Merge branch 'master' into topic/vern/script-inlining

.cirrus.yml

@@ -3,7 +3,8 @@ btest_jobs: &BTEST_JOBS 4
 btest_retries: &BTEST_RETRIES 2
 memory: &MEMORY 4GB
 
-config: &CONFIG --build-type=release --enable-cpp-tests  --disable-broker-tests --prefix=$CIRRUS_WORKING_DIR/install
+config: &CONFIG --build-type=release --enable-cpp-tests --disable-broker-tests --prefix=$CIRRUS_WORKING_DIR/install
+static_config: &STATIC_CONFIG --build-type=release --enable-cpp-tests --disable-broker-tests --enable-static-broker --enable-static-binpac --prefix=$CIRRUS_WORKING_DIR/install
 sanitizer_config: &SANITIZER_CONFIG --build-type=debug --enable-cpp-tests --disable-broker-tests --sanitizers=address,undefined --enable-fuzzers --enable-coverage
 
 resources_template: &RESOURCES_TEMPLATE
@@ -87,13 +88,6 @@ fedora32_task:
     << : *RESOURCES_TEMPLATE
   << : *CI_TEMPLATE
 
-fedora31_task:
-  container:
-    # Fedora 31 EOL: Nov 24 2020
-    dockerfile: ci/fedora-31/Dockerfile
-    << : *RESOURCES_TEMPLATE
-  << : *CI_TEMPLATE
-
 centos8_task:
   container:
     # CentOS 8 EOL: May 31, 2029
@@ -120,6 +114,16 @@ debian10_task:
     << : *RESOURCES_TEMPLATE
   << : *CI_TEMPLATE
 
+debian10_static_task:
+  container:
+    # Just uses a recent/common distro to run a static compile test.
+    # Debian 10 EOL: June 2024
+    dockerfile: ci/debian-10/Dockerfile
+    << : *RESOURCES_TEMPLATE
+  << : *CI_TEMPLATE
+  env:
+    ZEEK_CI_CONFIGURE_FLAGS: *STATIC_CONFIG
+
 debian9_task:
   container:
     # Debian 9 EOL: June 2022

.gitignore

@@ -8,3 +8,6 @@ cmake-build-*
 
 # skip DS Store for MacOS
 .DS_Store
+
+# ignore pyenv local settings
+.python-version

CHANGES

@@ -1,3 +1,121 @@
+
+3.3.0-dev.607 | 2020-12-04 11:16:09 -0800
+
+  * Fix the CMake 'dist' target of Zeek plugins to only run when outdated (Benjamin Bannier, Corelight)
+
+3.3.0-dev.604 | 2020-12-04 18:40:03 +0000
+
+  * Sumstats: allow users to manage epoch manually
+
+    This change allows users to specify an epoch length of 0, which means
+    that the user manually has to finish the epochs. A new next_epoch
+    function is introduced to allow users to manually end epochs.
+
+    Addresses GH-348 (Johanna Amann, Corelight)
+
+  * Sumstats: epoch_finished was not called under certain circumstances
+
+    In non-clustered mode, epoch_finished was not called when there was no
+    data during the epoch.
+
+    This behavior does not fit the documentation, and also is different in
+    cluster-mode, where epoch_finished is, indeed, called after every epoch.
+
+    This small change fixes this behavior. (Johanna Amann, Corelight)
+
+3.3.0-dev.600 | 2020-12-03 18:02:22 -0800
+
+  * Add a CI task for compiling with static broker/binpac (Johanna Amann, Corelight)
+
+3.3.0-dev.596 | 2020-12-03 09:35:42 -0700
+
+  * Fix a couple of life-time issues when plugin loading fails.
+
+    Reported by Coverity.
+
+    Follow-up to #1179. (Robin Sommer, Corelight)
+
+3.3.0-dev.593 | 2020-12-02 12:53:04 -0800
+
+  * Add `count_to_double` and `int_to_double` bif functions (Yacin Nadji, Corelight)
+
+3.3.0-dev.590 | 2020-12-02 11:11:26 -0800
+
+  * Update minimum required CMake to 3.5 (Jon Siwek, Corelight)
+
+    Also now uses CMake's ENABLE_EXPORTS target property for the zeek
+    executable to ensure symbols are visible to plugins.  Prior to CMake
+    3.4, the policy was to export symbols by default for certain platforms,
+    but later versions need either the explicit target property or policy.
+
+3.3.0-dev.587 | 2020-12-01 10:17:42 -0700
+
+  * GH-1184: Add 'source' field to weird log denoting where the weird was reported (Tim Wojtulewicz, Corelight)
+
+3.3.0-dev.585 | 2020-12-01 14:42:54 +0000
+
+  * Retry loading plugins on failure to resolve to dependencies.
+    Closes #1179. (Robin Sommer, Corelight)
+
+3.3.0-dev.580 | 2020-11-30 14:07:39 -0700
+
+  * Find correct zeek namespace in debug logger macros.
+
+    These macros forward to functionality in `zeek::detail::debug_logger`
+    and are not intended for customization. This patch fixes the macros to
+    always use `::zeek::detail::debug_logger` as without the leading `::`
+    lookup could happen in any potentially local namespace `zeek` which does
+    not need to provide this symbol.
+
+    This closes zeek/spicy#597. (Benjamin Bannier, Corelight)
+
+3.3.0-dev.576 | 2020-11-26 18:16:07 +0000
+
+  * Remove Python2 compatibility logic. We now require at least Python 3.5.
+    This includes script changes, improves the cmake logic to find python3,
+    makes scripts explicitly call python3 and documentation updates.
+
+    (Jon Siwek, Corelight)
+
+  * Remove Fedora 31 (EOL) from CI (Jon Siwek, Corelight)
+
+3.3.0-dev.564 | 2020-11-24 15:23:50 -0800
+
+  * Improve support for custom libdir locations (Christian Kreibich, Corelight)
+
+    - Remove hardwiring of $ZEEK_ROOT/lib throughout the three and
+      defaults the name of Zeek's library directory to the default on the
+      given platform (e.g. lib64), via GNUInstallDirs.
+
+    - Consistently use that lib directory, instead of two lib folders
+      resulting when using a custom libdir.
+
+    - Remove the old lib directory in the installation prefix, if one exists
+
+    - Add --lib_dir to zeek-config (and sort its options a bit).
+
+3.3.0-dev.561 | 2020-11-23 21:50:19 -0800
+
+  * Move implementation of internal_{type,var,etc} methods back into global namespace.
+    (Tim Wojtulewicz, Corelight)
+
+    This fixes an unknown symbol error if using those methods. They're defined
+    as extern in the global namespace in Var.h, but Var.cc had their
+    implementations defined in the zeek::detail namespace.
+
+3.3.0-dev.559 | 2020-11-23 21:39:29 -0800
+
+  * Simplify Debian/Ubuntu CI dependencies and setup (Dominik Charousset, Corelight)
+
+  * Update .gitignore to ignore pyenv .python-version (Otto Fowler)
+
+3.3.0-dev.554 | 2020-11-19 18:09:01 -0800
+
+  * Reverts the SMTP regex change in dead3226a545e264072ced40284f86ac41528ba8. (Tim Wojtulewicz, Corelight)
+
+    The regex change broke some of the external tests. I added some more cases
+    to the regular email btest to hopefully cover all of the cases better.
+
 3.3.0-dev.551 | 2020-11-17 15:01:04 -0700
 
   * Added unit tests for regex fix (christina23)

CMakeLists.txt

@@ -1,17 +1,10 @@
 # When changing the minimum version here, also adapt
 # auxil/zeek-aux/plugin-support/skeleton/CMakeLists.txt
-cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
+cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
 
 project(Zeek C CXX)
 
-if ( NOT CMAKE_INSTALL_LIBDIR )
-    # Currently, some sub-projects may use GNUInstallDirs.cmake to choose the
-    # library install dir, while others just default to "lib".  For sake of
-    # consistency, this just overrides the former to always use "lib" in case
-    # it would have chosen something else, like "lib64", but a thing for the
-    # future may be to standardize all sub-projects to use GNUInstallDirs.
-    set(CMAKE_INSTALL_LIBDIR lib)
-endif ()
+include(GNUInstallDirs)
 
 include(cmake/CommonCMakeConfig.cmake)
 include(cmake/FindClangTidy.cmake)
@@ -60,7 +53,8 @@ endif ()
 get_filename_component(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_SCRIPT_INSTALL_PATH}
     ABSOLUTE)
 
-set(BRO_PLUGIN_INSTALL_PATH ${ZEEK_ROOT_DIR}/lib/zeek/plugins CACHE STRING "Installation path for plugins" FORCE)
+set(BRO_PLUGIN_INSTALL_PATH ${CMAKE_INSTALL_FULL_LIBDIR}/zeek/plugins CACHE STRING "Installation path for plugins" FORCE)
+set(PY_MOD_INSTALL_DIR ${CMAKE_INSTALL_FULL_LIBDIR}/zeekctl CACHE STRING "Installation path for Python modules" FORCE)
 
 configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev)
 execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
@@ -126,7 +120,7 @@ if ( NOT BINARY_PACKAGING_MODE )
     # before Zeek 3.0.
     _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/include/bro" "${CMAKE_INSTALL_PREFIX}/include/zeek")
     _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/share/bro" "${CMAKE_INSTALL_PREFIX}/share/zeek")
-    _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/lib/bro" "${CMAKE_INSTALL_PREFIX}/lib/zeek")
+    _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/lib/bro" "${CMAKE_INSTALL_FULL_LIBDIR}/zeek")
 endif ()
 
 if ( ZEEK_SANITIZERS )
@@ -242,6 +236,7 @@ if (NOT SED_EXE)
     endif ()
 endif ()
 
+list(APPEND Python_ADDITIONAL_VERSIONS 3)
 FindRequiredPackage(PythonInterp)
 FindRequiredPackage(FLEX)
 FindRequiredPackage(BISON)
@@ -288,6 +283,12 @@ if (MISSING_PREREQS)
     message(FATAL_ERROR "Configuration aborted due to missing prerequisites")
 endif ()
 
+set(ZEEK_PYTHON_MIN 3.5.0)
+
+if ( PYTHON_VERSION_STRING VERSION_LESS ${ZEEK_PYTHON_MIN} )
+    message(FATAL_ERROR "Python ${ZEEK_PYTHON_MIN} or greater is required.")
+endif ()
+
 if ( CAF_ROOT_DIR )
   find_package(CAF COMPONENTS core io openssl REQUIRED)
 endif ()
@@ -514,12 +515,29 @@ CheckOptionalBuildSources(auxil/zeekctl   ZeekControl INSTALL_ZEEKCTL)
 CheckOptionalBuildSources(auxil/zeek-aux  Zeek-Aux  INSTALL_AUX_TOOLS)
 CheckOptionalBuildSources(auxil/zeek-archiver ZeekArchiver INSTALL_ZEEK_ARCHIVER)
 
+########################################################################
+## Transitions and cleanups
+
+if ( NOT BINARY_PACKAGING_MODE )
+    # Remove pre-existing libdir of the old hardwired name if it is not
+    # the name we're now installing under.
+    set(_old_libdir ${CMAKE_INSTALL_PREFIX}/lib)
+
+    install(CODE "
+        if ( EXISTS \"${_old_libdir}\" AND IS_DIRECTORY \"${_old_libdir}\"
+             AND NOT \"${_old_libdir}\" STREQUAL \"${CMAKE_INSTALL_FULL_LIBDIR}\" )
+            message(STATUS \"WARNING: removing old library directory ${_old_libdir}\")
+            execute_process(COMMAND \"${CMAKE_COMMAND}\" -E remove_directory \"${_old_libdir}\")
+        endif ()
+    ")
+endif ()
+
 ########################################################################
 ## Packaging Setup
 
 if (INSTALL_ZEEKCTL)
     # CPack RPM Generator may not automatically detect this
-    set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.6.0")
+    set(CPACK_RPM_PACKAGE_REQUIRES "python >= ${ZEEK_PYTHON_MIN}")
 endif ()
 
 # If this CMake project is a sub-project of another, we will not

NEWS

@@ -84,6 +84,42 @@ New Functionality
   is a special version indicating that the server/client supports both SSH2 and
 	SSH1.
 
+- Added ``count_to_double()`` and ``int_to_double()`` type-conversion BIFs.
+
+- Added these string-processing BIFs:
+
+  - count_substr
+  - find_str
+  - rfind_str
+  - starts_with
+  - ends_with
+  - is_num
+  - is_alpha
+  - is_alnum
+  - ljust
+  - rjust
+  - swap_case
+  - to_title
+  - zfill
+  - remove_prefix
+  - remove_suffix
+
+- Added a new ``Weird::sampling_global_list`` option to configure global
+  rate-limiting of certain weirds instead of per connection/flow.
+
+- Added a ``Pcap::findalldevs()`` for obtaining available network devices.
+
+- Added ``enum_names()`` BIF to return names of an enum type's values
+
+- Added ``type_aliases`` BIF for introspecting type-names of types/values
+
+- Added composite-index support for ``&backend`` (Broker-backed tables).
+  An example of a set with composite index is ``set[string, count, count]``.
+
+- Sumstats now allows manual epochs. If an ``epoch`` interval of 0 is specified,
+  epochs will have to be manually ended by callis ``SumStats::next_epoch``. This
+  can be convenient because epochs can be synced to other events.
+
 Changed Functionality
 ---------------------
 
@@ -127,6 +163,27 @@ Changed Functionality
   to a behavior that favors consistency.  For reference, see
   https://github.com/zeek/zeek/pull/251#issuecomment-713956976
 
+- The Zeek installation tree is now more consistent in using a ``lib64/``
+  (rather than ``lib/``) subdirectory for platforms where that's the common
+  convention.  If the old hardcoded ``lib/`` path exists while installing Zeek
+  4.0 and the new subdirectory differs, then the old ``lib/`` will be removed.
+  This potentially wipes out binary plugins that have already been installed
+  there, but Zeek plugins generally have to be re-built/re-installed upon any
+  Zeek upgrade anyway, so no part of the usual upgrade process is expected to
+  be complicated by this cleanup operation.
+
+- Continued renaming/namespacing of many classes into either ``zeek`` or
+  ``zeek::detail`` namespaces as already explained in Zeek 3.2's release notes.
+  Deprecation warnings should generally help notify plugin developers of these
+  changes.
+
+- Changed HTTP DPD signatures to trigger analyzer independent of peer state.
+
+  This is to avoid missing large sessions where a single side exceeds
+  the DPD buffer size. It comes with the trade-off that now the analyzer
+  can be triggered by anybody controlling one of the endpoints (instead
+  of both).  For discussion, see https://github.com/zeek/zeek/issues/343.
+
 Removed Functionality
 ---------------------
 
@@ -146,6 +203,10 @@ Removed Functionality
   ``connection_state_remove`` handler can now be resolved with a less-confusing
   approach: see the ``Conn::register_removal_hook`` function.
 
