcp_len);
 	sum = ones_complement_checksum((void*) &addl_pseudo, 4, sum);
 	sum = ones_complement_checksum((void*) tp, tcp_len, sum);
 	return sum;
 	}
 int udp_checksum(const struct ip* ip, const struct udphdr* up, int len)
 	{
 	uint32 sum;
--- a/src/net_util.h
+++ b/src/net_util.h
@ -70,7 +70,6 @@ class IPAddr;
 extern int ones_complement_checksum(const void* p, int b, uint32 sum);
 extern int ones_complement_checksum(const IPAddr& a, uint32 sum);
 extern int tcp_checksum(const struct ip* ip, const struct tcphdr* tp, int len);
 extern int udp_checksum(const struct ip* ip, const struct udphdr* up, int len);
 extern int udp6_checksum(const struct ip6_hdr* ip, const struct udphdr* up,
 				int len);
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@ -283,5 +283,7 @@ void MsgThread::GetStats(Stats* stats)
 	stats->sent_out = cnt_sent_out;
 	stats->pending_in = queue_in.Size();
 	stats->pending_out = queue_out.Size();
 	queue_in.GetStats(&stats->queue_in_stats);
 	queue_out.GetStats(&stats->queue_out_stats);
 	}
--- a/src/threading/MsgThread.h
+++ b/src/threading/MsgThread.h
@ -154,6 +154,10 @@ public:
 		uint64_t sent_out;	//! Number of messages sent from the child thread to the main thread
 		uint64_t pending_in;	//! Number of messages sent to the child but not yet processed.
 		uint64_t pending_out;	//! Number of messages sent from the child but not yet processed by the main thread.
 		/// Statistics from our queues.
 		Queue<BasicInputMessage *>::Stats  queue_in_stats;
 		Queue<BasicOutputMessage *>::Stats queue_out_stats;
 		};
 	/**
--- a/src/threading/Queue.h
+++ b/src/threading/Queue.h
@ -63,6 +63,22 @@ public:
 	 */
 	uint64_t Size();
 	/**
 	 * Statistics about inter-thread communication.
 	 */
 	struct Stats
 		{
 		uint64_t num_reads;	//! Number of messages read from the queue.
 		uint64_t num_writes;	//! Number of messages written to the queue.
 		};
 	/**
 	 * Returns statistics about the queue's usage.
 	 *
 	 * @param stats A pointer to a structure that will be filled with
 	 * current numbers. */
 	void GetStats(Stats* stats);
 private:
 	static const int NUM_QUEUES = 8;
@ -72,6 +88,10 @@ private:
 	int read_ptr;	// Where the next operation will read from
 	int write_ptr;	// Where the next operation will write to
 	// Statistics.
 	uint64_t num_reads;
 	uint64_t num_writes;
 };
 inline static void safe_lock(pthread_mutex_t* mutex)
@ -91,6 +111,7 @@ inline Queue<T>::Queue()
 	{
 	read_ptr = 0;
 	write_ptr = 0;
 	num_reads = num_writes = 0;
 	for( int i = 0; i < NUM_QUEUES; ++i )
 		{
@ -126,6 +147,7 @@ inline T Queue<T>::Get()
 	messages[read_ptr].pop();
 	read_ptr = (read_ptr + 1) % NUM_QUEUES;
 	++num_reads;
 	safe_unlock(&mutex[old_read_ptr]);
@ -147,6 +169,7 @@ inline void Queue<T>::Put(T data)
 		pthread_cond_signal(&has_data[write_ptr]);
 	write_ptr = (write_ptr + 1) % NUM_QUEUES;
 	++num_writes;
 	safe_unlock(&mutex[old_write_ptr]);
 	}
@ -182,7 +205,23 @@ inline uint64_t Queue<T>::Size()
 	return size;
 	}
 template<typename T>
 inline void Queue<T>::GetStats(Stats* stats)
 	{
 	// To be safe, we look all queues. That's probably unneccessary, but
 	// doesn't really hurt.
