627 files changed, 20169 insertions, 139 deletions

diff --git a/.appveyor.yml b/.appveyor.yml
index 64a5c882..1fc50c51 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -14,19 +14,17 @@ environment:
     secure: LPjrtFrWxYhOVGXzfPRV1GjtZE/wHoKq9m/PI6hSalfysUK5p2DxTG9uHlb4Q9qV
 install:
   - "pip install --user -U pip setuptools"
-  - "pip install --user --src .. -r requirements.txt"
+  - "pip install --user -r requirements.txt"
   - "python -c \"from OpenSSL import SSL; print(SSL.SSLeay_version(SSL.SSLEAY_VERSION))\""
 test_script:
-  - "py.test -s --cov libmproxy --timeout 30"
+  - "py.test -s --cov-config .coveragerc --timeout 30 ./test/"
 cache:
   - C:\Users\appveyor\AppData\Local\pip\cache
 deploy_script:
   ps: |
     if($Env:APPVEYOR_REPO_BRANCH -match "master") {
-    git clone https://github.com/mitmproxy/release.git ..\release
-    pip install -e ..\release
-    python ..\release\rtool.py bdist
-    python ..\release\rtool.py upload-snapshot --bdist
+    python .\release\rtool.py bdist
+    python .\release\rtool.py upload-snapshot --bdist
     }
 notifications:
 - provider: Slack
diff --git a/.coveragerc b/.coveragerc
index 7b2c1682..627a4110 100644
--- a/.coveragerc
+++ b/.coveragerc
@@ -1,11 +1,11 @@
 [run]
 branch = True
+include = libmproxy netlib libpathod
+omit = *contrib*, *tnetstring*, *platform*, *console*, *main.py
 
 [report]
 show_missing = True
-include = *libmproxy*
 exclude_lines =
     pragma: nocover
     pragma: no cover
     raise NotImplementedError()
-omit = *contrib*, *tnetstring*, *platform*, *console*, *main.py
diff --git a/.env b/.env
index 69ac3f05..a1b8db7f 100644
--- a/.env
+++ b/.env
@@ -1,6 +1,6 @@
 DIR="$( dirname "${BASH_SOURCE[0]}" )"
-ACTIVATE_DIR="$(if [ -f "$DIR/../venv.mitmproxy/bin/activate" ]; then echo 'bin'; else echo 'Scripts'; fi;)"
-if [ -z "$VIRTUAL_ENV" ] && [ -f "$DIR/../venv.mitmproxy/$ACTIVATE_DIR/activate" ]; then
+ACTIVATE_DIR="$(if [ -f "$DIR/venv/bin/activate" ]; then echo 'bin'; else echo 'Scripts'; fi;)"
+if [ -z "$VIRTUAL_ENV" ] && [ -f "$DIR/venv/$ACTIVATE_DIR/activate" ]; then
     echo "Activating mitmproxy virtualenv..."
-    source "$DIR/../venv.mitmproxy/$ACTIVATE_DIR/activate"
+    source "$DIR/venv/$ACTIVATE_DIR/activate"
 fi
diff --git a/.gitattributes b/.gitattributes
index 8984c4bd..53ec8dff 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1,2 @@
-libmproxy/web/static/**/* -diff
-web/src/js/filt/filt.js -diff
\ No newline at end of file
+mitmproxy/libmproxy/web/static/**/* -diff
+mitmproxy/web/src/js/filt/filt.js -diff
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index fc63a7ca..da02b73e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,28 +1,19 @@
 .DS_Store
 MANIFEST
-/build
-/dist
-/tmp
-/doc
+*/build
+*/dist
+*/tmp
 /venv
-/libmproxy/gui
-/release/build
 *.py[cdo]
 *.swp
 *.swo
-mitmproxy.egg-info/
-mitmproxyc
-mitmdumpc
+*.egg-info/
 .coverage
 .idea
-netlib
-pathod
-libpathod
 .cache/
 
 # UI
 
 node_modules
 bower_components
-*.compiled.js
 *.map
diff --git a/.landscape.yml b/.landscape.yml
index 9dfa62b0..2f7b85e1 100644
--- a/.landscape.yml
+++ b/.landscape.yml
@@ -1,8 +1,8 @@
 ignore-paths:
-  - docs
-  - examples
-  - libmproxy/contrib
-  - web
+  - mitmproxy/docs
+  - mitmproxy/examples
+  - mitmproxy/libmproxy/contrib
+  - mitmproxy/web
 max-line-length: 140
 pylint:
   options:
diff --git a/.travis.yml b/.travis.yml
index f32a58c1..fd1e3791 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,37 +1,31 @@
 sudo: false
 language: python
 