+- Python 2 is no longer supported.  Python 3.5 is the new minimum requirement.
+
+- CMake versions less than 3.5 are no longer supported.
+
 Deprecated Functionality
 ------------------------
 

VERSION

@@ -1 +1 @@
-3.3.0-dev.551
+3.3.0-dev.607

auxil/bifcl

@@ -1 +1 @@
-Subproject commit 1eaa6aff1d991307b134d85b64e1ab7b68c89c92
+Subproject commit 5a45ae8d0f61e7ae7fa3ed0ea5841e8347e40926

auxil/binpac

@@ -1 +1 @@
-Subproject commit bc719c1565de9454b04a4b9aade14460268bcfbe
+Subproject commit 1078f4e9d6065ae47cf6fca9bd8e98183f913b98

auxil/broker

@@ -1 +1 @@
-Subproject commit 28fbb63d06c9192923effc930a4b60226c35fb0e
+Subproject commit 8899280694d8d5ad3aaa0a03cc99e4c3d3fd7887

auxil/btest

@@ -1 +1 @@
-Subproject commit 8ce78fe388fbb583b47e1a9ea956c94cb9b5be6d
+Subproject commit 26c180e0c6a14ced1853dfb42be0e7b99c71eca0

auxil/netcontrol-connectors

@@ -1 +1 @@
-Subproject commit 92d1bee12b0d92d36d784367c3c33646a7db990d
+Subproject commit 94e1c36512adb47b43c157b87c500176ffb668e2

auxil/paraglob

@@ -1 +1 @@
-Subproject commit 512c911c27aeb319430093187f85c70610d80035
+Subproject commit f7b6c4566187e8a7968ceab58bb329da25142ea2

auxil/zeek-archiver

@@ -1 +1 @@
-Subproject commit 107b7bd51d530df888996553123992d05f1ee27b
+Subproject commit 37d9e97833aab3e6c24fdeb8c8f5385b878f8290

auxil/zeek-aux

@@ -1 +1 @@
-Subproject commit fbb5a21719d4d00244bdd9f0d0a2f8543580a016
+Subproject commit 037bd04115ee0176536d85374f39980a45e9ff92

auxil/zeekctl

@@ -1 +1 @@
-Subproject commit f99e3265c5e7d6c45361b7d8dc03e772f66b0d4b
+Subproject commit 0abed02b22f75d40d8c089fa1185681a6a9ee6d6

ci/centos-7/Dockerfile

@@ -5,7 +5,7 @@ FROM centos:7
 RUN yum -y install \
     https://repo.ius.io/ius-release-el7.rpm \
     https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
-  && yum -y install git2u \
+  && yum -y install git224 \
   && yum clean all && rm -rf /var/cache/yum
 
 RUN yum -y install \
@@ -38,13 +38,7 @@ RUN yum -y install \
     which \
   && yum clean all && rm -rf /var/cache/yum
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html
 
 RUN echo 'unset BASH_ENV PROMPT_COMMAND ENV' > /usr/bin/zeek-ci-env && \
     echo 'source /opt/rh/devtoolset-7/enable' >> /usr/bin/zeek-ci-env

ci/centos-8/Dockerfile

@@ -23,13 +23,8 @@ RUN dnf -y update && dnf -y install \
     zlib-devel \
     libsqlite3x-devel \
     findutils \
+    diffutils \
     which \
   && dnf clean all && rm -rf /var/cache/dnf
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html

ci/debian-10/Dockerfile

@@ -25,10 +25,4 @@ RUN apt-get update && apt-get -y install \
     xz-utils \
   && rm -rf /var/lib/apt/lists/*
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html

ci/debian-9-32bit/Dockerfile

@@ -31,12 +31,6 @@ RUN apt-get update && apt-get -y install \
 RUN update-alternatives --install /usr/bin/cc cc /usr/bin/clang-7 100
 RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++-7 100
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html
 
 ENV CXXFLAGS=-stdlib=libc++

ci/debian-9/Dockerfile

@@ -28,15 +28,8 @@ RUN apt-get update && apt-get -y install \
     libc++abi-7-dev \
   && rm -rf /var/lib/apt/lists/*
 
-RUN update-alternatives --install /usr/bin/cc cc /usr/bin/clang-7 100
-RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++-7 100
-
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html
 
+ENV CC=/usr/bin/clang-7
+ENV CXX=/usr/bin/clang++-7
 ENV CXXFLAGS=-stdlib=libc++

ci/fedora-31/Dockerfile

@@ -1,31 +0,0 @@
-FROM fedora:31
-
-RUN yum -y install \
-    bison \
-    cmake \
-    diffutils \
-    findutils \
-    flex \
-    git \
-    gcc \
-    gcc-c++ \
-    libpcap-devel \
-    make \
-    openssl \
-    openssl-devel \
-    python3 \
-    python3-devel \
-    python3-pip\
-    sqlite \
-    swig \
-    which \
-    zlib-devel \
-  && yum clean all && rm -rf /var/cache/yum
-
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html

ci/fedora-32/Dockerfile

@@ -22,10 +22,4 @@ RUN yum -y install \
     zlib-devel \
   && yum clean all && rm -rf /var/cache/yum
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html

ci/fedora-33/Dockerfile

@@ -22,10 +22,4 @@ RUN yum -y install \
     zlib-devel \
   && yum clean all && rm -rf /var/cache/yum
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html

ci/freebsd/prepare.sh

@@ -9,5 +9,4 @@ env ASSUME_ALWAYS_YES=YES pkg bootstrap
 pkg install -y bash git cmake swig bison python3 base64
 pyver=`python3 -c 'import sys; print(f"py{sys.version_info[0]}{sys.version_info[1]}")'`
 pkg install -y $pyver-sqlite3 $pyver-pip
-( cd && mkdir -p ./bin && ln -s /usr/local/bin/python3 ./bin/python )
 pip install junit2html

ci/ubuntu-16.04/Dockerfile

@@ -15,6 +15,9 @@ RUN apt-get update && apt-get -y install \
     python3 \
     python3-dev \
     python3-pip\
+    clang-8 \
+    libc++-8-dev \
+    libc++abi-8-dev \
     swig \
     zlib1g-dev \
     libkrb5-dev \
@@ -25,19 +28,8 @@ RUN apt-get update && apt-get -y install \
     xz-utils \
   && rm -rf /var/lib/apt/lists/*
 
-RUN wget -q https://releases.llvm.org/9.0.0/clang+llvm-9.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
-RUN mkdir /clang-9
-RUN tar --strip-components=1 -C /clang-9 -xvf clang+llvm-9.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
-RUN update-alternatives --install /usr/bin/cc cc /clang-9/bin/clang 100
-RUN update-alternatives --install /usr/bin/c++ c++ /clang-9/bin/clang++ 100
-
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html
 
+ENV CC=/usr/bin/clang-8
+ENV CXX=/usr/bin/clang++-8
 ENV CXXFLAGS=-stdlib=libc++
-ENV LD_LIBRARY_PATH=/clang-9/lib

ci/ubuntu-18.04/Dockerfile

@@ -29,11 +29,5 @@ RUN apt-get update && apt-get -y install \
     lcov \
   && rm -rf /var/lib/apt/lists/*
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html
 RUN gem install coveralls-lcov

ci/ubuntu-20.04/Dockerfile

@@ -29,11 +29,5 @@ RUN apt-get update && apt-get -y install \
     lcov \
   && rm -rf /var/lib/apt/lists/*
 
-# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
-# this is a simple workaround until we drop Python 2 support and explicitly
-# use `python3` for all invocations (e.g. in shebangs).
-RUN ln -sf /usr/bin/python3 /usr/local/bin/python
-RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
-
-RUN pip install junit2html
+RUN pip3 install junit2html
 RUN gem install coveralls-lcov

cmake

@@ -1 +1 @@
-Subproject commit cf652b845908a15c02e11dca3162f3eecca0a9c5
+Subproject commit 40251ae850dee52eae8eb05e552c165e2deef354

configure

@@ -148,7 +148,6 @@ prefix=/usr/local/zeek
 CMakeCacheEntries=""
 append_cache_entry CMAKE_INSTALL_PREFIX PATH   $prefix
 append_cache_entry ZEEK_ROOT_DIR        PATH   $prefix
-append_cache_entry PY_MOD_INSTALL_DIR   PATH   $prefix/lib/zeekctl
 append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
 append_cache_entry ZEEK_ETC_INSTALL_DIR PATH   $prefix/etc
 append_cache_entry ENABLE_DEBUG         BOOL   false
@@ -203,7 +202,6 @@ while [ $# -ne 0 ]; do
             prefix=$optarg
             append_cache_entry CMAKE_INSTALL_PREFIX PATH   $optarg
             append_cache_entry ZEEK_ROOT_DIR        PATH   $optarg
-            append_cache_entry PY_MOD_INSTALL_DIR   PATH   $optarg/lib/zeekctl
             ;;
         --libdir=*)
             append_cache_entry CMAKE_INSTALL_LIBDIR PATH   $optarg

doc

@@ -1 +1 @@
-Subproject commit 7658414ac454522ecd5710c13ca6e0bc4a842e12
+Subproject commit 63264729ec6d342892a925cd3f003105544ea1d5

scripts/base/frameworks/notice/weird.zeek

@@ -54,6 +54,10 @@ export {
 		## trouble to help identify which node is having trouble.
 		peer:   string  &log &optional &default=peer_description;
 
+		## The source of the weird. When reported by an analyzer, this
+		## should be the name of the analyzer.
+		source: string  &log &optional;
+
 		## This field is to be provided when a weird is generated for
 		## the purpose of deduplicating weirds. The identifier string
 		## should be unique for a single instance of the weird. This field
@@ -400,16 +404,19 @@ function weird(w: Weird::Info)
 	}
 
 # The following events come from core generated weirds typically.
-event conn_weird(name: string, c: connection, addl: string)
+event conn_weird(name: string, c: connection, addl: string, source: string)
 	{
 	local i = Info($ts=network_time(), $name=name, $conn=c, $identifier=id_string(c$id));
 	if ( addl != "" )
 		i$addl = addl;
 
+	if ( source != "" )
+		i$source = source;
+
 	weird(i);
 	}
 
-event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string)
+event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string, source: string)
 	{
 	local i = Info($ts=network_time(), $name=name, $uid=uid, $id=id,
 	               $identifier=id_string(id));
@@ -417,10 +424,13 @@ event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string)
 	if ( addl != "" )
 		i$addl = addl;
 
+	if ( source != "" )
+		i$source = source;
+
 	weird(i);
 	}
 
-event flow_weird(name: string, src: addr, dst: addr, addl: string)
+event flow_weird(name: string, src: addr, dst: addr, addl: string, source: string)
 	{
 	# We add the source and destination as port 0/unknown because that is
 	# what fits best here.
@@ -432,25 +442,34 @@ event flow_weird(name: string, src: addr, dst: addr, addl: string)
 	if ( addl != "" )
 		i$addl = addl;
 
+	if ( source != "" )
+		i$source = source;
+
 	weird(i);
 	}
 
-event net_weird(name: string, addl: string)
+event net_weird(name: string, addl: string, source: string)
 	{
 	local i = Info($ts=network_time(), $name=name);
 
 	if ( addl != "" )
 		i$addl = addl;
 
+	if ( source != "" )
+		i$source = source;
+
 	weird(i);
 	}
 
-event file_weird(name: string, f: fa_file, addl: string)
+event file_weird(name: string, f: fa_file, addl: string, source: string)
 	{
 	local i = Info($ts=network_time(), $name=name, $addl=f$id);
 
 	if ( addl != "" )
 		i$addl += fmt(": %s", addl);
 
+	if ( source != "" )
+		i$source = source;
+
 	weird(i);
 	}

scripts/base/frameworks/sumstats/cluster.zeek

@@ -272,7 +272,8 @@ event SumStats::finish_epoch(ss: SumStat)
 		}
 
 	# Schedule the next finish_epoch event.
-	schedule ss$epoch { SumStats::finish_epoch(ss) };
+	if ( ss$epoch != 0secs )
+		schedule ss$epoch { SumStats::finish_epoch(ss) };
 	}
 
 # This is unlikely to be called often, but it's here in

scripts/base/frameworks/sumstats/main.zeek

@@ -93,12 +93,16 @@ export {
 		## be referred to later.
 		name:               string;
 
-		## The interval at which this filter should be "broken"
-		## and the *epoch_result* callback called.  The
+		## The interval at which this sumstat should be "broken"
+		## and the *epoch_result* callback called. The
 		## results are also reset at this time so any threshold
 		## based detection needs to be set to a
 		## value that should be expected to happen within
 		## this epoch.
+		##
+		## Passing an epoch of zero (e.g. ``0 secs``) causes this
+		## sumstat to be set to manual epochs. You will have to manually
+		## end the epoch by calling :zeek:see:`SumStats::next_epoch`.
 		epoch:              interval;
 
 		## The reducers for the SumStat.
@@ -157,7 +161,7 @@ export {
 
 	## Dynamically request a sumstat key.  This function should be
 	## used sparingly and not as a replacement for the callbacks
-	## from the :zeek:see:`SumStats::SumStat` record.  The function is only
+	## from the :zeek:see:`SumStats::SumStat` record. The function is only
 	## available for use within "when" statements as an asynchronous
 	## function.
 	##
@@ -175,6 +179,23 @@ export {
 	##
 	## Returns: A string representation of the metric key.
 	global key2str: function(key: SumStats::Key): string;
+
+	## Manually end the current epoch for a sumstat. Calling this function will
+	## cause the end of the epoch processing of sumstats to start. Note that the
+	## epoch will not end immediately - especially in a cluster settings, a number
+	## of messages need to be exchanged between the cluster nodes.
+	##
+	## Note that this function only can be called if the sumstat was created with
+	## an epoch time of zero (manual epochs).
+	##
+	## In a cluster, this function must be called on the manager; it will not have
+	## any effect when called on workers.
+	##
+	## ss_name: SumStat name.
+	##
+	## Returns: true on success, false on failure. Failures can be: sumstat not found,
+	##          or sumstat not created for manual epochs.
+	global next_epoch: function(ss_name: string): bool;
 }
 
 # The function prototype for plugins to do calculations.
@@ -248,6 +269,19 @@ global data_added: function(ss: SumStat, key: Key, result: Result);
 # framework for clustered or non-clustered usage.
 global finish_epoch: event(ss: SumStat);
 
+function next_epoch(ss_name: string): bool
+	{
+	if ( ss_name !in stats_store )
+		return F;
+
+	local ss = stats_store[ss_name];
+	if ( ss$epoch != 0secs )
+		return F;
+
+	event SumStats::finish_epoch(ss);
+	return T;
+	}
+
 function key2str(key: Key): string
 	{
 	local out = "";
@@ -396,7 +430,10 @@ function create(ss: SumStat)
 		}
 
 	reset(ss);
-	schedule ss$epoch { SumStats::finish_epoch(ss) };
+
+	## do not schedule epoch if this is set to manual epochs.
+	if ( ss$epoch != 0secs )
+		schedule ss$epoch { SumStats::finish_epoch(ss) };
 	}
 
 function observe(id: string, orig_key: Key, obs: Observation)

scripts/base/frameworks/sumstats/non-cluster.zeek

@@ -43,9 +43,15 @@ event SumStats::finish_epoch(ss: SumStat)
 				if ( ss?$epoch_finished )
 					ss$epoch_finished(now);
 				}
-			else if ( |data| > 0 )
+			else
 				{
-				event SumStats::process_epoch_result(ss, now, copy(data));
+				if ( |data| > 0 )
+					event SumStats::process_epoch_result(ss, now, copy(data));
+				else
+					{
+					if ( ss?$epoch_finished )
+						ss$epoch_finished(now);
+					}
 				}
 			}
 
@@ -55,7 +61,8 @@ event SumStats::finish_epoch(ss: SumStat)
 		reset(ss);
 		}
 
-	schedule ss$epoch { SumStats::finish_epoch(ss) };
+	if ( ss$epoch != 0secs )
+		schedule ss$epoch { SumStats::finish_epoch(ss) };
 	}
 
 function data_added(ss: SumStat, key: Key, result: Result)

scripts/base/utils/email.zeek

@@ -58,8 +58,7 @@ function extract_first_email_addr(str: string): string
 function split_mime_email_addresses(line: string): set[string]
 	{
 	local output = string_set();
-
-	local addrs = find_all(line, /(\"[^"]*\")?[^,]+@[^,]+/);
+	local addrs = find_all(line, /(\"[^"]*\")?[^,]+/);
 	for ( part in addrs )
 		{
 		add output[strip(part)];

src/CMakeLists.txt

@@ -406,10 +406,8 @@ add_executable(zeek main.cc
                ${bro_PLUGIN_LIBS}
 )
 target_link_libraries(zeek ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
-
-if ( NOT "${bro_LINKER_FLAGS}" STREQUAL "" )
-    set_target_properties(zeek PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}")
-endif ()
+# Export symbols from zeek executable for use by plugins
+set_target_properties(zeek PROPERTIES ENABLE_EXPORTS TRUE)
 
 install(TARGETS zeek DESTINATION bin)
 

src/Conn.cc

@@ -530,10 +530,10 @@ void Connection::EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* a,
 	event_mgr.Enqueue(f, std::move(args), util::detail::SOURCE_LOCAL, a ? a->GetID() : 0, this);
 	}
 
-void Connection::Weird(const char* name, const char* addl)
+void Connection::Weird(const char* name, const char* addl, const char* source)
 	{
 	weird = 1;
-	reporter->Weird(this, name, addl ? addl : "");
+	reporter->Weird(this, name, addl ? addl : "", source ? source : "");
 	}
 
 void Connection::AddTimer(timer_func timer, double t, bool do_expire,

src/Conn.h

@@ -238,7 +238,7 @@ public:
 	EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
 		{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
 
-	void Weird(const char* name, const char* addl = "");
+	void Weird(const char* name, const char* addl = "", const char* source = "");
 	bool DidWeird() const	{ return weird != 0; }
 
 	// Cancel all associated timers.