 	for ( int i = 0; i < NUM_QUEUES; i++ )
 		safe_lock(&mutex[i]);
 	stats->num_reads = num_reads;
 	stats->num_writes = num_writes;
 	for ( int i = 0; i < NUM_QUEUES; i++ )
 		safe_unlock(&mutex[i]);
 	}
 }
 #endif
--- a/src/util.h
+++ b/src/util.h
@ -37,7 +37,7 @@
 #endif
-#ifdef USE_PERFTOOLS
+#ifdef USE_PERFTOOLS_DEBUG
 #include <google/heap-checker.h>
 #include <google/heap-profiler.h>
 extern HeapLeakChecker* heap_checker;
--- a/testing/btest/.gitignore
+++ b/testing/btest/.gitignore
@ -1,3 +1,4 @@
 .tmp
 .btest.failed.dat
 diag.log
 coverage.log
--- a/testing/btest/Baseline/bifs.install_src_addr_filter/output
+++ b/testing/btest/Baseline/bifs.install_src_addr_filter/output
@ -0,0 +1,8 @@
 [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
--- a/testing/btest/Baseline/bifs.routing0_data_to_addrs/output
+++ b/testing/btest/Baseline/bifs.routing0_data_to_addrs/output
@ -0,0 +1 @@
 [2001:78:1:32::1, 2001:78:1:32::2]
--- a/testing/btest/Baseline/core.discarder/output
+++ b/testing/btest/Baseline/core.discarder/output
@ -0,0 +1,24 @@
 ################ IP Discarder ################
 [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 ################ TCP Discarder ################
 [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 ################ UDP Discarder ################
 [orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
 [orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp]
 [orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp]
 [orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp]
 [orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp]
 ################ ICMP Discarder ################
 Discard icmp packet: [icmp_type=3]
--- a/testing/btest/Baseline/core.ipv6-frag/dns.log
+++ b/testing/btest/Baseline/core.ipv6-frag/dns.log
@ -0,0 +1,9 @@
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	dns
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	QR	AA	TC	RD	RA	Z	answers	TTLs
 #types	time	string	addr	port	addr	port	enum	count	string	count	string	count	string	count	string	bool	bool	bool	bool	bool	count	vector[string]	vector[interval]
 1331084278.438444	UWkUyAuUGXf	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51850	2607:f740:b::f93	53	udp	3903	txtpadding_323.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	F	T	F	T	F	0	This TXT record should be ignored	1.000000
 1331084293.592245	arKYeMETxOg	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51851	2607:f740:b::f93	53	udp	40849	txtpadding_3230.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	F	T	F	T	F	0	This TXT record should be ignored	1.000000
--- a/testing/btest/Baseline/core.ipv6-frag/output
+++ b/testing/btest/Baseline/core.ipv6-frag/output
@ -0,0 +1,5 @@
 ip6=[class=0, flow=0, len=81, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51850/udp, dport=53/udp, ulen=81]
 ip6=[class=0, flow=0, len=331, nxt=17, hlim=53, src=2607:f740:b::f93, dst=2001:470:1f11:81f:d138:5f55:6d4:1fe2, exts=[]], udp = [sport=53/udp, dport=51850/udp, ulen=331]
 ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82]
 ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82]
 ip6=[class=0, flow=0, len=3238, nxt=17, hlim=53, src=2607:f740:b::f93, dst=2001:470:1f11:81f:d138:5f55:6d4:1fe2, exts=[]], udp = [sport=53/udp, dport=51851/udp, ulen=3238]
--- a/testing/btest/Baseline/core.ipv6_esp/output
+++ b/testing/btest/Baseline/core.ipv6_esp/output
@ -0,0 +1,120 @@