+addons:
+  apt:
+    sources:
+      # Debian sid currently holds OpenSSL 1.0.2
+      # change this with future releases!
+      - debian-sid
+    packages:
+      - libssl-dev
+
 matrix:
   fast_finish: true
   include:
     - python: 2.7
     - python: 2.7
-      env: OPENSSL=1.0.2
-      addons:
-        apt:
-          sources:
-            # Debian sid currently holds OpenSSL 1.0.2
-            # change this with future releases!
-            - debian-sid
-          packages:
-            - libssl-dev
-    - python: pypy
-    - python: pypy
-      env: OPENSSL=1.0.2
-      addons:
-        apt:
-          sources:
-            # Debian sid currently holds OpenSSL 1.0.2
-            # change this with future releases!
-            - debian-sid
-          packages:
-            - libssl-dev
+      env: NO_ALPN=1
     - language: generic
       os: osx
       osx_image: xcode7.1
+    - python: 3.5
+      env: SCOPE="netlib"
+    - python: 3.5
+      env: SCOPE="netlib" NO_ALPN=1
     - python: 2.7
       env: DOCS=1
-      script: 'cd docs && make html'
+      script: 'cd mitmproxy/docs && make html'
   allow_failures:
     - python: pypy
 
@@ -43,37 +37,23 @@ install:
       brew outdated openssl || brew upgrade openssl
       brew install python
     fi
-  - |
-      if [ "$TRAVIS_PYTHON_VERSION" = "pypy" ]; then
-        export PYENV_ROOT="$HOME/.pyenv"
-        if [ -f "$PYENV_ROOT/bin/pyenv" ]; then
-          pushd "$PYENV_ROOT" && git pull && popd
-        else
-          rm -rf "$PYENV_ROOT" && git clone --depth 1 https://github.com/yyuu/pyenv.git "$PYENV_ROOT"
-        fi
-        export PYPY_VERSION="4.0.1"
-        "$PYENV_ROOT/bin/pyenv" install --skip-existing "pypy-$PYPY_VERSION"
-        virtualenv --python="$PYENV_ROOT/versions/pypy-$PYPY_VERSION/bin/python" "$HOME/virtualenvs/pypy-$PYPY_VERSION"
-        source "$HOME/virtualenvs/pypy-$PYPY_VERSION/bin/activate"
-      fi
   - "pip install -U pip setuptools"
-  - "pip install --src .. -r requirements.txt"
+  - "pip install -r requirements.txt"
 
 before_script:
   - "openssl version -a"
 
 script:
-  - "py.test -s --cov libmproxy --timeout 30"
+  - "py.test -s --cov-config .coveragerc --timeout 30 ./test/$SCOPE"
 
 after_success:
   - coveralls
   - |
     if [[ $TRAVIS_OS_NAME == "osx" && $TRAVIS_BRANCH == "master" && $TRAVIS_PULL_REQUEST == "false" ]]
     then
-        git clone -q https://github.com/mitmproxy/release.git ../release
-        pip install -e ../release
-        python ../release/rtool.py bdist
-        python ../release/rtool.py upload-snapshot --sdist --bdist --wheel
+        pip install -e ./release
+        python ./release/rtool.py bdist
+        python ./release/rtool.py upload-snapshot --sdist --bdist --wheel
     fi
 
 notifications:
diff --git a/README.rst b/README.rst
index e8b3c84a..54bf80ff 100644
--- a/README.rst
+++ b/README.rst
@@ -1,45 +1,32 @@
-|travis| |coveralls| |downloads| |latest-release| |python-versions|
+mitmproxy
+^^^^^^^^^
 
-``mitmproxy`` is an interactive, SSL-capable man-in-the-middle proxy for HTTP
-with a console interface.
+|travis| |coveralls| |downloads| |latest_release| |python_versions|
+
+This repository contains the **mitmproxy** and **pathod** projects, as well as their shared networking library, **netlib**.
+
+``mitmproxy`` is an interactive, SSL-capable intercepting proxy with a console interface.
 
 ``mitmdump`` is the command-line version of mitmproxy. Think tcpdump for HTTP.
 
-``libmproxy`` is the library that mitmproxy and mitmdump are built on.
+``pathoc`` and ``pathod`` are perverse HTTP client and server applications designed to let you craft almost any conceivable HTTP request, including ones that creatively violate the standards.
+
 
 Documentation & Help
 --------------------
 
-Documentation, tutorials and distribution packages can be found on the
-mitmproxy website.
+Documentation, tutorials and precompiled binaries can be found on the mitmproxy and pathod websites.
 