src/DebugLogger.h

@@ -12,15 +12,15 @@
 #include <set>
 
 #define DBG_LOG(stream, args...) \
-	if ( zeek::detail::debug_logger.IsEnabled(stream) ) \
-		zeek::detail::debug_logger.Log(stream, args)
+	if ( ::zeek::detail::debug_logger.IsEnabled(stream) ) \
+		::zeek::detail::debug_logger.Log(stream, args)
 #define DBG_LOG_VERBOSE(stream, args...) \
-	if ( zeek::detail::debug_logger.IsVerbose() && zeek::detail::debug_logger.IsEnabled(stream) ) \
-		zeek::detail::debug_logger.Log(stream, args)
-#define DBG_PUSH(stream) zeek::detail::debug_logger.PushIndent(stream)
-#define DBG_POP(stream) zeek::detail::debug_logger.PopIndent(stream)
+	if ( ::zeek::detail::debug_logger.IsVerbose() && ::zeek::detail::debug_logger.IsEnabled(stream) ) \
+		::zeek::detail::debug_logger.Log(stream, args)
+#define DBG_PUSH(stream) ::zeek::detail::debug_logger.PushIndent(stream)
+#define DBG_POP(stream) ::zeek::detail::debug_logger.PopIndent(stream)
 
-#define PLUGIN_DBG_LOG(plugin, args...) zeek::detail::debug_logger.Log(plugin, args)
+#define PLUGIN_DBG_LOG(plugin, args...) ::zeek::detail::debug_logger.Log(plugin, args)
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(Plugin, zeek, plugin);
 

src/Reporter.cc

@@ -396,7 +396,7 @@ bool Reporter::PermitExpiredConnWeird(const char* name, const RecordVal& conn_id
 		return false;
 	}
 
-void Reporter::Weird(const char* name, const char* addl)
+void Reporter::Weird(const char* name, const char* addl, const char* source)
 	{
 	UpdateWeirdStats(name);
 
@@ -406,10 +406,10 @@ void Reporter::Weird(const char* name, const char* addl)
 			return;
 		}
 
-	WeirdHelper(net_weird, {new StringVal(addl)}, "%s", name);
+	WeirdHelper(net_weird, {new StringVal(addl), new StringVal(source)}, "%s", name);
 	}
 
-void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
+void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl, const char* source)
 	{
 	UpdateWeirdStats(name);
 
@@ -424,11 +424,11 @@ void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
 			return;
 	}
 
-	WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl)},
+	WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl), new StringVal(source)},
 	            "%s", name);
 	}
 
-void Reporter::Weird(Connection* conn, const char* name, const char* addl)
+void Reporter::Weird(Connection* conn, const char* name, const char* addl, const char* source)
 	{
 	UpdateWeirdStats(name);
 
@@ -443,12 +443,12 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl)
 			return;
 	}
 
-	WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl)},
+	WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl), new StringVal(source)},
 	            "%s", name);
 	}
 
-void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
-                     const char* name, const char* addl)
+void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid, const char* name,
+                     const char* addl, const char* source)
 	{
 	UpdateWeirdStats(name);
 
@@ -463,11 +463,11 @@ void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
 	}
 
 	WeirdHelper(expired_conn_weird,
-	            {conn_id.release(), uid.release(), new StringVal(addl)},
+	            {conn_id.release(), uid.release(), new StringVal(addl), new StringVal(source)},
 	            "%s", name);
 	}
 
-void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl)
+void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl, const char* source)
 	{
 	UpdateWeirdStats(name);
 
@@ -482,7 +482,7 @@ void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, c
 	}
 
 	WeirdHelper(flow_weird,
-	            {new AddrVal(orig), new AddrVal(resp), new StringVal(addl)},
+	            {new AddrVal(orig), new AddrVal(resp), new StringVal(addl), new StringVal(source)},
 	            "%s", name);
 	}
 

src/Reporter.h

@@ -95,12 +95,15 @@ public:
 
 	// Report a traffic weirdness, i.e., an unexpected protocol situation
 	// that may lead to incorrectly processing a connnection.
-	void Weird(const char* name, const char* addl = "");	// Raises net_weird().
-	void Weird(file_analysis::File* f, const char* name, const char* addl = "");	// Raises file_weird().
-	void Weird(Connection* conn, const char* name, const char* addl = "");	// Raises conn_weird().
+	void Weird(const char* name, const char* addl = "", const char* source = "");	// Raises net_weird().
+	void Weird(file_analysis::File* f, const char* name,
+	           const char* addl = "", const char* source = "");	// Raises file_weird().
+	void Weird(Connection* conn, const char* name,
+	           const char* addl = "", const char* source = "");	// Raises conn_weird().
 	void Weird(RecordValPtr conn_id, StringValPtr uid,
-	           const char* name, const char* addl = "");	// Raises expired_conn_weird().
-	void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = "");	// Raises flow_weird().
+	           const char* name, const char* addl = "", const char* source = "");	// Raises expired_conn_weird().
+	void Weird(const IPAddr& orig, const IPAddr& resp, const char* name,
+	           const char* addl = "", const char* source = "");	// Raises flow_weird().
 
 	// Syslog a message. This methods does nothing if we're running
 	// offline from a trace.

src/Sessions.cc

@@ -681,7 +681,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,
 	return true;
 	}
 
-void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl)
+void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl, const char* source)
 	{
 	const char* weird_name = name;
 
@@ -694,12 +694,12 @@ void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl)
 
 		if ( pkt->ip_hdr )
 			{
-			reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl);
+			reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl, source);
 			return;
 			}
 		}
 
-	reporter->Weird(weird_name, addl);
+	reporter->Weird(weird_name, addl, source);
 	}
 
 void NetSessions::Weird(const char* name, const IP_Hdr* ip, const char* addl)

src/Sessions.h

@@ -70,7 +70,7 @@ public:
 	void GetStats(SessionStats& s) const;
 
 	void Weird(const char* name, const Packet* pkt,
-	           const char* addl = "");
+	           const char* addl = "", const char* source = "");
 	void Weird(const char* name, const IP_Hdr* ip,
 	           const char* addl = "");
 

src/Var.cc

@@ -749,11 +749,6 @@ void end_func(StmtPtr body)
 	ingredients.release();
 	}
 
-Val* internal_val(const char* name)
-	{
-	return id::find_val(name).get();
-	}
-
 IDPList gather_outer_ids(Scope* scope, Stmt* body)
 	{
 	OuterIDBindingFinder cb(scope);
@@ -774,20 +769,27 @@ IDPList gather_outer_ids(Scope* scope, Stmt* body)
 	return idl;
 	}
 
-Val* internal_const_val(const char* name)
+} // namespace zeek::detail
+
+zeek::Val* internal_val(const char* name)
 	{
-	return id::find_const(name).get();
+	return zeek::id::find_val(name).get();
 	}
 
-Val* opt_internal_val(const char* name)
+zeek::Val* internal_const_val(const char* name)
 	{
-	const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
+	return zeek::id::find_const(name).get();
+	}
+
+zeek::Val* opt_internal_val(const char* name)
+	{
+	const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
 	return id ? id->GetVal().get() : nullptr;
 	}
 
 double opt_internal_double(const char* name)
 	{
-	const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
+	const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
 	if ( ! id ) return 0.0;
 	const auto& v = id->GetVal();
 	return v ? v->InternalDouble() : 0.0;
@@ -795,7 +797,7 @@ double opt_internal_double(const char* name)
 
 bro_int_t opt_internal_int(const char* name)
 	{
-	const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
+	const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
 	if ( ! id ) return 0;
 	const auto& v = id->GetVal();
 	return v ? v->InternalInt() : 0;
@@ -803,63 +805,63 @@ bro_int_t opt_internal_int(const char* name)
 
 bro_uint_t opt_internal_unsigned(const char* name)
 	{
-	const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
+	const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
 	if ( ! id ) return 0;
 	const auto& v = id->GetVal();
 	return v ? v->InternalUnsigned() : 0;
 	}
 
-StringVal* opt_internal_string(const char* name)
+zeek::StringVal* opt_internal_string(const char* name)
 	{
-	const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
+	const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
 	if ( ! id ) return nullptr;
 	const auto& v = id->GetVal();
 	return v ? v->AsStringVal() : nullptr;
 	}
 
-TableVal* opt_internal_table(const char* name)
+zeek::TableVal* opt_internal_table(const char* name)
 	{
-	const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
+	const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
 	if ( ! id ) return nullptr;
 	const auto& v = id->GetVal();
 	return v ? v->AsTableVal() : nullptr;
 	}
 
-ListVal* internal_list_val(const char* name)
+zeek::ListVal* internal_list_val(const char* name)
 	{
-	const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
+	const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
 	if ( ! id )
 		return nullptr;
 
-	Val* v = id->GetVal().get();
+	zeek::Val* v = id->GetVal().get();
 
 	if ( v )
 		{
-		if ( v->GetType()->Tag() == TYPE_LIST )
-			return (ListVal*) v;
+		if ( v->GetType()->Tag() == zeek::TYPE_LIST )
+			return (zeek::ListVal*) v;
 
 		else if ( v->GetType()->IsSet() )
 			{
-			TableVal* tv = v->AsTableVal();
+			zeek::TableVal* tv = v->AsTableVal();
 			auto lv = tv->ToPureListVal();
 			return lv.release();
 			}
 
 		else
-			reporter->InternalError("internal variable %s is not a list", name);
+			zeek::reporter->InternalError("internal variable %s is not a list", name);
 		}
 
 	return nullptr;
 	}
 
-Type* internal_type(const char* name)
+zeek::Type* internal_type(const char* name)
 	{
-	return id::find_type(name).get();
+	return zeek::id::find_type(name).get();
 	}
 
-Func* internal_func(const char* name)
+zeek::Func* internal_func(const char* name)
 	{
-	const auto& v = id::find_val(name);
+	const auto& v = zeek::id::find_val(name);
 
 	if ( v )
 		return v->AsFunc();
@@ -867,9 +869,7 @@ Func* internal_func(const char* name)
 		return nullptr;
 	}
 
-EventHandlerPtr internal_handler(const char* name)
+zeek::EventHandlerPtr internal_handler(const char* name)
 	{
 	return event_registry->Register(name);
 	}
-
-} // namespace zeek::detail

src/analyzer/Analyzer.cc

@@ -838,7 +838,7 @@ void Analyzer::EnqueueConnEvent(EventHandlerPtr f, Args args)
 
 void Analyzer::Weird(const char* name, const char* addl)
 	{
-	conn->Weird(name, addl);
+	conn->Weird(name, addl, GetAnalyzerName());
 	}
 
 SupportAnalyzer* SupportAnalyzer::Sibling(bool only_active) const

src/analyzer/protocol/ayiya/ayiya-analyzer.pac

@@ -21,7 +21,7 @@ flow AYIYA_Flow
 
 		if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
 			{
-			zeek::reporter->Weird(c, "tunnel_depth");
+			connection()->zeek_analyzer()->Weird("tunnel_depth");
 			return false;
 			}
 
@@ -34,7 +34,7 @@ flow AYIYA_Flow
 		if ( ${pdu.next_header} != IPPROTO_IPV6 &&
 		     ${pdu.next_header} != IPPROTO_IPV4 )
 			{
-			zeek::reporter->Weird(c, "ayiya_tunnel_non_ip");
+			connection()->zeek_analyzer()->Weird("ayiya_tunnel_non_ip");
 			return false;
 			}
 

src/analyzer/protocol/bittorrent/BitTorrent.cc

@@ -119,6 +119,8 @@ void BitTorrent_Analyzer::EndpointEOF(bool is_orig)
 void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
 	{
 	if ( bittorrent_peer_weird )
+
+		// TODO: why does bittorrent have a different set of weirds?
 		EnqueueConnEvent(bittorrent_peer_weird,
 		                 ConnVal(),
 		                 val_mgr->Bool(orig),

src/analyzer/protocol/dce-rpc/dce_rpc-protocol.pac

@@ -190,8 +190,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
 			if ( it != fb.end() )
 				{
 				// We already had a first frag earlier.
-				zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
-						"multiple_first_fragments_in_dce_rpc_reassembly");
+				connection()->zeek_analyzer()->Weird("multiple_first_fragments_in_dce_rpc_reassembly");
 				connection()->zeek_analyzer()->SetSkip(true);
 				return false;
 				}
@@ -212,15 +211,13 @@ flow DCE_RPC_Flow(is_orig: bool) {
 
 				if ( fb.size() > zeek::BifConst::DCE_RPC::max_cmd_reassembly )
 					{
-					zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
-					                "too_many_dce_rpc_msgs_in_reassembly");
+					connection()->zeek_analyzer()->Weird("too_many_dce_rpc_msgs_in_reassembly");
 					connection()->zeek_analyzer()->SetSkip(true);
 					}
 
 				if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
 					{
-					zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
-					                "too_much_dce_rpc_fragment_data");
+					connection()->zeek_analyzer()->Weird("too_much_dce_rpc_fragment_data");
 					connection()->zeek_analyzer()->SetSkip(true);
 					}
 
@@ -235,8 +232,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
 
 			if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
 				{
-				zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
-				                "too_much_dce_rpc_fragment_data");
+				connection()->zeek_analyzer()->Weird("too_much_dce_rpc_fragment_data");
 				connection()->zeek_analyzer()->SetSkip(true);
 				}
 

src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac

@@ -655,7 +655,7 @@ flow GTPv1_Flow(is_orig: bool)
 
 		if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
 			{
-			zeek::reporter->Weird(c, "tunnel_depth");
+			a->Weird("tunnel_depth");
 			return false;
 			}
 

src/analyzer/protocol/http/HTTP.cc

@@ -1262,11 +1262,11 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
 	return 1;
 
 bad_http_request_with_version:
-	reporter->Weird(Conn(), "bad_HTTP_request_with_version");
+	Weird("bad_HTTP_request_with_version");
 	return 0;
 
 error:
-	reporter->Weird(Conn(), "bad_HTTP_request");
+	Weird("bad_HTTP_request");
 	return 0;
 	}
 

src/analyzer/protocol/imap/imap-analyzer.pac

@@ -33,7 +33,7 @@ refine connection IMAP_Conn += {
 		if ( is_orig && commands == "starttls" )
 			{
 			if ( !client_starttls_id.empty() )
-				zeek::reporter->Weird(zeek_analyzer()->Conn(), "IMAP: client sent duplicate StartTLS");
+				zeek_analyzer()->Weird("IMAP: client sent duplicate StartTLS");
 
 			client_starttls_id = tags;
 			}
@@ -48,7 +48,7 @@ refine connection IMAP_Conn += {
 					zeek::BifEvent::enqueue_imap_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
 				}
 			else
-				zeek::reporter->Weird(zeek_analyzer()->Conn(), "IMAP: server refused StartTLS");
+				zeek_analyzer()->Weird("IMAP: server refused StartTLS");
 			}
 
 		return true;

src/analyzer/protocol/login/NVT.cc

@@ -539,7 +539,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data)
 			else
 				{
 				if ( Conn()->FlagEvent(SINGULAR_LF) )
-					Conn()->Weird("line_terminated_with_single_LF");
+					Weird("line_terminated_with_single_LF");
 				buf[offset++] = c;
 				}
 			break;

src/analyzer/protocol/login/RSH.cc

@@ -96,7 +96,7 @@ void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data)
 		case RSH_PRESUMED_REJECTED:
 			if ( state == RSH_PRESUMED_REJECTED )
 				{
-				Conn()->Weird("rsh_text_after_rejected");
+				Weird("rsh_text_after_rejected");
 				state = RSH_UNKNOWN;
 				}
 
@@ -140,7 +140,7 @@ void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data)
 
 void Contents_Rsh_Analyzer::BadProlog()
 	{
-	Conn()->Weird("bad_rsh_prolog");
+	Weird("bad_rsh_prolog");
 	state = RSH_UNKNOWN;
 	}
 

src/analyzer/protocol/login/Rlogin.cc

@@ -161,7 +161,7 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data)
 			if ( state == RLOGIN_LINE_MODE &&
 			     peer->state == RLOGIN_PRESUMED_REJECTED )
 				{
-				Conn()->Weird("rlogin_text_after_rejected");
+				Weird("rlogin_text_after_rejected");
 				state = RLOGIN_UNKNOWN;
 				}
 