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=10, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=11, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=12, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=13, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=20, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=21, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=22, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=1]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=2]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=3]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=4]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=5]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=6]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=7]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=8]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=9]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=[spi=23, seq=10]]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
--- a/testing/btest/Baseline/core.ipv6_ext_headers/output
+++ b/testing/btest/Baseline/core.ipv6_ext_headers/output
@ -0,0 +1 @@
 [ip=<uninitialized>, ip6=[class=0, flow=0, len=68, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>], [id=43, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=[nxt=6, len=4, rtype=0, segleft=0, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>]]], tcp=[sport=30000/tcp, dport=80/tcp, seq=0, ack=0, hl=20, dl=0, flags=2, win=8192], udp=<uninitialized>, icmp=<uninitialized>]
--- a/testing/btest/Baseline/core.ipv6_rh0/segleft.out
+++ b/testing/btest/Baseline/core.ipv6_rh0/segleft.out
@ -0,0 +1,2 @@
 flow_weird routing0_segleft from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2
 rh0 w/ segments left from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:4f8:4:7:2e0:81ff:fe52:9a6b
--- a/testing/btest/Baseline/core.ipv6_rh0/segleft0.out
+++ b/testing/btest/Baseline/core.ipv6_rh0/segleft0.out
@ -0,0 +1,2 @@
 flow_weird routing0_header from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:4f8:4:7:2e0:81ff:fe52:9a6b
 new_connection: [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/tcp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=80/tcp]
--- a/testing/btest/Baseline/language.ipv6-literals/output
+++ b/testing/btest/Baseline/language.ipv6-literals/output
@ -15,8 +15,10 @@ aaaa::ffff
 192.168.1.100
 ffff::c0a8:164
 ::192.168.1.100
 ::ffff:0:192.168.1.100
 805b:2d9d:dc28::fc57:d4c8:1fff
 aaaa::bbbb
 aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222
 aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222
 aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222
 aaaa:bbbb:cccc:dddd:eeee::2222
--- a/testing/btest/Makefile
+++ b/testing/btest/Makefile
@ -6,13 +6,13 @@ all: cleanup btest-verbose coverage
 # Showing all tests.
 btest-verbose:
-	@$(BTEST) -f $(DIAG)
+	@$(BTEST) -j 5 -f $(DIAG)
 brief: cleanup btest-brief coverage
 # Brief output showing only failed tests.
 btest-brief:
-	@$(BTEST) -b -f $(DIAG)
+	@$(BTEST) -j 5 -b -f $(DIAG)
 coverage:
 	@../scripts/coverage-calc ".tmp/script-coverage*" coverage.log `pwd`/../../scripts
--- a/testing/btest/Traces/icmp-unreach.trace
+++ b/testing/btest/Traces/icmp-unreach.trace
--- a/testing/btest/Traces/ip6_esp.trace
+++ b/testing/btest/Traces/ip6_esp.trace
--- a/testing/btest/Traces/ipv6-fragmented-dns.trace
+++ b/testing/btest/Traces/ipv6-fragmented-dns.trace
--- a/testing/btest/Traces/ipv6-hbh-rh0-segleft.trace
+++ b/testing/btest/Traces/ipv6-hbh-rh0-segleft.trace
--- a/testing/btest/Traces/ipv6-hbh-rh0-segleft0.trace