-|site|
+|mitmproxy_site| |pathod_site|
 
-Installation Instructions are available in the docs.
+The latest documentation for mitmproxy is also available on ReadTheDocs.
 
-|docs|
+|mitmproxy_docs|
 
 You can join our developer chat on Slack.
 
 |slack|
 
-Features
---------
-
-- Intercept HTTP requests and responses and modify them on the fly.
-- Save complete HTTP conversations for later replay and analysis.
-- Replay the client-side of an HTTP conversations.
-- Replay HTTP responses of a previously recorded server.
-- Reverse proxy mode to forward traffic to a specified server.
-- Transparent proxy mode on OSX and Linux.
-- Make scripted changes to HTTP traffic using Python.
-- SSL certificates for interception are generated on the fly.
-- And much, much more.
-
-``mitmproxy`` is tested and developed on OSX, Linux and OpenBSD.
-On Windows, only mitmdump is supported, which does not have a graphical user interface.
-
-
 
 Hacking
 -------
@@ -51,28 +38,25 @@ Then do the following:
 .. code-block:: text
 
     git clone https://github.com/mitmproxy/mitmproxy.git
-    git clone https://github.com/mitmproxy/netlib.git
-    git clone https://github.com/mitmproxy/pathod.git
     cd mitmproxy
     ./dev
 
 
-The *dev* script will create a virtualenv environment in a directory called
-"venv.mitmproxy", and install all of mitmproxy's development requirements, plus
-all optional modules. The primary mitmproxy components - mitmproxy, netlib and
-pathod - are all installed "editable", so any changes to the source in the git
-checkouts will be reflected live in the virtualenv.
+The *dev* script will create a virtualenv environment in a directory called "venv",
+and install all mandatory and optional dependencies into it.
+The primary mitmproxy components - mitmproxy, netlib and pathod - are installed as "editable",
+so any changes to the source in the repository will be reflected live in the virtualenv.
 
 To confirm that you're up and running, activate the virtualenv, and run the
 mitmproxy test suite:
 
 .. code-block:: text
 
-    . ../venv.mitmproxy/bin/activate # ..\venv.mitmproxy\Scripts\activate.bat on Windows
-    py.test -n 4 --cov libmproxy
+    . venv/bin/activate # venv\Scripts\activate.bat on Windows
+    py.test --cov-config .coveragerc test
 
-Note that the main executables for the project - ``mitmdump``, ``mitmproxy`` and
-``mitmweb`` - are all created within the virtualenv. After activating the
+Note that the main executables for the project - ``mitmdump``, ``mitmproxy``,
+``mitmweb``, ``pathod``, and ``pathoc`` - are all created within the virtualenv. After activating the
 virtualenv, they will be on your $PATH, and you can run them like any other
 command:
 
@@ -92,10 +76,10 @@ requirements installed, and you can simply run the test suite:
 
 .. code-block:: text
 
-    py.test -n 4 --cov libmproxy
+    py.test --cov-config .coveragerc test
 
 Please ensure that all patches are accompanied by matching changes in the test
-suite. The project maintains 100% test coverage.
+suite. The project tries to maintain 100% test coverage.
 
 
 Docs
@@ -116,35 +100,39 @@ The last command invokes `sphinx-autobuild`_, which watches the Sphinx directory
 the documentation when a change is detected.
 
 
-.. |site| image:: https://img.shields.io/badge/https%3A%2F%2F-mitmproxy.org-blue.svg
+.. |mitmproxy_site| image:: https://shields.mitmproxy.org/badge/https%3A%2F%2F-mitmproxy.org-blue.svg
     :target: https://mitmproxy.org/
     :alt: mitmproxy.org
 
-.. |docs| image:: https://readthedocs.org/projects/mitmproxy/badge/
+.. |pathod_site| image:: https://shields.mitmproxy.org/badge/https%3A%2F%2F-pathod.net-blue.svg
+    :target: https://pathod.net/
+    :alt: pathod.net
+
+.. |mitmproxy_docs| image:: https://readthedocs.org/projects/mitmproxy/badge/
     :target: http://docs.mitmproxy.org/en/latest/
-    :alt: Documentation
+    :alt: mitmproxy documentation
 
 .. |slack| image:: http://slack.mitmproxy.org/badge.svg
     :target: http://slack.mitmproxy.org/
     :alt: Slack Developer Chat
 