@@ -203,7 +203,7 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data)
 
 void Contents_Rlogin_Analyzer::BadProlog()
 	{
-	Conn()->Weird("bad_rlogin_prolog");
+	Weird("bad_rlogin_prolog");
 	state = RLOGIN_UNKNOWN;
 	}
 

src/analyzer/protocol/socks/socks-analyzer.pac

@@ -175,13 +175,13 @@ refine connection SOCKS_Conn += {
 
 	function socks5_unsupported_authentication_method(auth_method: uint8): bool
 		%{
-		zeek::reporter->Weird(zeek_analyzer()->Conn(), "socks5_unsupported_authentication_method", zeek::util::fmt("%d", auth_method));
+		zeek_analyzer()->Weird("socks5_unsupported_authentication_method", zeek::util::fmt("%d", auth_method));
 		return true;
 		%}
 
 	function socks5_unsupported_authentication_version(auth_method: uint8, version: uint8): bool
 		%{
-		zeek::reporter->Weird(zeek_analyzer()->Conn(), "socks5_unsupported_authentication", zeek::util::fmt("method %d, version %d", auth_method, version));
+		zeek_analyzer()->Weird("socks5_unsupported_authentication", zeek::util::fmt("method %d, version %d", auth_method, version));
 		return true;
 		%}
 

src/analyzer/protocol/ssl/proc-certificate.pac

@@ -1,38 +1,39 @@
-	function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
-		%{
-		if ( certificates->size() == 0 )
-			return true;
-
-		zeek::ODesc common;
-		common.AddRaw("Analyzer::ANALYZER_SSL");
-		common.Add(zeek_analyzer()->Conn()->StartTime());
-		common.AddRaw(is_orig ? "T" : "F", 1);
-		zeek_analyzer()->Conn()->IDString(&common);
-
-		static const string user_mime = "application/x-x509-user-cert";
-		static const string ca_mime = "application/x-x509-ca-cert";
-
-		for ( unsigned int i = 0; i < certificates->size(); ++i )
-			{
-			const bytestring& cert = (*certificates)[i];
-
-			if ( cert.length() <= 0 )
-				{
-				zeek::reporter->Weird(zeek_analyzer()->Conn(), "zero_length_certificate");
-				continue;
-				}
-
-			zeek::ODesc file_handle;
-			file_handle.Add(common.Description());
-			file_handle.Add(i);
-
-			string file_id = zeek::file_mgr->HashHandle(file_handle.Description());
-
-			zeek::file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
-			                       cert.length(), zeek_analyzer()->GetAnalyzerTag(),
-			                       zeek_analyzer()->Conn(), is_orig,
-			                       file_id, i == 0 ? user_mime : ca_mime);
-			zeek::file_mgr->EndOfFile(file_id);
-			}
+function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
+	%{
+	if ( certificates->size() == 0 )
 		return true;
-		%}
+
+	zeek::ODesc common;
+	common.AddRaw("Analyzer::ANALYZER_SSL");
+	common.Add(zeek_analyzer()->Conn()->StartTime());
+	common.AddRaw(is_orig ? "T" : "F", 1);
+	zeek_analyzer()->Conn()->IDString(&common);
+
+	static const string user_mime = "application/x-x509-user-cert";
+	static const string ca_mime = "application/x-x509-ca-cert";
+
+	for ( unsigned int i = 0; i < certificates->size(); ++i )
+		{
+		const bytestring& cert = (*certificates)[i];
+
+		if ( cert.length() <= 0 )
+			{
+			zeek::reporter->Weird(zeek_analyzer()->Conn(), "zero_length_certificate", "",
+			                      zeek_analyzer()->GetAnalyzerName());
+			continue;
+			}
+
+		zeek::ODesc file_handle;
+		file_handle.Add(common.Description());
+		file_handle.Add(i);
+
+		string file_id = zeek::file_mgr->HashHandle(file_handle.Description());
+
+		zeek::file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
+		                       cert.length(), zeek_analyzer()->GetAnalyzerTag(),
+		                       zeek_analyzer()->Conn(), is_orig,
+		                       file_id, i == 0 ? user_mime : ca_mime);
+		zeek::file_mgr->EndOfFile(file_id);
+		}
+	return true;
+	%}

src/analyzer/protocol/ssl/tls-handshake-analyzer.pac

@@ -322,7 +322,7 @@ refine connection Handshake_Conn += {
 			}
 		else if ( response.length() == 0 )
 			{
-			zeek::reporter->Weird(zeek_analyzer()->Conn(), "SSL_zero_length_stapled_OCSP_message");
+			zeek_analyzer()->Weird("SSL_zero_length_stapled_OCSP_message");
 			}
 
 		return true;

src/analyzer/protocol/tcp/ContentLine.cc

@@ -263,7 +263,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
 			else
 				{
 				if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_LF) )
-					Conn()->Weird("line_terminated_with_single_LF");
+					Weird("line_terminated_with_single_LF");
 				buf[offset++] = c;
 				}
 			break;
@@ -282,7 +282,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
 
 		if ( last_char == '\r' )
 			if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_CR) )
-				Conn()->Weird("line_terminated_with_single_CR");
+				Weird("line_terminated_with_single_CR");
 
 		last_char = c;
 		}
@@ -312,7 +312,7 @@ void ContentLine_Analyzer::CheckNUL()
 		else
 			{
 			if ( ! suppress_weirds && Conn()->FlagEvent(NUL_IN_LINE) )
-				Conn()->Weird("NUL_in_line");
+				Weird("NUL_in_line");
 			flag_NULs = false;
 			}
 		}

src/analyzer/protocol/tcp/TCP.cc

@@ -461,20 +461,20 @@ static void update_window(TCP_Endpoint* endpoint, unsigned int window,
 		}
 	}
 
-static void syn_weirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len)
+void TCP_Analyzer::SynWeirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len) const
 	{
 	if ( flags.RST() )
-		endpoint->Conn()->Weird("TCP_christmas");
+		endpoint->Conn()->Weird("TCP_christmas", "", GetAnalyzerName());
 
 	if ( flags.URG() )
-		endpoint->Conn()->Weird("baroque_SYN");
+		endpoint->Conn()->Weird("baroque_SYN", "", GetAnalyzerName());
 
 	if ( data_len > 0 )
 		// Not technically wrong according to RFC 793, but the other side
 		// would be forced to buffer data until the handshake succeeds, and
 		// that could be bad in some cases, e.g. SYN floods.
 		// T/TCP definitely complicates this.
-		endpoint->Conn()->Weird("SYN_with_data");
+		endpoint->Conn()->Weird("SYN_with_data", "", GetAnalyzerName());
 	}
 
 void TCP_Analyzer::UpdateInactiveState(double t,
@@ -1097,7 +1097,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 
 	if ( flags.SYN() )
 		{
-		syn_weirds(flags, endpoint, len);
+		SynWeirds(flags, endpoint, len);
 		RecordVal* SYN_vals = build_syn_packet_val(is_orig, ip, tp);
 		init_window(endpoint, peer, flags, SYN_vals->GetField(5)->CoerceToInt(),
 		            base_seq, ack_seq);

src/analyzer/protocol/tcp/TCP.h

@@ -167,6 +167,9 @@ protected:
 	static int get_segment_len(int payload_len, TCP_Flags flags);
 
 private:
+
+	void SynWeirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len) const;
+
 	TCP_Endpoint* orig;
 	TCP_Endpoint* resp;
 

src/analyzer/protocol/teredo/Teredo.h

@@ -31,7 +31,7 @@ public:
 	void Weird(const char* name, bool force = false) const
 		{
 		if ( ProtocolConfirmed() || force )
-			reporter->Weird(Conn(), name);
+			reporter->Weird(Conn(), name, "", GetAnalyzerName());
 		}
 
 	/**

src/analyzer/protocol/vxlan/VXLAN.cc

@@ -51,7 +51,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 
 	if ( outer && outer->Depth() >= BifConst::Tunnel::max_depth )
 		{
-		reporter->Weird(Conn(), "tunnel_depth");
+		Weird("tunnel_depth");
 		return;
 		}
 

src/analyzer/protocol/xmpp/xmpp-analyzer.pac

@@ -36,7 +36,7 @@ refine connection XMPP_Conn += {
 				zeek::BifEvent::enqueue_xmpp_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
 			}
 		else if ( !is_orig && token == "proceed" )
-			zeek::reporter->Weird(zeek_analyzer()->Conn(), "XMPP: proceed without starttls");
+			zeek_analyzer()->Weird("XMPP: proceed without starttls");
 
 		// printf("Processed: %d %s %s %s \n", is_orig, c_str(name), c_str(rest), token_no_ns.c_str());
 

src/event.bif

@@ -453,12 +453,16 @@ event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%);
 ##
 ## addl: Optional additional context further describing the situation.
 ##
+## source: Optional source for the weird. When called by analyzers, this should
+##         be filled in with the name of the analyzer.
+##
 ## .. zeek:see:: flow_weird net_weird file_weird expired_conn_weird
 ##
 ## .. note:: "Weird" activity is much more common in real-world network traffic
 ##    than one would intuitively expect. While in principle, any protocol
 ##    violation could be an attack attempt, it's much more likely that an
 ##    endpoint's implementation interprets an RFC quite liberally.
+event conn_weird%(name: string, c: connection, addl: string, source: string%);
 event conn_weird%(name: string, c: connection, addl: string%);
 
 ## Generated for unexpected activity related to a specific connection whose
@@ -482,12 +486,16 @@ event conn_weird%(name: string, c: connection, addl: string%);
 ##
 ## addl: Optional additional context further describing the situation.
 ##
+## source: Optional source for the weird. When called by analyzers, this should
+##         be filled in with the name of the analyzer.
+##
 ## .. zeek:see:: flow_weird net_weird file_weird conn_weird
 ##
 ## .. note:: "Weird" activity is much more common in real-world network traffic
 ##    than one would intuitively expect. While in principle, any protocol
 ##    violation could be an attack attempt, it's much more likely that an
 ##    endpoint's implementation interprets an RFC quite liberally.
+event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string, source: string%);
 event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string%);
 
 ## Generated for unexpected activity related to a pair of hosts, but independent
@@ -507,12 +515,16 @@ event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string%)
 ##
 ## addl: Optional additional context further describing the situation.
 ##
+## source: Optional source for the weird. When called by analyzers, this should
+##         be filled in with the name of the analyzer.
+##
 ## .. zeek:see:: conn_weird net_weird file_weird expired_conn_weird
 ##
 ## .. note:: "Weird" activity is much more common in real-world network traffic
 ##    than one would intuitively expect. While in principle, any protocol
 ##    violation could be an attack attempt, it's much more likely that an
 ##    endpoint's implementation interprets an RFC quite liberally.
+event flow_weird%(name: string, src: addr, dst: addr, addl: string, source: string%);
 event flow_weird%(name: string, src: addr, dst: addr, addl: string%);
 
 ## Generated for unexpected activity that is not tied to a specific connection
@@ -527,12 +539,16 @@ event flow_weird%(name: string, src: addr, dst: addr, addl: string%);
 ##
 ## addl: Optional additional context further describing the situation.
 ##
+## source: Optional source for the weird. When called by analyzers, this should
+##         be filled in with the name of the analyzer.
+##
 ## .. zeek:see:: flow_weird file_weird conn_weird expired_conn_weird
 ##
 ## .. note:: "Weird" activity is much more common in real-world network traffic
 ##    than one would intuitively expect. While in principle, any protocol
 ##    violation could be an attack attempt, it's much more likely that an
 ##    endpoint's implementation interprets an RFC quite liberally.
+event net_weird%(name: string, addl: string, source: string%);
 event net_weird%(name: string, addl: string%);
 
 ## Generated for unexpected activity that is tied to a file.
@@ -548,12 +564,15 @@ event net_weird%(name: string, addl: string%);
 ##
 ## addl: Additional information related to the weird.
 ##
+## source: The name of the file analyzer that generated the weird.
+##
 ## .. zeek:see:: flow_weird net_weird conn_weird expired_conn_weird
 ##
 ## .. note:: "Weird" activity is much more common in real-world network traffic
 ##    than one would intuitively expect. While in principle, any protocol
 ##    violation could be an attack attempt, it's much more likely that an
 ##    endpoint's implementation interprets an RFC quite liberally.
+event file_weird%(name: string, f: fa_file, addl: string, source: string%);
 event file_weird%(name: string, f: fa_file, addl: string%);
 
 ## Generated regularly for the purpose of profiling Zeek's processing. This event

src/iosource/Packet.cc

@@ -76,11 +76,6 @@ Packet::~Packet()
 		delete [] data;
 	}
 
-void Packet::Weird(const char* name)
-	{
-	sessions->Weird(name, this);
-	}
-
 RecordValPtr Packet::ToRawPktHdrVal() const
 	{
 	static auto raw_pkt_hdr_type = id::find_type<RecordType>("raw_pkt_hdr");

src/iosource/Packet.h

@@ -124,9 +124,6 @@ public:
 	[[deprecated("Remove in v4.1.  Use ToRawPktHdrval() instead.")]]
 	RecordVal* BuildPktHdrVal() const;
 
-	// Wrapper to generate a packet-level weird. Has to be public for llanalyzers to use it.
-	void Weird(const char* name);
-
 	/**
 	 * Maximal length of a layer 2 address.
 	 */

src/iosource/PktSrc.cc

@@ -135,7 +135,7 @@ void PktSrc::Info(const std::string& msg)
 
 void PktSrc::Weird(const std::string& msg, const Packet* p)
 	{
-	sessions->Weird(msg.c_str(), p, nullptr);
+	sessions->Weird(msg.c_str(), p);
 	}
 
 void PktSrc::InternalError(const std::string& msg)

src/packet_analysis/Analyzer.cc

@@ -5,6 +5,8 @@
 #include "zeek/Dict.h"
 #include "zeek/DebugLogger.h"
 #include "zeek/RunState.h"
+#include "zeek/Sessions.h"
+#include "zeek/util.h"
 
 namespace zeek::packet_analysis {
 
@@ -70,7 +72,7 @@ AnalyzerPtr Analyzer::Lookup(uint32_t identifier) const
 	}
 
 bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet,
-		uint32_t identifier) const
+                             uint32_t identifier) const
 	{
 	auto inner_analyzer = Lookup(identifier);
 	if ( ! inner_analyzer )
@@ -96,7 +98,8 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet) co
 
 	DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s stopped, no default analyzer available.",
 			GetAnalyzerName());
-	packet->Weird("no_suitable_analyzer_found");
+
+	Weird("no_suitable_analyzer_found", packet);
 	return true;
 	}
 
@@ -116,4 +119,9 @@ void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child)
 	dispatcher.Register(identifier, std::move(child));
 	}
 
-}
+void Analyzer::Weird(const char* name, Packet* packet, const char* addl) const
+	{
+	sessions->Weird(name, packet, addl, GetAnalyzerName());
+	}
+
+} // namespace zeek::packet_analysis

src/packet_analysis/Analyzer.h

@@ -148,6 +148,18 @@ protected:
 	 */
 	bool ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const;
 
+	/**
+	 * Reports a Weird with the analyzer's name included in the addl field.
+	 *
+	 * @param name The name of the weird.
+	 * @param packet An optional pointer to a packet to be used for additional
+	 * information in the weird output.
+	 * @param addl An optional string containing additional information about
+	 * the weird. If this is passed, the analyzer's name will be prepended to
+	 * it before output.
+	 */
+	void Weird(const char* name, Packet* packet=nullptr, const char* addl="") const;
+
 private:
 	Tag tag;
 	Dispatcher dispatcher;

src/packet_analysis/protocol/arp/ARP.cc

@@ -89,7 +89,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	// Check whether the header is complete.
 	if ( sizeof(struct arp_pkthdr) > len )
 		{
-		packet->Weird("truncated_ARP");
+		Weird("truncated_ARP", packet);
 		return false;
 		}
 
@@ -100,7 +100,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	size_t min_length = (ar_tpa(ah) - (char*) data) + ah->ar_pln;
 	if ( min_length > len )
 		{
-		packet->Weird("truncated_ARP");
+		Weird("truncated_ARP", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/ethernet/Ethernet.cc

@@ -25,7 +25,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
 	// to pull bytes out of it.
 	if ( 16 >= len )
 		{
-		packet->Weird("truncated_ethernet_frame");
+		Weird("truncated_ethernet_frame", packet);
 		return false;
 		}
 
@@ -36,7 +36,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
 
 		if ( cfplen + 14 >= len )
 			{
-			packet->Weird("truncated_link_header_cfp");
+			Weird("truncated_link_header_cfp", packet);
 			return false;
 			}
 