+++ b/testing/btest/Traces/ipv6-hbh-rh0-segleft0.trace
--- a/testing/btest/bifs/install_src_addr_filter.test
+++ b/testing/btest/bifs/install_src_addr_filter.test
@ -0,0 +1,13 @@
 # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output
 # @TEST-EXEC: btest-diff output
 event bro_init()
    {
    install_src_addr_filter(141.142.220.118, TH_SYN, 100.0);
    }
 event new_packet(c: connection, p: pkt_hdr)
    {
    if ( p?$tcp && p$ip$src == 141.142.220.118 )
            print c$id;
    }
--- a/testing/btest/bifs/routing0_data_to_addrs.test
+++ b/testing/btest/bifs/routing0_data_to_addrs.test
@ -0,0 +1,10 @@
 # @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-rh0-segleft.trace %INPUT >output
 # @TEST-EXEC: btest-diff output
 event rh0_segleft(p: pkt_hdr)
 	{
 	for ( h in p$ip6$exts )
 		if ( p$ip6$exts[h]$id == IPPROTO_ROUTING )
 			if ( p$ip6$exts[h]$routing$rtype == 0 )
 				print routing0_data_to_addrs(p$ip6$exts[h]$routing$data);
 	}
--- a/testing/btest/core/discarder.bro
+++ b/testing/btest/core/discarder.bro
@ -0,0 +1,92 @@
 # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace discarder-ip.bro >output
 # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace discarder-tcp.bro >>output
 # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace discarder-udp.bro >>output
 # @TEST-EXEC: bro -C -r $TRACES/icmp-unreach.trace discarder-icmp.bro >>output
 # @TEST-EXEC: btest-diff output
@TEST-START-FILE discarder-ip.bro
 event bro_init()
 	{
 	print "################ IP Discarder ################";
 	}
 function discarder_check_ip(p: pkt_hdr): bool
    {
    if ( p?$ip && p$ip$src == 141.142.220.118 && p$ip$dst == 208.80.152.2 )
        return F;
 	return T;
    }
 event new_packet(c: connection, p: pkt_hdr)
    {
    print c$id;
    }
@TEST-END-FILE
@TEST-START-FILE discarder-tcp.bro
 event bro_init()
    {
    print "################ TCP Discarder ################";
    }
 function discarder_check_tcp(p: pkt_hdr, d: string): bool
    {
    if ( p$tcp$flags == TH_SYN )
        return F;
    return T;
    }
 event new_packet(c: connection, p: pkt_hdr)
    {
    if ( p?$tcp )
        print c$id;
    }
@TEST-END-FILE
@TEST-START-FILE discarder-udp.bro
 event bro_init()
    {
    print "################ UDP Discarder ################";
    }
 function discarder_check_udp(p: pkt_hdr, d: string): bool
    {
    if ( p?$ip6 )
        return F;
    return T;
    }
 event new_packet(c: connection, p: pkt_hdr)
    {
    if ( p?$udp )
        print c$id;
    }
@TEST-END-FILE
@TEST-START-FILE discarder-icmp.bro
 event bro_init()
    {
    print "################ ICMP Discarder ################";
    }
 function discarder_check_icmp(p: pkt_hdr): bool
    {
    print fmt("Discard icmp packet: %s", p$icmp);
    return T;
    }
 event new_packet(c: connection, p: pkt_hdr)
    {
    if ( p?$icmp )
        print c$id;
    }
@TEST-END-FILE
--- a/testing/btest/core/ipv6-frag.test
+++ b/testing/btest/core/ipv6-frag.test
@ -0,0 +1,9 @@
 # @TEST-EXEC: bro -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff dns.log
 event new_packet(c: connection, p: pkt_hdr)
 	{
 	if ( p?$ip6 && p?$ udp )
 		print fmt("ip6=%s, udp = %s", p$ip6, p$udp);
 	}
--- a/testing/btest/core/ipv6_esp.test
+++ b/testing/btest/core/ipv6_esp.test
@ -0,0 +1,10 @@
 # @TEST-EXEC: bro -r $TRACES/ip6_esp.trace %INPUT >output
 # @TEST-EXEC: btest-diff output
 # Just check that the event is raised correctly for a packet containing
 # ESP extension headers.
 event esp_packet(p: pkt_hdr)
 	{
 	print p;