-.. |travis| image:: https://img.shields.io/travis/mitmproxy/mitmproxy/master.svg
+.. |travis| image:: https://shields.mitmproxy.org/travis/mitmproxy/mitmproxy/master.svg
     :target: https://travis-ci.org/mitmproxy/mitmproxy
     :alt: Build Status
 
-.. |coveralls| image:: https://img.shields.io/coveralls/mitmproxy/mitmproxy/master.svg
+.. |coveralls| image:: https://shields.mitmproxy.org/coveralls/mitmproxy/mitmproxy/master.svg
     :target: https://coveralls.io/r/mitmproxy/mitmproxy
     :alt: Coverage Status
 
-.. |downloads| image:: https://img.shields.io/pypi/dm/mitmproxy.svg?color=orange
+.. |downloads| image:: https://shields.mitmproxy.org/pypi/dm/mitmproxy.svg?color=orange
     :target: https://pypi.python.org/pypi/mitmproxy
     :alt: Downloads
 
-.. |latest-release| image:: https://img.shields.io/pypi/v/mitmproxy.svg
+.. |latest_release| image:: https://shields.mitmproxy.org/pypi/v/mitmproxy.svg
     :target: https://pypi.python.org/pypi/mitmproxy
     :alt: Latest Version
 
-.. |python-versions| image:: https://img.shields.io/pypi/pyversions/mitmproxy.svg
+.. |python_versions| image:: https://shields.mitmproxy.org/pypi/pyversions/mitmproxy.svg
     :target: https://pypi.python.org/pypi/mitmproxy
     :alt: Supported Python versions
 
diff --git a/dev.bat b/dev.bat
index 68b584b7..d979c73b 100644
--- a/dev.bat
+++ b/dev.bat
@@ -1,11 +1,11 @@
 @echo off
-set VENV=..\venv.mitmproxy
+set VENV=.\venv
 
 virtualenv %VENV% --always-copy
 if %errorlevel% neq 0 exit /b %errorlevel%
 call %VENV%\Scripts\activate.bat
 if %errorlevel% neq 0 exit /b %errorlevel%
-pip install --src .. -r requirements.txt
+pip install -r requirements.txt
 if %errorlevel% neq 0 exit /b %errorlevel%
 
 echo.
diff --git a/dev b/dev.sh
index fe1a619b..dfb31a55 100755..100644
--- a/dev
+++ b/dev.sh
@@ -1,10 +1,10 @@
 #!/bin/bash
 set -e
-VENV=../venv.mitmproxy
+VENV=./venv
 
 python -m virtualenv $VENV --always-copy
 . $VENV/bin/activate
-pip install --src .. -r requirements.txt
+pip install -r requirements.txt
 