@@ -60,7 +60,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
 		{
 		if ( 16 >= len )
 			{
-			packet->Weird("truncated_ethernet_frame");
+			Weird("truncated_ethernet_frame", packet);
 			return false;
 			}
 
@@ -86,6 +86,6 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
 		}
 
 	// Undefined (1500 < EtherType < 1536)
-	packet->Weird("undefined_ether_type");
+	Weird("undefined_ether_type", packet);
 	return false;
 	}

src/packet_analysis/protocol/fddi/FDDI.cc

@@ -15,7 +15,7 @@ bool FDDIAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
 
 	if ( hdr_size >= len )
 		{
-		packet->Weird("FDDI_analyzer_failed");
+		Weird("FDDI_analyzer_failed");
 		return false;
 		}
 

src/packet_analysis/protocol/gre/GRE.cc

@@ -51,13 +51,13 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 	if ( ! BifConst::Tunnel::enable_gre )
 		{
-		sessions->Weird("GRE_tunnel", packet);
+		Weird("GRE_tunnel", packet);
 		return false;
 		}
 
 	if ( len < gre_header_len() )
 		{
-		sessions->Weird("truncated_GRE", packet);
+		Weird("truncated_GRE", packet);
 		return false;
 		}
 
@@ -75,7 +75,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 	if ( gre_version != 0 && gre_version != 1 )
 		{
-		sessions->Weird("unknown_gre_version", packet, util::fmt("%d", gre_version));
+		Weird("unknown_gre_version", packet, util::fmt("version=%d", gre_version));
 		return false;
 		}
 
@@ -92,7 +92,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 				}
 			else
 				{
-				sessions->Weird("truncated_GRE", packet);
+				Weird("truncated_GRE", packet);
 				return false;
 				}
 			}
@@ -109,7 +109,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 				}
 			else
 				{
-				sessions->Weird("truncated_GRE", packet);
+				Weird("truncated_GRE", packet);
 				return false;
 				}
 			}
@@ -132,7 +132,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 						erspan_len += 8;
 					else
 						{
-						sessions->Weird("truncated_GRE", packet);
+						Weird("truncated_GRE", packet);
 						return false;
 						}
 					}
@@ -141,7 +141,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 				}
 			else
 				{
-				sessions->Weird("truncated_GRE", packet);
+				Weird("truncated_GRE", packet);
 				return false;
 				}
 			}
@@ -152,7 +152,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		if ( proto_typ != 0x880b )
 			{
 			// Enhanced GRE payload must be PPP.
-			sessions->Weird("egre_protocol_type", packet, util::fmt("%d", proto_typ));
+			Weird("egre_protocol_type", packet, util::fmt("proto=%d", proto_typ));
 			return false;
 			}
 		}
@@ -162,20 +162,20 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		// RFC 2784 deprecates the variable length routing field
 		// specified by RFC 1701. It could be parsed here, but easiest
 		// to just skip for now.
-		sessions->Weird("gre_routing", packet);
+		Weird("gre_routing", packet);
 		return false;
 		}
 
 	if ( flags_ver & 0x0078 )
 		{
 		// Expect last 4 bits of flags are reserved, undefined.
-		sessions->Weird("unknown_gre_flags", packet);
+		Weird("unknown_gre_flags", packet);
 		return false;
 		}
 
 	if ( len < gre_len + ppp_len + eth_len + erspan_len )
 		{
-		sessions->Weird("truncated_GRE", packet);
+		Weird("truncated_GRE", packet);
 		return false;
 		}
 
@@ -185,7 +185,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 		if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
 			{
-			sessions->Weird("non_ip_packet_in_encap", packet);
+			Weird("non_ip_packet_in_encap", packet);
 			return false;
 			}
 

src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc

@@ -15,7 +15,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
 
 	if ( len_80211 >= len )
 		{
-		packet->Weird("truncated_802_11_header");
+		Weird("truncated_802_11_header", packet);
 		return false;
 		}
 
@@ -47,7 +47,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
 
 	if ( len_80211 >= len )
 		{
-		packet->Weird("truncated_802_11_header");
+		Weird("truncated_802_11_header", packet);
 		return false;
 		}
 
@@ -82,7 +82,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
 	len_80211 += 8;
 	if ( len_80211 >= len )
 		{
-		packet->Weird("truncated_802_11_header");
+		Weird("truncated_802_11_header", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.cc

@@ -15,7 +15,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
 	{
 	if ( 3 >= len )
 		{
-		packet->Weird("truncated_radiotap_header");
+		Weird("truncated_radiotap_header", packet);
 		return false;
 		}
 
@@ -24,7 +24,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
 
 	if ( rtheader_len >= len )
 		{
-		packet->Weird("truncated_radiotap_header");
+		Weird("truncated_radiotap_header", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/ip/IP.cc

@@ -35,7 +35,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	// check ipv4 here. We'll check ipv6 later once we determine we have an ipv6 header.
 	if ( len < sizeof(struct ip) )
 		{
-		sessions->Weird("truncated_IP", packet);
+		Weird("truncated_IP", packet);
 		return false;
 		}
 
@@ -56,7 +56,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		{
 		if ( len < sizeof(struct ip6_hdr) )
 			{
-			sessions->Weird("truncated_IP", packet);
+			Weird("truncated_IP", packet);
 			return false;
 			}
 
@@ -65,7 +65,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		}
 	else
 		{
-		sessions->Weird("unknown_ip_version", packet);
+		Weird("unknown_ip_version", packet);
 		return false;
 		}
 
@@ -76,7 +76,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	if ( total_len == 0 )
 		{
 		// TCP segmentation offloading can zero out the ip_len field.
-		sessions->Weird("ip_hdr_len_zero", packet);
+		Weird("ip_hdr_len_zero", packet);
 
 		// Cope with the zero'd out ip_len field by using the caplen.
 		total_len = packet->cap_len - hdr_size;
@@ -84,7 +84,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 	if ( packet->len < total_len + hdr_size )
 		{
-		sessions->Weird("truncated_IPv6", packet);
+		Weird("truncated_IPv6", packet);
 		return false;
 		}
 
@@ -93,13 +93,13 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	uint16_t ip_hdr_len = packet->ip_hdr->HdrLen();
 	if ( ip_hdr_len > total_len )
 		{
-		sessions->Weird("invalid_IP_header_size", packet);
+		Weird("invalid_IP_header_size", packet);
 		return false;
 		}
 
 	if ( ip_hdr_len > len )
 		{
-		sessions->Weird("internally_truncated_header", packet);
+		Weird("internally_truncated_header", packet);
 		return false;
 		}
 
@@ -107,7 +107,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		{
 		if ( ip_hdr_len < sizeof(struct ip) )
 			{
-			sessions->Weird("IPv4_min_header_size", packet);
+			Weird("IPv4_min_header_size", packet);
 			return false;
 			}
 		}
@@ -115,7 +115,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		{
 		if ( ip_hdr_len < sizeof(struct ip6_hdr) )
 			{
-			sessions->Weird("IPv6_min_header_size", packet);
+			Weird("IPv6_min_header_size", packet);
 			return false;
 			}
 		}
@@ -129,7 +129,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	     ! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
 	     detail::in_cksum(reinterpret_cast<const uint8_t*>(ip4), ip_hdr_len) != 0xffff )
 		{
-		sessions->Weird("bad_IP_checksum", packet);
+		Weird("bad_IP_checksum", packet);
 		return false;
 		}
 
@@ -144,7 +144,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 		if ( len < total_len )
 			{
-			sessions->Weird("incompletely_captured_fragment", packet);
+			Weird("incompletely_captured_fragment", packet);
 
 			// Don't try to reassemble, that's doomed.
 			// Discard all except the first fragment (which
@@ -174,7 +174,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 			if ( ip_hdr_len > total_len )
 				{
-				sessions->Weird("invalid_IP_header_size", packet);
+				Weird("invalid_IP_header_size", packet);
 				return false;
 				}
 			}
@@ -203,7 +203,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 		if ( ! ignore_checksums && mobility_header_checksum(packet->ip_hdr) != 0xffff )
 			{
-			sessions->Weird("bad_MH_checksum", packet);
+			Weird("bad_MH_checksum", packet);
 			return false;
 			}
 
@@ -211,7 +211,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 			event_mgr.Enqueue(mobile_ipv6_message, packet->ip_hdr->ToPktHdrVal());
 
 		if ( packet->ip_hdr->NextProto() != IPPROTO_NONE )
-			sessions->Weird("mobility_piggyback", packet);
+			Weird("mobility_piggyback", packet);
 
 		return true;
 		}
@@ -249,7 +249,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		if ( ! ( packet->encap &&
 		         packet->encap->LastType() == BifEnum::Tunnel::TEREDO ) )
 			{
-			sessions->Weird("ipv6_no_next", packet);
+			Weird("ipv6_no_next", packet);
 			return_val = false;
 			}
 		break;

src/packet_analysis/protocol/iptunnel/IPTunnel.cc

@@ -29,14 +29,14 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
 
 	if ( ! BifConst::Tunnel::enable_ip )
 		{
-		sessions->Weird("IP_tunnel", packet);
+		Weird("IP_tunnel", packet);
 		return false;
 		}
 
 	if ( packet->encap &&
 	     packet->encap->Depth() >= BifConst::Tunnel::max_depth )
 		{
-		sessions->Weird("exceeded_tunnel_max_depth", packet);
+		Weird("exceeded_tunnel_max_depth", packet);
 		return false;
 		}
 
@@ -52,11 +52,11 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
 		// Check for a valid inner packet first.
 		int result = sessions->ParseIPPacket(len, data, proto, inner);
 		if ( result == -2 )
-			sessions->Weird("invalid_inner_IP_version", packet);
+			Weird("invalid_inner_IP_version", packet);
 		else if ( result < 0 )
-			sessions->Weird("truncated_inner_IP", packet);
+			Weird("truncated_inner_IP", packet);
 		else if ( result > 0 )
-			sessions->Weird("inner_IP_payload_length_mismatch", packet);
+			Weird("inner_IP_payload_length_mismatch", packet);
 
 		if ( result != 0 )
 			{

src/packet_analysis/protocol/linux_sll/LinuxSLL.cc

@@ -14,7 +14,7 @@ bool LinuxSLLAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
 	auto len_sll_hdr = sizeof(SLLHeader);
 	if ( len_sll_hdr >= len )
 		{
-		packet->Weird("truncated_Linux_SLL_header");
+		Weird("truncated_Linux_SLL_header", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/mpls/MPLS.cc

@@ -18,7 +18,7 @@ bool MPLSAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
 		{
 		if ( 4 >= len )
 			{
-			packet->Weird("truncated_link_header");
+			Weird("truncated_link_header", packet);
 			return false;
 			}
 

src/packet_analysis/protocol/nflog/NFLog.cc

@@ -13,7 +13,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
 	{
 	if ( 4 >= len )
 		{
-		packet->Weird("truncated_nflog_header");
+		Weird("truncated_nflog_header", packet);
 		return false;
 		}
 
@@ -23,7 +23,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
 
 	if ( version != 0 )
 		{
-		packet->Weird("unknown_nflog_version");
+		Weird("unknown_nflog_version", packet);
 		return false;
 		}
 
@@ -38,7 +38,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
 		{
 		if ( 4 >= len )
 			{
-			packet->Weird("nflog_no_pcap_payload");
+			Weird("nflog_no_pcap_payload", packet);
 			return false;
 			}
 
@@ -66,7 +66,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
 
 			if ( tlv_len < 4 )
 				{
-				packet->Weird("nflog_bad_tlv_len");
+				Weird("nflog_bad_tlv_len", packet);
 				return false;
 				}
 			else

src/packet_analysis/protocol/null/Null.cc

@@ -13,7 +13,7 @@ bool NullAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
 	{
 	if ( 4 >= len )
 		{
-		packet->Weird("null_analyzer_failed");
+		Weird("null_analyzer_failed", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/ppp_serial/PPPSerial.cc

@@ -13,7 +13,7 @@ bool PPPSerialAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* p
 	{
 	if ( 4 >= len )
 		{
-		packet->Weird("truncated_ppp_serial_header");
+		Weird("truncated_ppp_serial_header", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/pppoe/PPPoE.cc

@@ -13,7 +13,7 @@ bool PPPoEAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
 	{
 	if ( 8 >= len )
 		{
-		packet->Weird("truncated_pppoe_header");
+		Weird("truncated_pppoe_header", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/vlan/VLAN.cc

@@ -13,7 +13,7 @@ bool VLANAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
 	{
 	if ( 4 >= len )
 		{
-		packet->Weird("truncated_VLAN_header");
+		Weird("truncated_VLAN_header", packet);
 		return false;
 		}
 

src/packet_analysis/protocol/wrapper/Wrapper.cc

@@ -25,7 +25,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 
 		if ( data + cfplen + 14 >= end_of_data )
 			{
-			packet->Weird("truncated_link_header_cfp");
+			Weird("truncated_link_header_cfp", packet);
 			return false;
 			}
 
@@ -55,7 +55,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 				{
 				if ( data + 4 >= end_of_data )
 					{
-					packet->Weird("truncated_link_header");
+					Weird("truncated_link_header", packet);
 					return false;
 					}
 
@@ -73,7 +73,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 				{
 				if ( data + 8 >= end_of_data )
 					{
-					packet->Weird("truncated_link_header");
+					Weird("truncated_link_header", packet);
 					return false;
 					}
 
@@ -87,7 +87,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 				else
 					{
 					// Neither IPv4 nor IPv6.
-					packet->Weird("non_ip_packet_in_pppoe_encapsulation");
+					Weird("non_ip_packet_in_pppoe_encapsulation", packet);
 					return false;
 					}
 				}
@@ -111,7 +111,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 		else
 			{
 			// Neither IPv4 nor IPv6.
-			packet->Weird("non_ip_packet_in_ethernet");
+			Weird("non_ip_packet_in_ethernet", packet);
 			return false;
 			}
 		}
@@ -125,7 +125,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 			{
 			if ( data + 4 >= end_of_data )
 				{
-				packet->Weird("truncated_link_header");
+				Weird("truncated_link_header", packet);
 				return false;
 				}
 
@@ -136,7 +136,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 		// We assume that what remains is IP
 		if ( data + sizeof(struct ip) >= end_of_data )
 			{
-			packet->Weird("no_ip_in_mpls_payload");
+			Weird("no_ip_in_mpls_payload", packet);
 			return false;
 			}
 
@@ -149,7 +149,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
 		else
 			{
 			// Neither IPv4 nor IPv6.
-			packet->Weird("no_ip_in_mpls_payload");
+			Weird("no_ip_in_mpls_payload", packet);
 			return false;
 			}
 		}

src/plugin/Manager.cc

@@ -140,8 +140,10 @@ void Manager::SearchDynamicPlugins(const std::string& dir)
 	closedir(d);
 	}
 
-bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found)
+bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found, std::vector<std::string>* errors)
 	{
+	errors->clear(); // caller should pass it in empty, but just to be sure
+
 	dynamic_plugin_map::iterator m = dynamic_plugins.find(util::strtolower(name));
 
 	if ( m == dynamic_plugins.end() )
@@ -160,7 +162,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
 				return true;
 			}
 
-		reporter->Error("plugin %s is not available", name.c_str());
+		errors->push_back(util::fmt("plugin %s is not available", name.c_str()));
 		return false;
 		}
 
@@ -175,6 +177,74 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
 
 	DBG_LOG(DBG_PLUGINS, "Activating plugin %s", name.c_str());
 