 	}
--- a/testing/btest/core/ipv6_ext_headers.test
+++ b/testing/btest/core/ipv6_ext_headers.test
@ -0,0 +1,10 @@
 # @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-rh0-segleft0.trace %INPUT >output
 # @TEST-EXEC: btest-diff output
 # Just check that the event is raised correctly for a packet containing
 # extension headers.
 event ipv6_ext_headers(c: connection, p: pkt_hdr)
 	{
 	print p;
 	}
--- a/testing/btest/core/ipv6_rh0.test
+++ b/testing/btest/core/ipv6_rh0.test
@ -0,0 +1,22 @@
 # @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-rh0-segleft0.trace %INPUT >segleft0.out
 # @TEST-EXEC: btest-diff segleft0.out
 # @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-rh0-segleft.trace %INPUT >segleft.out
 # @TEST-EXEC: btest-diff segleft.out
 # This will be raised only by the packet with RH0 and segments left.
 event rh0_segleft(p: pkt_hdr)
 	{
 	print fmt("rh0 w/ segments left from %s to %s", p$ip6$src, p$ip6$dst);
 	}
 # This will be raised only by the packet with RH0 and no segments left.
 event new_connection(c: connection)
 	{
 	print fmt("new_connection: %s", c$id);
 	}
 # This will be raised by any packet with RH0 regardless of segments left.
 event flow_weird(name: string, src: addr, dst: addr)
 	{
 	print fmt("flow_weird %s from %s to %s", name, src, dst);
 	}
--- a/testing/btest/language/ipv6-literals.bro
+++ b/testing/btest/language/ipv6-literals.bro
@ -20,11 +20,13 @@ v[|v|] = [aaaa:0::ffff];
 v[|v|] = [::ffff:192.168.1.100];
 v[|v|] = [ffff::192.168.1.100];
 v[|v|] = [::192.168.1.100];
 v[|v|] = [::ffff:0:192.168.1.100];
 v[|v|] = [805B:2D9D:DC28::FC57:212.200.31.255];
 v[|v|] = [0xaaaa::bbbb];
 v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222];
 v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222];
 v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222];
 v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:0:0:2222];
 for (i in v)
    print v[i];
		`@ -1 +1 @@`
			`Subproject commit 3034da8f082b61157e234237993ffd7a95be6e62`				`Subproject commit dd1a3a95f07082efcd5274b21104a038d523d132`
		`@ -1 +1 @@`
			`Subproject commit f53bcb2b492cb0db3dd288384040abc2ab711767`				`Subproject commit a59b35bdada8f70fb1a59bf7bb2976534c86d378`
		`@ -1 +1 @@`
			`Subproject commit a08ca90727c5c4b90aa8633106ec33a5cf7378d4`				`Subproject commit a4046c2f79b6ab0ac19ae8be94b79c6ce578bea7`
		`@ -1 +1 @@`
			`Subproject commit 954538514d71983e7ef3f0e109960466096e1c1d`				`Subproject commit c86b7e990b4d39cd48c0cb692077aa081b418149`
		`@ -1 +1 @@`
			`Subproject commit 9c9fde204dd5518bdfdb8b4a86d38ed06e597209`				`Subproject commit c8e8fe477b5dec635e5ce00f3f764fad069c549c`
		`@ -1 +1 @@`
			`Subproject commit 2cc105577044a2d214124568f3f2496ed2ccbb34`				`Subproject commit 550ab2c8d95b1d3e18e40a903152650e6c7a3c45`
		`@ -0,0 +1 @@`
							[ip=<uninitialized>, ip6=[class=0, flow=0, len=68, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>], [id=43, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=[nxt=6, len=4, rtype=0, segleft=0, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>]]], tcp=[sport=30000/tcp, dport=80/tcp, seq=0, ack=0, hl=20, dl=0, flags=2, win=8192], udp=<uninitialized>, icmp=<uninitialized>]
		`@ -0,0 +1,2 @@`
							`flow_weird routing0_segleft from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2`
							`rh0 w/ segments left from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:4f8:4:7:2e0:81ff:fe52:9a6b`
		`@ -0,0 +1,2 @@`
							`flow_weird routing0_header from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:4f8:4:7:2e0:81ff:fe52:9a6b`
							`new_connection: [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/tcp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=80/tcp]`