+	// Load shared libraries.
+
+	string dypattern = dir + "/lib/*." + HOST_ARCHITECTURE + DYNAMIC_PLUGIN_SUFFIX;
+
+	DBG_LOG(DBG_PLUGINS, "  Searching for shared libraries %s", dypattern.c_str());
+
+	glob_t gl;
+
+	if ( glob(dypattern.c_str(), 0, 0, &gl) == 0 )
+		{
+		for ( size_t i = 0; i < gl.gl_pathc; i++ )
+			{
+			const char* path = gl.gl_pathv[i];
+
+			current_plugin = nullptr;
+			current_dir = dir.c_str();
+			current_sopath = path;
+			void* hdl = dlopen(path, RTLD_NOW | RTLD_GLOBAL);
+			current_dir = nullptr;
+			current_sopath = nullptr;
+
+			if ( ! hdl )
+				{
+				const char* err = dlerror();
+				errors->push_back(util::fmt("cannot load plugin library %s: %s", path, err ? err : "<unknown error>"));
+				continue;
+				}
+
+			if ( ! current_plugin ) {
+				errors->push_back(util::fmt("load plugin library %s did not instantiate a plugin", path));
+				continue;
+			}
+
+			current_plugin->SetDynamic(true);
+			current_plugin->DoConfigure();
+			DBG_LOG(DBG_PLUGINS, "  InitialzingComponents");
+			current_plugin->InitializeComponents();
+
+			plugins_by_path.insert(std::make_pair(util::detail::normalize_path(dir), current_plugin));
+
+			// We execute the pre-script initialization here; this in
+			// fact could be *during* script initialization if we got
+			// triggered via @load-plugin.
+			current_plugin->InitPreScript();
+
+			// Make sure the name the plugin reports is consistent with
+			// what we expect from its magic file.
+			if ( util::strtolower(current_plugin->Name()) != util::strtolower(name) ) {
+				errors->push_back(util::fmt("inconsistent plugin name: %s vs %s",
+						     current_plugin->Name().c_str(), name.c_str()));
+				continue;
+			}
+
+			current_plugin = nullptr;
+			DBG_LOG(DBG_PLUGINS, "  Loaded %s", path);
+			}
+
+		globfree(&gl);
+
+		if ( ! errors->empty() )
+			return false;
+		}
+
+	else
+		{
+		DBG_LOG(DBG_PLUGINS, "  No shared library found");
+		}
+
 	// Add the "scripts" and "bif" directories to ZEEKPATH.
 	std::string scripts = dir + "scripts";
 
@@ -227,104 +297,72 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
 			}
 		}
 
-	// Load shared libraries.
-
-	string dypattern = dir + "/lib/*." + HOST_ARCHITECTURE + DYNAMIC_PLUGIN_SUFFIX;
-
-	DBG_LOG(DBG_PLUGINS, "  Searching for shared libraries %s", dypattern.c_str());
-
-	glob_t gl;
-
-	if ( glob(dypattern.c_str(), 0, 0, &gl) == 0 )
-		{
-		for ( size_t i = 0; i < gl.gl_pathc; i++ )
-			{
-			const char* path = gl.gl_pathv[i];
-
-			current_plugin = nullptr;
-			current_dir = dir.c_str();
-			current_sopath = path;
-			void* hdl = dlopen(path, RTLD_LAZY | RTLD_GLOBAL);
-
-			if ( ! hdl )
-				{
-				const char* err = dlerror();
-				reporter->FatalError("cannot load plugin library %s: %s", path, err ? err : "<unknown error>");
-				}
-
-			if ( ! current_plugin )
-				reporter->FatalError("load plugin library %s did not instantiate a plugin", path);
-
-			current_plugin->SetDynamic(true);
-			current_plugin->DoConfigure();
-			DBG_LOG(DBG_PLUGINS, "  InitialzingComponents");
-			current_plugin->InitializeComponents();
-
-			plugins_by_path.insert(std::make_pair(util::detail::normalize_path(dir), current_plugin));
-
-			// We execute the pre-script initialization here; this in
-			// fact could be *during* script initialization if we got
-			// triggered via @load-plugin.
-			current_plugin->InitPreScript();
-
-			// Make sure the name the plugin reports is consistent with
-			// what we expect from its magic file.
-			if ( util::strtolower(current_plugin->Name()) != util::strtolower(name) )
-				reporter->FatalError("inconsistent plugin name: %s vs %s",
-						     current_plugin->Name().c_str(), name.c_str());
-
-			current_dir = nullptr;
-			current_sopath = nullptr;
-			current_plugin = nullptr;
-
-			DBG_LOG(DBG_PLUGINS, "  Loaded %s", path);
-			}
-
-		globfree(&gl);
-		}
-
-	else
-		{
-		DBG_LOG(DBG_PLUGINS, "  No shared library found");
-		}
-
 	// Mark this plugin as activated by clearing the path.
 	m->second.clear();
 
 	return true;
 	}
 
-bool Manager::ActivateDynamicPlugin(const std::string& name)
+void Manager::ActivateDynamicPlugin(const std::string& name)
 	{
-	if ( ! ActivateDynamicPluginInternal(name) )
-		return false;
-
-	UpdateInputFiles();
-	return true;
+	std::vector<std::string> errors;
+	if ( ActivateDynamicPluginInternal(name, false, &errors) )
+		UpdateInputFiles();
+	else
+		// Reschedule for another attempt later.
+		requested_plugins.insert(std::move(name));
 	}
 
-bool Manager::ActivateDynamicPlugins(bool all)
-	{
+void Manager::ActivateDynamicPlugins(bool all) {
+	// Tracks plugins we need to activate as pairs of their names and booleans
+	// indicating whether an activation failure is to be deemed a fatal error.
+	std::set<std::pair<std::string, bool>> plugins_to_activate;
+
+	// Activate plugins that were specifically requested.
+	for ( const auto& x : requested_plugins )
+		plugins_to_activate.emplace(x, false);
+
 	// Activate plugins that our environment tells us to.
 	vector<string> p;
 	util::tokenize_string(util::zeek_plugin_activate(), ",", &p);
 
-	for ( size_t n = 0; n < p.size(); ++n )
-		ActivateDynamicPluginInternal(p[n], true);
+	for ( const auto& x : p )
+		plugins_to_activate.emplace(x, true);
 
 	if ( all )
 		{
-		for ( dynamic_plugin_map::const_iterator i = dynamic_plugins.begin();
-		      i != dynamic_plugins.end(); i++ )
+		// Activate all other ones we discovered.
+		for ( const auto& x : dynamic_plugins )
+			plugins_to_activate.emplace(x.first, false);
+		}
+
+	// Now we keep iterating over all the plugins, trying to load them, for as
+	// long as we're successful for at least one further of them each round.
+	// Doing so ensures that we can resolve (non-cyclic) load dependencies
+	// independent of any particular order.
+	while ( ! plugins_to_activate.empty() ) {
+		std::vector<std::string> errors;
+		auto plugins_left = plugins_to_activate;
+
+		for ( const auto& x : plugins_to_activate )
 			{
-			if ( ! ActivateDynamicPluginInternal(i->first) )
-				return false;
+			if ( ActivateDynamicPluginInternal(x.first, x.second, &errors) )
+				plugins_left.erase(x);
 			}
+
+		if ( plugins_left.size() == plugins_to_activate.size() )
+			{
+			// Could not load a single further plugin this round, that's fatal.
+			for ( const auto& msg : errors )
+				reporter->Error("%s", msg.c_str());
+
+			reporter->FatalError("aborting after plugin errors");
+			}
+
+		plugins_to_activate = std::move(plugins_left);
 		}
 
 	UpdateInputFiles();
-
-	return true;
 	}
 
 void Manager::UpdateInputFiles()

src/plugin/Manager.h

@@ -2,9 +2,10 @@
 
 #pragma once
 
-#include <utility>
 #include <map>
+#include <set>
 #include <string_view>
+#include <utility>
 
 #include "zeek/plugin/Plugin.h"
 #include "zeek/plugin/Component.h"
@@ -79,28 +80,25 @@ public:
 	 * Activating a plugin involves loading its dynamic module, making its
 	 * bifs available, and adding its script paths to ZEEKPATH.
 	 *
+	 * This attempts to activate the plugin immediately. If that fails for
+	 * some reason, we schedule it to be retried later with
+	 * ActivateDynamicPlugins().
+	 *
 	 * @param name The name of the plugin, as found previously by
-	 * SearchPlugin().
-	 *
-	 * @return True if the plugin has been loaded successfully.
-	 *
+	·* SearchPlugin().
 	 */
-	bool ActivateDynamicPlugin(const std::string& name);
+	void ActivateDynamicPlugin(const std::string& name);
 
 	/**
-	 * Activates plugins that SearchDynamicPlugins() has previously discovered.
-	 * The effect is the same all calling \a ActivePlugin(name) for each plugin.
+	 * Activates plugins that SearchDynamicPlugins() has previously discovered,
+	 * including any that have failed to load in prior calls to
+	 * ActivateDynamicPlugin(). Aborts if any plugins fails to activate.
 	 *
 	 * @param all If true, activates all plugins that are found. If false,
 	 * activates only those that should always be activated unconditionally,
-	 * as specified via the ZEEK_PLUGIN_ACTIVATE enviroment variable. In other
-	 * words, it's \c true in standard mode and \c false in bare mode.
-	 *
-	 * @return True if all plugins have been loaded successfully. If one
-	 * fails to load, the method stops there without loading any further ones
-	 * and returns false.
+	 * as specified via the ZEEK_PLUGIN_ACTIVATE environment variable.
 	 */
-	bool ActivateDynamicPlugins(bool all);
+	void ActivateDynamicPlugins(bool all);
 
 	/**
 	 * First-stage initializion of the manager. This is called early on
@@ -413,11 +411,15 @@ public:
 	static void RegisterBifFile(const char* plugin, bif_init_func c);
 
 private:
-	bool ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found = false);
+	bool ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found, std::vector<std::string>* errors);
 	void UpdateInputFiles();
 	void MetaHookPre(HookType hook, const HookArgumentList& args) const;
 	void MetaHookPost(HookType hook, const HookArgumentList& args, HookArgument result) const;
 
+	// Plugins that were explicitly requested to be activated, but failed to
+	// load at first.
+	std::set<std::string> requested_plugins;
+
 	 // All found dynamic plugins, mapping their names to base directory.
 	using dynamic_plugin_map = std::map<std::string, std::string>;
 	dynamic_plugin_map dynamic_plugins;

src/reporter.bif

@@ -91,9 +91,9 @@ function Reporter::fatal_error_with_core%(msg: string%): bool
 ## name: the name of the weird.
 ##
 ## Returns: Always true.
-function Reporter::net_weird%(name: string%): bool
+function Reporter::net_weird%(name: string, addl: string &default="", source: string &default=""%): bool
 	%{
-	reporter->Weird(name->CheckString());
+	reporter->Weird(name->CheckString(), addl->CheckString(), source->CheckString());
 	return zeek::val_mgr->True();
 	%}
 
@@ -106,9 +106,9 @@ function Reporter::net_weird%(name: string%): bool
 ## resp: the responder host associated with the weird.
 ##
 ## Returns: Always true.
-function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool
+function Reporter::flow_weird%(name: string, orig: addr, resp: addr, addl: string &default="", source: string &default=""%): bool
 	%{
-	reporter->Weird(orig->AsAddr(), resp->AsAddr(), name->CheckString());
+	reporter->Weird(orig->AsAddr(), resp->AsAddr(), name->CheckString(), addl->CheckString(), source->CheckString());
 	return zeek::val_mgr->True();
 	%}
 
@@ -121,17 +121,17 @@ function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool
 ## addl: additional information to accompany the weird.
 ##
 ## Returns: Always true.
-function Reporter::conn_weird%(name: string, c: connection, addl: string &default=""%): bool
+function Reporter::conn_weird%(name: string, c: connection, addl: string &default="", source: string &default=""%): bool
 	%{
 	if ( c )
-		reporter->Weird(c, name->CheckString(), addl->CheckString());
+		reporter->Weird(c, name->CheckString(), addl->CheckString(), source->CheckString());
 	else
 		{
 		auto connection_record = @ARG@[1]->AsRecordVal();
 		auto conn_id_val = connection_record->GetField<RecordVal>("id");
 		auto uid_val = connection_record->GetField<StringVal>("uid");
 		reporter->Weird(conn_id_val, uid_val,
-		                name->CheckString(), addl->CheckString());
+		                name->CheckString(), addl->CheckString(), source->CheckString());
 		}
 
 	return zeek::val_mgr->True();
@@ -146,7 +146,7 @@ function Reporter::conn_weird%(name: string, c: connection, addl: string &defaul
 ## addl: additional information to accompany the weird.
 ##
 ## Returns: true if the file was still valid, else false.
-function Reporter::file_weird%(name: string, f: fa_file, addl: string &default=""%): bool
+function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="", source: string&default=""%): bool
 	%{
 	auto fuid = f->AsRecordVal()->GetField(0)->AsStringVal();
 	auto file = zeek::file_mgr->LookupFile(fuid->CheckString());
@@ -154,7 +154,7 @@ function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="
 	if ( ! file )
 		return zeek::val_mgr->False();
 
-	reporter->Weird(file, name->CheckString(), addl->CheckString());
+	reporter->Weird(file, name->CheckString(), addl->CheckString(), source->CheckString());
 	return zeek::val_mgr->True();
 	%}
 

src/strings.bif

@@ -1405,7 +1405,7 @@ function swap_case%(str: string%) : string
 	%}
 
 ## Converts a string to Title Case. This changes the first character of each sequence of non-space characters
-## in the string to be capitalized. See https://docs.python.org/2/library/stdtypes.html#str.title for more info.
+## in the string to be capitalized. See https://docs.python.org/3/library/stdtypes.html#str.title for more info.
 ##
 ## str: The string to convert.
 ##

src/zeek-setup.cc

@@ -606,17 +606,8 @@ SetupResult setup(int argc, char** argv, Options* zopts)
 	file_mgr->InitPreScript();
 	zeekygen_mgr->InitPreScript();
 
-	bool missing_plugin = false;
-
-	for ( set<string>::const_iterator i = requested_plugins.begin();
-	      i != requested_plugins.end(); i++ )
-		{
-		if ( ! plugin_mgr->ActivateDynamicPlugin(*i) )
-			missing_plugin = true;
-		}
-
-	if ( missing_plugin )
-		reporter->FatalError("Failed to activate requested dynamic plugin(s).");
+	for ( const auto& x : requested_plugins )
+		plugin_mgr->ActivateDynamicPlugin(std::move(x));
 
 	plugin_mgr->ActivateDynamicPlugins(! options.bare_mode);
 

src/zeek.bif

@@ -2537,6 +2537,30 @@ function interval_to_double%(i: interval%): double
 	return zeek::make_intrusive<zeek::DoubleVal>(i);
 	%}
 
+## Converts a :zeek:type:`count` to a :zeek:type:`double`.
+##
+## c: The :zeek:type:`count` to convert.
+##
+## Returns: The :zeek:type:`count` *c* as :zeek:type:`double`.
+##
+## .. zeek:see:: int_to_double double_to_count
+function count_to_double%(c: count%): double
+	%{
+	return zeek::make_intrusive<zeek::DoubleVal>(c);
+	%}
+
+## Converts an :zeek:type:`int` to a :zeek:type:`double`.
+##
+## i: The :zeek:type:`int` to convert.
+##
+## Returns: The :zeek:type:`int` *i* as :zeek:type:`double`.
+##
+## .. zeek:see:: count_to_double double_to_count
+function int_to_double%(i: int%): double
+	%{
+	return zeek::make_intrusive<zeek::DoubleVal>(i);
+	%}
+
 ## Converts a :zeek:type:`time` value to a :zeek:type:`double`.
 ##
 ## t: The :zeek:type:`time` to convert.

testing/btest/Baseline/bifs.decode_base64_conn/weird.log

@@ -1,12 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2019-06-07-01-59-08
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1254722767.875996	ClEkJM2Vm5giqnMf4h	10.10.1.4	1470	74.53.140.153	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	zeek
-1437831787.861602	CmES5u32sYpV7JYN	192.168.133.100	49648	192.168.133.102	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	zeek
-1437831799.610433	C3eiCBGOLw3VtHfOj	192.168.133.100	49655	17.167.150.73	443	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	zeek
-#close	2019-06-07-01-59-08
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.10.1.4	1470	74.53.140.153	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	zeek	-
+XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	192.168.133.100	49648	192.168.133.102	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	zeek	-
+XXXXXXXXXX.XXXXXX	C3eiCBGOLw3VtHfOj	192.168.133.100	49655	17.167.150.73	443	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/bifs.to_double/out

@@ -4,3 +4,6 @@
 3600.0
 86400.0
 1342748947.655087
+0.0
+10000.0
+-41.0

testing/btest/Baseline/core.checksums/bad.out

@@ -1,103 +1,104 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-07
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332784981.078396	-	127.0.0.1	0	127.0.0.1	0	bad_IP_checksum	-	F	zeek
-#close	2020-10-14-18-44-07
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	127.0.0.1	0	127.0.0.1	0	bad_IP_checksum	-	F	zeek	IP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-08
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332784885.686428	CHhAvVGS1DHFjwGM9	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	zeek
-#close	2020-10-14-18-44-08
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	zeek	TCP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-08
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332784933.501023	CHhAvVGS1DHFjwGM9	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	zeek
-#close	2020-10-14-18-44-08
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	zeek	UDP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-09
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334075363.536871	CHhAvVGS1DHFjwGM9	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	zeek
-#close	2020-10-14-18-44-09
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	zeek	ICMP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-10
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332785210.013051	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek
-1332785210.013051	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	zeek
-#close	2020-10-14-18-44-10
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	zeek	TCP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-10
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332782580.798420	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek
-1332782580.798420	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	zeek
-#close	2020-10-14-18-44-10
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	zeek	UDP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-11
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334075111.800086	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek
-1334075111.800086	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	zeek
-#close	2020-10-14-18-44-11
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	zeek	ICMP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-11
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332785250.469132	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	zeek
-#close	2020-10-14-18-44-11
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	zeek	TCP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-12
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332781342.923813	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	zeek
-#close	2020-10-14-18-44-12
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	zeek	UDP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-12
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334074939.467194	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	zeek
-#close	2020-10-14-18-44-12
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	zeek	ICMP
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/core.checksums/good.out

@@ -1,70 +1,71 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-12
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334074939.467194	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	zeek
-#close	2020-10-14-18-44-12
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	zeek	ICMP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-15
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332785125.596793	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek
-#close	2020-10-14-18-44-15
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-15
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1332782508.592037	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek
-#close	2020-10-14-18-44-15
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-16
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek
-#close	2020-10-14-18-44-16
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-16
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek
-#close	2020-10-14-18-44-16
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-16
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek
-#close	2020-10-14-18-44-16
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-44-16
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek
-#close	2020-10-14-18-44-16
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/core.ip-broken-header/weird.log

@@ -1,471 +1,472 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-18-45-20
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1500557630.000000	-	b100:7265::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	b100:7265:6300::8004:ef	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:ff:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557630.000000	-	-	-	-	-	unknown_ip_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929:1000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:0:ffff:9ff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6900:0:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:2304:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:28fd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:6369:2a29::	0	0:80:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6900:0:400:2a29:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fb2a:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffbf:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:fcff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff02:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff32:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929:1000:0:6904:27ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:3afd:ffff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:69ff:ffff:ffff:ffff:ffff	0	3b1e:400:ff:0:6929:c200:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:700:fe:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	40:3bff:bf:0:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:840:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00:40:0:21ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:ffff:ffff:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::	0	80:ff00:40:0:ff7f:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:ff3a	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:0:ff00:69:2980:0:69	0	c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:e374:6929::6927:ff	0	0:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:2705:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:63ce:80:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29:0:4:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:3af7	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7df	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:840:0:ffff:ff01::	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:71fd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:2:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0:7265:6374:6929:ff:0:27ff:28	0	126:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:fffe:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:69ff:ff00:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:fef9:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ff3a:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:6904:40	0	bf:ff3b:0:ff00:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:8000::ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6927:ff	0	38bf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:69ff:ffff:ffff:ffff:ffff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:80:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:5:1ff:f7ff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:ff:ff00:6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:180::	0	bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:0:ff00:69:2980:0:29	0	c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929:600:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7463:2a72:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b000:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0:7265:6374:6929:ff:27:a800:ff	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:f9fe:ffbf:ffff:0:ff28:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.0.65.95	0	ip_hdr_len_zero	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.0.65.95	0	invalid_IP_header_size	-	F	zeek
-1500557631.000000	-	b100:7265:6374:7129:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b101:0:74:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7fd	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fb03:12ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	400:fffe:bfff::ecec:ecfc:ecec	0	ecec:ecec:ecec:ec00:ffff:ffff:fffd:ffff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:6369:aa29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:2600:0:8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:8000:40:0:16ef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:0:1000:6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	ff00:bf3b:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b800:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:f2:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:3a40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:91:8bd6:ff00:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:5445:52ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:8b:0:ffff:ffff:f7fd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fff7:820	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:9d8b:d5d5:ffff:fffc:ffff:ffff	0	3bbf:ff00:40:6e:756d:5f70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b198:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929:0:100:6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:0:100:0:480:ffbf	0	3bff:0:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29:2:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:fff8:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9cc2:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:f8fe:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29:ffff:ffff:ff21:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6b74:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:ffff:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7229:6374:6929::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:f7fd:ffff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b104:7265:6374:2a29::6904:ff	0	3bbf:ff03:40:0:ffff:ffff:f5fd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:8000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.0.255.255	0	ip_hdr_len_zero	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.0.255.255	0	invalid_IP_header_size	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6900:8000:400:2a29:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:4900:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:636f:6d29::5704:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:723a:6374:6929::6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00::ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0:7265:6374:6929:ff:0:27ff:28	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929:100:0:6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:0:ffff:6804:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6927:0	0	80bf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6827:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:440:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff00:40::80ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:908	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00::ffff:ff03:bffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:6300:0:8000:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:8e00:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:9f74:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::	0	80:ff00:40:0:ffff:ffff:fffd:f701	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300::8004:ff	0	3b3f:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:6e:7d6d:5f70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:fbff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:9529:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:3600:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bb7:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.53.0.0	0	ip_hdr_len_zero	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.53.0.0	0	invalid_IP_header_size	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:39:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:ffff:fbfd:ffff:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929:0:8000:6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7228:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff80::ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7fc	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c00:7265:6374:6929::6927:ff	0	100:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7200:6300:4:ff27:65fe:bfff:ff	0	ffff:0:ffff:ff3a:f700:8000:20:8ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:47:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f706	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:e369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265::6904:2aff	0	c540:ff:ffbf:ffde:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300::8001:0	0	::40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0:7265:6374:6929:ff:27:2800:ff	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:f8:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:900:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7d8	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	ffff:ff27:ffff:ffff::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:f7ff:fdff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:0:3a00:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:0:ff40:ff00:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:63ce:29:69:7400:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:6500:72:6369:2a:2900:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:2100::8004:ef	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:6e:756d:5f70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:100::	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.0.0.0	0	ip_hdr_len_zero	-	F	zeek
-1500557631.000000	-	0.0.0.0	0	0.0.0.0	0	invalid_IP_header_size	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:1:0:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:ff:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929:0:69:4:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557631.000000	-	b100:7265:6374:6929::ff:3bff	0	4bf:8080:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:0:4ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:63f4:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6900:0:400:2a29:2aff	0	3bbf:ff00:3a:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:637b:6929::6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:340:80:ffef:ffff:fffd:f7fb	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b300:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:ae74:6929:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6374:6929::6904:1	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929:ff:ffff:ffff:ffff	0	ffbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ff01:1:ffff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929:0:4:0:80ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:0:40ff:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ff7a:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:434f:4e54:454e:5453:5f44	0	4ebf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:ff:ff:fff7:ffff:fdff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:0:80::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:900	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::8004:ff	0	3b01::ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929:3a00:0:6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::692a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffd8:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8004:ff	0	3bbf:40:8:ff00:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6927:bf	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:69a9::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:5265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::97fb:ff00	0	c440:108:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:8000	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	32.0.8.99	0	0.0.0.0	0	invalid_IP_header_size	-	F	zeek
-1500557632.000000	-	b100:6500:72:6369:2a29:0:6980:ff	0	3bbf:8000:40:0:16ef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::693b:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	0.0.0.0	0	0.255.255.255	0	ip_hdr_len_zero	-	F	zeek
-1500557632.000000	-	0.0.0.0	0	0.255.255.255	0	invalid_IP_header_size	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6928:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:5049:415f:5544:5000:0:6904:5544	0	50bf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929:0:1000:8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:3c0:ffff::fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6927:ff	0	fe:8d9a:948b:96d6:ff00:21:6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::8014:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6301::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:63ce:69:7421:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:69:d529:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff27:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff02:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	ffff:ffff:ffff:ffff::8004:ff	0	ffff:ffff:ffff:ff00:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	7200:65:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7263:692a:7429::6904:ff	0	3b:bf00:40ff:0:ffff:ffff:ffff:3af7	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6306:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffe:1ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	50ff:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6900:2900:0:6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6305:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	101.99.116.105	0	41.0.255.0	0	invalid_IP_header_size	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6927:ff	0	::40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	0:7265:6374:6900:0:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	2700:7265:6300:0:100:0:8004:ff00	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7200:400:65:6327:101:3ffe:ff	0	ffff:0:ffff:ff3a:2000:f8d4:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:ff:ff00:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:637c:6900:0:400:2a29:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:e374:6929::6904:ff	0	3bbf:ff00:40:a:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:fd00:40:0:fffc:ffff:f720:fd3a	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:722a:2374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ef	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:2a29:ffff:ffff:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:ff01:0	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:fff2:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:2704:40:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8004:ff	0	6800:f265:6374:6929:11:27:c00:68	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:725f:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7200:400:65:6327:fffe:bfff:0	0	5000:ff:ffff:ffff:fdf7:ff3a:2000:800	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:8000:0	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:722a:6374:6929:400:4:0:ff69	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	7dbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8084:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929:0:ffff:ffff:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:2a29:100:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ff00:ffff:3a20:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ff7d:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:72:6369:2a22:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b300:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40::ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:80:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8004:3a	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff00:0:8080	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2008:2b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:3b00:ff:0:6929:0:f7fd:ffff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929:9:0:9704:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:80fd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ffcc:c219:aa00:0:c9:640d:eb3c	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:a78b:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3bff:4000:bf00:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:5265:6300::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7218:400:65:6327:fffe:bfff:ff	0	ffff:20:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	71.97.99.109	0	0.16.0.41	0	ip_hdr_len_zero	-	F	zeek
-1500557632.000000	-	71.97.99.109	0	0.16.0.41	0	invalid_IP_header_size	-	F	zeek
-1500557632.000000	-	b100:7221:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929:ffff:ffff:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:7fef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:d0d6:ffff:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:29ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:6:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:0:ecff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffef:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:e929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:27ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	3a00:7265:6374:6929::8004:ff	0	c540:fe:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:40:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f728	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	65:63b1:7274:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::2104:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6328:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	f100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:72:6328:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7200:400:65:ffff:ffff:ffff:ffff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:fdff:ffff:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6127:fb	0	3bbf:6500:6fd:188:4747:4747:61fd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:7fff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:27ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff4e:5654:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374::80:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8004:3b	0	ff:ffbf:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:6500:91:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:840:ff:ffff:feff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6301::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:ffff:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	40:0:ff3b:bf:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6927:10ff	0	0:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6329:ffff:2a74:ffff:ffff:ffff	0	3bbf:ff00:40:6e:756d:3b70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	143.9.0.0	0	0.98.0.237	0	ip_hdr_len_zero	-	F	zeek
-1500557632.000000	-	143.9.0.0	0	0.98.0.237	0	invalid_IP_header_size	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:feff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	fffb:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7200:6365::8004:ff	0	3bbf:ff00:840:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	0:7265:6374:6929:ff:27:2800:ff	0	100:0:143:4f4e:5445:4e00:0:704c	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ff02:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557632.000000	-	b100:7265:6374:6909::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00:40:0:feff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:2a60	0	3bbf:ff00:40:21:ffff:ffff:ffbd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:8040:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	2a72:6300:b165:7429:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:639a:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::ff00:480	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:0:8::	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b000:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:21e6:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6301:0:29:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:ff:ff40:0:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::3b04:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::8804:ff	0	3bbf:ff80:40:0:ffff:ffff:102:800	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	33bf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:60:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:ff	0	3b9f:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b13b:bfff:0:4000:ff:ffff:ffff:fdf7	0	ff3a:2000:800:1e04:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:0	0	::80:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b165:6300:7274:6929::400:ff	0	3bbf:ff00:40:0:ffff:ffff:f7fd:ffff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff3b	0	0:bfff:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::3b:bfff	0	ff04:0:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:69:74a9:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:2aff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:6374:65:69:7229:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6377:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b128:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:4:0:6904:ff	0	3b1e:400:ff:0:6929:2700:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:722a:6374:6929::6904:ff	0	3bbf:fd00:40:0:ffff:ffff:ffff:3af7	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:722a:6374:6929::6968:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:69:7429:0:6904:ff	0	3bff:bf00:40:0:ffff:ffff:fffd:e7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7261:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:7929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:df00::80ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7263:65ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:f8:0:ff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:692d::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::4:fd	0	c3bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:3b	0	bf:ffff:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6900:ec00:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	e21e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6928:ffff:fd00:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff3b:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::ff00:bfff	0	3b00:400:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:520:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ffff	0	ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:28:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::80fb:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c2a:7200:6374:6929:1000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:693a::6127:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ff7f:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:6929:0:fffe:bfff:ff	0	ffff:ff68:0:4000:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ef	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:2700:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:6929::6904:ff	0	3bbf:ff00:40:27:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::2a:0	0	::6a:ffff:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6900:a:400:2a29:3b2a	0	ffbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b1ff:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:6500:72:6369:2a29:3b00:690a:ff	0	3bbf:fb00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:722a:6374::	0	ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:722a:6374:6929:1000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:2aff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:60:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:9500:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7200:63:65::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:2704:0:fffe:bfff:fc	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6900:0	0	80bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:63ce:69:2129:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:3a:ffef:ff:ffff:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:c1:800:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:9265:6300:69:7429:0:690a:ff	0	40:3bff:bf:0:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:ffff:dffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::	0	80:ff00:40:0:1ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:724a:6374:6929::	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:f6	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:2704:0:fffe:bfff:0	0	ffff:ff:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6500:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:0:a:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6900::2900:0	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	68.80.95.104	0	109.115.117.0	0	ip_hdr_len_zero	-	F	zeek
-1500557633.000000	-	68.80.95.104	0	109.115.117.0	0	invalid_IP_header_size	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6374:692b::6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6900:29:0:6914:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:6500:72:e369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f728	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	8:1e:400:ff00:0:3200:8004:ff	0	3bff:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:f7fd	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:8ba:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300::8004:ff	0	48bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7365:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:5600:800:2b00:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:4021:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	0:7265:6374:6929:ff:6:27ff:28	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6b74:6909::6904:ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ff48:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:7400:2969:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:69:7429:0:690a:ff	0	40:3bff:c5:0:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265::6904:2a3a	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:f9ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7261:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:9fd6:ffff:2:800	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6300:69:7429:8000:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	ffff:ffff:ffff:ffff::	0	::40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:400:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:6929::ff00:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:fffe:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:ffff::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	4f00:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929::6904:ff	0	3b1e:8000::6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:1:400:8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	0.255.255.0	0	0.0.0.0	0	ip_hdr_len_zero	-	F	zeek
-1500557633.000000	-	0.255.255.0	0	0.0.0.0	0	invalid_IP_header_size	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:4:0:6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:342b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:6929:400:0:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ffa8:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffdd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	b100:7265:1::69	0	c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557633.000000	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:ffff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	9c00:722a:6374:6929:1001:900:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:40:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	9c00:722a:6374:6929::6904:eff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	ffdb:ffff:3b00::ff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:60:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6374:6929:ffff:ffff:8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6300:669:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6374:6929::693b:bdff	0	0:4000:ff:ffff:fdff:fff7:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	0.71.103.97	0	99.116.0.128	0	invalid_IP_header_size	-	F	zeek
-1500557634.000000	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:ff00:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:63ce:69:7429:0:690a:b1	0	3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:40:0:29ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	6500:0:6fd:188:4747:4747:6163:7400	0	0:2c29:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	9c00:722a:6374:6929:8000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:6500:72:6369:2900:2a00:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6374:2a29::6904:ff	0	29bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:10:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	9c00:7265:6374:6929::612f:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ffc3:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	9c00:722a:6374:6929:1000:100:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f728	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:6374:6929:ff:ffff:ff04:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	b100:7265:0:ff00:69:2980:0:69	0	c4ff:bf00:ff00:3b:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-1500557634.000000	-	9c00:7265:6374:69d1::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-#close	2020-10-14-18-45-20
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	b100:7265::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ef	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:ff:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	-	-	-	-	unknown_ip_version	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:1000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:0:ffff:9ff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900:0:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2304:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:28fd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29::	0	0:80:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900:0:400:2a29:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fb2a:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffbf:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:fcff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff02:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff32:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:1000:0:6904:27ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:3afd:ffff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:69ff:ffff:ffff:ffff:ffff	0	3b1e:400:ff:0:6929:c200:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:700:fe:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	40:3bff:bf:0:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:840:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00:40:0:21ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:ffff:ffff:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::	0	80:ff00:40:0:ff7f:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:ff3a	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:0:ff00:69:2980:0:69	0	c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:e374:6929::6927:ff	0	0:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2705:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:80:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:0:4:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:3af7	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7df	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:840:0:ffff:ff01::	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:71fd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:2:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0:7265:6374:6929:ff:0:27ff:28	0	126:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:fffe:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:69ff:ff00:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:fef9:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ff3a:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:6904:40	0	bf:ff3b:0:ff00:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:8000::ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	38bf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:69ff:ffff:ffff:ffff:ffff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:80:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:5:1ff:f7ff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:ff:ff00:6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:180::	0	bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:0:ff00:69:2980:0:29	0	c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929:600:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7463:2a72:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b000:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0:7265:6374:6929:ff:27:a800:ff	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:f9fe:ffbf:ffff:0:ff28:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.0.65.95	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.0.65.95	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:7129:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b101:0:74:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7fd	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fb03:12ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	400:fffe:bfff::ecec:ecfc:ecec	0	ecec:ecec:ecec:ec00:ffff:ffff:fffd:ffff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:aa29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:2600:0:8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:8000:40:0:16ef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:1000:6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	ff00:bf3b:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b800:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:f2:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:3a40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:91:8bd6:ff00:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:5445:52ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:8b:0:ffff:ffff:f7fd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fff7:820	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:9d8b:d5d5:ffff:fffc:ffff:ffff	0	3bbf:ff00:40:6e:756d:5f70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b198:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929:0:100:6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:0:100:0:480:ffbf	0	3bff:0:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:2:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:fff8:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9cc2:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:f8fe:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:ff21:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6b74:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:ffff:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7229:6374:6929::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:f7fd:ffff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b104:7265:6374:2a29::6904:ff	0	3bbf:ff03:40:0:ffff:ffff:f5fd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:8000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.0.255.255	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.0.255.255	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900:8000:400:2a29:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:4900:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:636f:6d29::5704:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:723a:6374:6929::6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00::ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0:7265:6374:6929:ff:0:27ff:28	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929:100:0:6127:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:ffff:6804:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:0	0	80bf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6827:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:440:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff00:40::80ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:908	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00::ffff:ff03:bffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6300:0:8000:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:8e00:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:9f74:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::	0	80:ff00:40:0:ffff:ffff:fffd:f701	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3b3f:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:6e:7d6d:5f70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:fbff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:9529:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:3600:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bb7:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.53.0.0	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.53.0.0	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:39:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:ffff:fbfd:ffff:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929:0:8000:6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7228:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff80::ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7fc	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	100:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:6300:4:ff27:65fe:bfff:ff	0	ffff:0:ffff:ff3a:f700:8000:20:8ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:47:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f706	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:e369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265::6904:2aff	0	c540:ff:ffbf:ffde:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8001:0	0	::40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0:7265:6374:6929:ff:27:2800:ff	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:f8:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:900:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7d8	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffff:ff27:ffff:ffff::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:f7ff:fdff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:3a00:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:0:ff40:ff00:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:29:69:7400:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a:2900:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:2100::8004:ef	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:6e:756d:5f70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:100::	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.0.0.0	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.0.0.0	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:1:0:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:ff:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:69:4:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::ff:3bff	0	4bf:8080:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:0:4ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63f4:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900:0:400:2a29:2aff	0	3bbf:ff00:3a:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:637b:6929::6904:ff	0	3b00:40:ffbf:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:340:80:ffef:ffff:fffd:f7fb	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b300:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:ae74:6929:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6374:6929::6904:1	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:ff:ffff:ffff:ffff	0	ffbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ff01:1:ffff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:4:0:80ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:0:40ff:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ff7a:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:434f:4e54:454e:5453:5f44	0	4ebf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:ff:ff:fff7:ffff:fdff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:0:80::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:900	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3b01::ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:3a00:0:6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::692a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:ffff:ffd8:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:40:8:ff00:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:bf	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:69a9::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:5265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::97fb:ff00	0	c440:108:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:8000	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	32.0.8.99	0	0.0.0.0	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:6980:ff	0	3bbf:8000:40:0:16ef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::693b:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.255.255.255	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	0.0.0.0	0	0.255.255.255	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6928:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:5049:415f:5544:5000:0:6904:5544	0	50bf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:1000:8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:3c0:ffff::fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	fe:8d9a:948b:96d6:ff00:21:6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8014:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6301::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7421:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:d529:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff27:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff02:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffff:ffff:ffff:ffff::8004:ff	0	ffff:ffff:ffff:ff00:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	7200:65:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7263:692a:7429::6904:ff	0	3b:bf00:40ff:0:ffff:ffff:ffff:3af7	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6306:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffe:1ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	50ff:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6900:2900:0:6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6305:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	101.99.116.105	0	41.0.255.0	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	::40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0:7265:6374:6900:0:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	2700:7265:6300:0:100:0:8004:ff00	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:6327:101:3ffe:ff	0	ffff:0:ffff:ff3a:2000:f8d4:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:ff:ff00:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:637c:6900:0:400:2a29:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:e374:6929::6904:ff	0	3bbf:ff00:40:a:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:fd00:40:0:fffc:ffff:f720:fd3a	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:2374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ef	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:ff01:0	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:fff2:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:40:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	6800:f265:6374:6929:11:27:c00:68	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:725f:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:6327:fffe:bfff:0	0	5000:ff:ffff:ffff:fdf7:ff3a:2000:800	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:8000:0	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:400:4:0:ff69	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	7dbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8084:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:ffff:ffff:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:100:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ff00:ffff:3a20:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ff7d:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a22:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b300:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40::ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:80:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:3a	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff00:0:8080	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2008:2b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:3b00:ff:0:6929:0:f7fd:ffff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:9:0:9704:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:80fd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ffcc:c219:aa00:0:c9:640d:eb3c	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:a78b:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bff:4000:bf00:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:5265:6300::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7218:400:65:6327:fffe:bfff:ff	0	ffff:20:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	71.97.99.109	0	0.16.0.41	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	71.97.99.109	0	0.16.0.41	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7221:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:ffff:ffff:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:7fef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:d0d6:ffff:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:0:29ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:6:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:0:ecff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffef:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:e929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:27ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	3a00:7265:6374:6929::8004:ff	0	c540:fe:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:40:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f728	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	65:63b1:7274:6929::8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::2104:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6328:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	f100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6328:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:ffff:ffff:ffff:ffff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:fdff:ffff:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:fb	0	3bbf:6500:6fd:188:4747:4747:61fd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:7fff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:27ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff4e:5654:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374::80:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:3b	0	ff:ffbf:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:91:6369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:840:ff:ffff:feff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6301::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:ffff:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	40:0:ff3b:bf:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:10ff	0	0:7265:6374:6929::6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6329:ffff:2a74:ffff:ffff:ffff	0	3bbf:ff00:40:6e:756d:3b70:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	143.9.0.0	0	0.98.0.237	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	143.9.0.0	0	0.98.0.237	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:feff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	fffb:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:6365::8004:ff	0	3bbf:ff00:840:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0:7265:6374:6929:ff:27:2800:ff	0	100:0:143:4f4e:5445:4e00:0:704c	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ff02:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6909::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:100:0:4:ff	0	3bbf:ff00:40:0:feff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:2a60	0	3bbf:ff00:40:21:ffff:ffff:ffbd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6127:ff	0	3bbf:ff00:8040:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	2a72:6300:b165:7429:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:639a:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::ff00:480	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:8::	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b000:7265:63ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:21e6:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6301:0:29:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:ff:ff40:0:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::3b04:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8804:ff	0	3bbf:ff80:40:0:ffff:ffff:102:800	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	33bf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:60:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3b9f:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b13b:bfff:0:4000:ff:ffff:ffff:fdf7	0	ff3a:2000:800:1e04:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:0	0	::80:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b165:6300:7274:6929::400:ff	0	3bbf:ff00:40:0:ffff:ffff:f7fd:ffff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff3b	0	0:bfff:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::3b:bfff	0	ff04:0:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:74a9:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:6904:ff	0	3bbf:ff00:40:0:ffff:2aff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6374:65:69:7229:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6377:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b128:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:4:0:6904:ff	0	3b1e:400:ff:0:6929:2700:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929::6904:ff	0	3bbf:fd00:40:0:ffff:ffff:ffff:3af7	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929::6968:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:6904:ff	0	3bff:bf00:40:0:ffff:ffff:fffd:e7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7261:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:7929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:df00::80ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7263:65ce:69:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffff:ffff:ffff:ffff::8004:ff	0	3bbf:ff01:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:f8:0:ff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:692d::6927:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:fd	0	c3bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:3b	0	bf:ffff:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900:ec00:400:2a29:6aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	e21e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6928:ffff:fd00:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:40:0:ffff:ff3b:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::ff00:bfff	0	3b00:400:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:520:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ffff	0	ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	3bbf:ff00:28:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::80fb:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c2a:7200:6374:6929:1000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:693a::6127:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c20:722a:6374:6929:800:0:6904:ff	0	3bbf:ff00:40:0:ffff:ff7f:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929:0:fffe:bfff:ff	0	ffff:ff68:0:4000:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:82b:0:f7ef	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:2700:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6904:ff	0	3bbf:ff00:40:27:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::2a:0	0	::6a:ffff:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900:a:400:2a29:3b2a	0	ffbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b1ff:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:3b00:690a:ff	0	3bbf:fb00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374::	0	ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:1000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:2aff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:60:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29:ffff:ffff:ffff:ffff	0	3bbf:ff00:40:9500:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:63:65::8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:fc	0	ffff:0:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6900:0	0	80bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:2129:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2a29:0:690a:ff	0	3bbf:ff00:40:3a:ffef:ff:ffff:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3bbf:ff00:c1:800:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:9265:6300:69:7429:0:690a:ff	0	40:3bff:bf:0:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:ffff:dffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::	0	80:ff00:40:0:1ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:724a:6374:6929::	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:f6	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:0	0	ffff:ff:ffff:ff3a:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6500:0:100:0:8004:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:0:a:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900::2900:0	0	80:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	68.80.95.104	0	109.115.117.0	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	68.80.95.104	0	109.115.117.0	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6374:692b::6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6900:29:0:6914:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:e369:2a29:0:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f728	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	8:1e:400:ff00:0:3200:8004:ff	0	3bff:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:f7fd	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:8ba:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	48bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7365:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ff3a:5600:800:2b00:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:4021:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0:7265:6374:6929:ff:6:27ff:28	0	100:0:143:4f4e:5445:4e54:535f:524c	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	0:7265:6b74:6909::6904:ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::4:ff	0	3bbf:ff00:40:0:ffff:ff48:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:7400:2969:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:0:690a:ff	0	40:3bff:c5:0:ffff:ffff:fdff:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265::6904:2a3a	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:f9ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7261:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:9fd6:ffff:2:800	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:69:7429:8000:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffff:ffff:ffff:ffff::	0	::40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff80:40:400:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::ff00:ff	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:2aff	0	3bbf:ff00:40:21:fffe:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:ffff::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	4f00:7265:6374:6929::6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b1e:8000::6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:1:400:8004:ff	0	3bbf:ff80:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0.255.255.0	0	0.0.0.0	0	ip_hdr_len_zero	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	0.255.255.0	0	0.0.0.0	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:4:0:6904:ff	0	3b1e:400:ff:0:6929:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7200:400:65:6327:fffe:bfff:ff	0	ffff:0:ffff:ff3a:2000:342b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:400:0:4:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::6927:ff	0	3bbf:ffa8:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffdd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:1::69	0	c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:400:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:ffff:ffff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:1001:900:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::8004:ff	0	3bbf:ff00:40:0:40:0:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929::6904:eff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	ffdb:ffff:3b00::ff:ffff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:60:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:ffff:ffff:8004:ff	0	3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:669:7429:0:690a:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::693b:bdff	0	0:4000:ff:ffff:fdff:fff7:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	0.71.103.97	0	99.116.0.128	0	invalid_IP_header_size	-	F	zeek	IP
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300::8004:ff	0	3bbf:ff00:40:ff00:ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7429:0:690a:b1	0	3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:63ce:69:7429:db00:690a:ff	0	3bbf:ff00:40:0:29ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	6500:0:6fd:188:4747:4747:6163:7400	0	0:2c29:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:8000:0:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:6500:72:6369:2900:2a00:690a:ff	0	3bbf:ff00:40:0:ffef:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:2a29::6904:ff	0	29bf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929::6904:ff	0	3b00:40:ffbf:10:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:6929::612f:fb	0	3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6300:2704:0:fffe:bfff:ff	0	ffff:0:ffff:ffc3:2000:82b:0:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:722a:6374:6929:1000:100:6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f728	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:6374:6929:ff:ffff:ff04:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	b100:7265:0:ff00:69:2980:0:69	0	c4ff:bf00:ff00:3b:40ff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	9c00:7265:6374:69d1::6904:ff	0	3bbf:ff00:40:0:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/core.negative-time/weird.log

@@ -1,10 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2019-06-07-01-59-25
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1425182592.408334	-	-	-	-	-	negative_packet_timestamp	-	F	zeek
-#close	2019-06-07-01-59-25
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	-	-	-	-	negative_packet_timestamp	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/core.truncation/output

@@ -1,81 +1,82 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-15
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334160095.895421	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-10-14-19-20-15
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	-	-	-	-	truncated_IP	-	F	zeek	IP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-16
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334156241.519125	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-10-14-19-20-16
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	-	-	-	-	truncated_IP	-	F	zeek	IP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-16
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1334094648.590126	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:4f8:4:7:2e0:81ff:fe52:9a6b	0	truncated_IPv6	-	F	zeek
-#close	2020-10-14-19-20-16
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:4f8:4:7:2e0:81ff:fe52:9a6b	0	truncated_IPv6	-	F	zeek	IP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-17
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1338328954.078361	-	10.0.0.1	0	192.0.43.10	0	internally_truncated_header	-	F	zeek
-1338328954.099743	-	192.0.43.10	0	10.0.0.1	0	internally_truncated_header	-	F	zeek
-#close	2020-10-14-19-20-17
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	10.0.0.1	0	192.0.43.10	0	internally_truncated_header	-	F	zeek	-
+XXXXXXXXXX.XXXXXX	-	192.0.43.10	0	10.0.0.1	0	internally_truncated_header	-	F	zeek	-
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-18
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1404148886.981015	-	-	-	-	-	truncated_ethernet_frame	-	F	zeek
-#close	2020-10-14-19-20-18
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	-	-	-	-	truncated_ethernet_frame	-	F	zeek	ETHERNET
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-19
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1508360735.834163	-	163.253.48.183	0	192.150.187.43	0	invalid_IP_header_size	-	F	zeek
-#close	2020-10-14-19-20-19
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	163.253.48.183	0	192.150.187.43	0	invalid_IP_header_size	-	F	zeek	IP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-19
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1508360735.834163	-	163.253.48.183	0	192.150.187.43	0	internally_truncated_header	-	F	zeek
-#close	2020-10-14-19-20-19
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	163.253.48.183	0	192.150.187.43	0	internally_truncated_header	-	F	zeek	IP
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-10-14-19-20-20
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1500557630.000000	-	0.255.0.255	0	15.254.2.1	0	invalid_IP_header_size_in_tunnel	-	F	zeek
-#close	2020-10-14-19-20-20
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	0.255.0.255	0	15.254.2.1	0	invalid_IP_header_size_in_tunnel	-	F	zeek	IP
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/core.tunnels.ip-in-ip-version/output

@@ -1,20 +1,21 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2019-06-07-02-20-03
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1500557630.000000	-	ff00:0:6929::6904:ff:3bbf	0	ffff:0:69:2900:0:69:400:ff3b	0	invalid_inner_IP_version_in_tunnel	-	F	zeek
-#close	2019-06-07-02-20-03
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	ff00:0:6929::6904:ff:3bbf	0	ffff:0:69:2900:0:69:400:ff3b	0	invalid_inner_IP_version_in_tunnel	-	F	zeek	IPTUNNEL
+#close XXXX-XX-XX-XX-XX-XX
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2019-06-07-02-20-03
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1500557630.000000	-	b100:7265::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek
-#close	2019-06-07-02-20-03
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	b100:7265::6904:2aff	0	3bbf:ff00:40:21:ffff:ffff:fffd:f7ff	0	invalid_inner_IP_version	-	F	zeek	IPTUNNEL
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log

@@ -1,11 +1,12 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-06-17-36-24
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1340127577.341510	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Teredo_bubble_with_payload	-	F	zeek
-1340127577.346849	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Teredo_bubble_with_payload	-	F	zeek
-#close	2020-07-06-17-36-24
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Teredo_bubble_with_payload	-	F	zeek	TEREDO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Teredo_bubble_with_payload	-	F	zeek	TEREDO
+#close XXXX-XX-XX-XX-XX-XX