 echo ""
 echo "* Created virtualenv environment in $VENV."
diff --git a/.dockerignore b/mitmproxy/.dockerignore
index 6b8710a7..6b8710a7 100644
--- a/.dockerignore
+++ b/mitmproxy/.dockerignore
diff --git a/CHANGELOG b/mitmproxy/CHANGELOG
index c4cd0da9..c4cd0da9 100644
--- a/CHANGELOG
+++ b/mitmproxy/CHANGELOG
diff --git a/Dockerfile b/mitmproxy/Dockerfile
index a689ed5e..a689ed5e 100644
--- a/Dockerfile
+++ b/mitmproxy/Dockerfile
diff --git a/MANIFEST.in b/mitmproxy/MANIFEST.in
index bd612fd2..bd612fd2 100644
--- a/MANIFEST.in
+++ b/mitmproxy/MANIFEST.in
diff --git a/mitmproxy/README.rst b/mitmproxy/README.rst
new file mode 100644
index 00000000..12658fa8
--- /dev/null
+++ b/mitmproxy/README.rst
@@ -0,0 +1,73 @@
+|travis| |coveralls| |downloads| |latest_release| |python_versions|
+
+``mitmproxy`` is an interactive, SSL/TLS-capable man-in-the-middle proxy for HTTP
+with a console interface.
+
+``mitmdump`` is the command-line version of mitmproxy. Think tcpdump for HTTP.
+
+
+Features
+--------
+
+- Intercept HTTP requests and responses and modify them on the fly.
+- Save complete HTTP conversations for later replay and analysis.
+- Replay the client-side of an HTTP conversations.
+- Replay HTTP responses of a previously recorded server.
+- Reverse proxy mode to forward traffic to a specified server.
+- Transparent proxy mode on OSX and Linux.
+- Make scripted changes to HTTP traffic using Python.
+- SSL/TLS certificates for interception are generated on the fly.
+- And much, much more.
+
+``mitmproxy`` is tested and developed on Mac OSX and Linux.
+On Windows, only mitmdump is supported, which does not have a graphical user interface.
+
+
+Documentation & Help
+--------------------
+
+Documentation, tutorials and distribution packages can be found on the
+mitmproxy website.
+
+|mitmproxy_site|
+
+Installation Instructions are available in the documentation.
+
+|mitmproxy_docs|
+
+You can join our developer chat on Slack.
+
+|slack|
+
+
+.. |mitmproxy_site| image:: https://shields.mitmproxy.org/badge/https%3A%2F%2F-mitmproxy.org-blue.svg
+    :target: https://mitmproxy.org/
+    :alt: mitmproxy.org
+
+.. |mitmproxy_docs| image:: https://readthedocs.org/projects/mitmproxy/badge/
+    :target: http://docs.mitmproxy.org/en/latest/
+    :alt: mitmproxy documentation
+
+.. |slack| image:: http://slack.mitmproxy.org/badge.svg
+    :target: http://slack.mitmproxy.org/
+    :alt: Slack Developer Chat
+
+.. |travis| image:: https://shields.mitmproxy.org/travis/mitmproxy/mitmproxy/master.svg
+    :target: https://travis-ci.org/mitmproxy/mitmproxy
+    :alt: Build Status
+
+.. |coveralls| image:: https://shields.mitmproxy.org/coveralls/mitmproxy/mitmproxy/master.svg
+    :target: https://coveralls.io/r/mitmproxy/mitmproxy
+    :alt: Coverage Status
+
+.. |downloads| image:: https://shields.mitmproxy.org/pypi/dm/mitmproxy.svg?color=orange
+    :target: https://pypi.python.org/pypi/mitmproxy
+    :alt: Downloads
+
+.. |latest_release| image:: https://shields.mitmproxy.org/pypi/v/mitmproxy.svg
+    :target: https://pypi.python.org/pypi/mitmproxy
+    :alt: Latest Version
+
+.. |python_versions| image:: https://shields.mitmproxy.org/pypi/pyversions/mitmproxy.svg
+    :target: https://pypi.python.org/pypi/mitmproxy
+    :alt: Supported Python versions
diff --git a/docs/.gitignore b/mitmproxy/docs/.gitignore
index 69fa449d..69fa449d 100644
--- a/docs/.gitignore
+++ b/mitmproxy/docs/.gitignore
diff --git a/docs/Makefile b/mitmproxy/docs/Makefile
index 99264d90..99264d90 100644
--- a/docs/Makefile
+++ b/mitmproxy/docs/Makefile
diff --git a/docs/_templates/page.html b/mitmproxy/docs/_templates/page.html
index 8002396a..8002396a 100644
--- a/docs/_templates/page.html
+++ b/mitmproxy/docs/_templates/page.html
diff --git a/docs/certinstall-webapp.png b/mitmproxy/docs/certinstall-webapp.png
index 10e795cd..10e795cd 100644
--- a/docs/certinstall-webapp.png
+++ b/mitmproxy/docs/certinstall-webapp.png
diff --git a/docs/certinstall.rst b/mitmproxy/docs/certinstall.rst
index 5a8cce64..5a8cce64 100644
--- a/docs/certinstall.rst
+++ b/mitmproxy/docs/certinstall.rst
diff --git a/docs/conf.py b/mitmproxy/docs/conf.py
index 3ea38e48..3ea38e48 100644
--- a/docs/conf.py
+++ b/mitmproxy/docs/conf.py
diff --git a/docs/config.rst b/mitmproxy/docs/config.rst
index 634b8703..634b8703 100644
--- a/docs/config.rst
+++ b/mitmproxy/docs/config.rst
diff --git a/docs/custom-routing.txt b/mitmproxy/docs/custom-routing.txt
index 2ba2281f..2ba2281f 100644
--- a/docs/custom-routing.txt
+++ b/mitmproxy/docs/custom-routing.txt
diff --git a/docs/dev/addingviews.html b/mitmproxy/docs/dev/addingviews.html
index 12623a31..12623a31 100644
--- a/docs/dev/addingviews.html
+++ b/mitmproxy/docs/dev/addingviews.html
diff --git a/docs/dev/architecture.rst b/mitmproxy/docs/dev/architecture.rst
index e7995141..e7995141 100644
--- a/docs/dev/architecture.rst
+++ b/mitmproxy/docs/dev/architecture.rst
diff --git a/docs/dev/exceptions.rst b/mitmproxy/docs/dev/exceptions.rst
index dab10e74..dab10e74 100644
--- a/docs/dev/exceptions.rst
+++ b/mitmproxy/docs/dev/exceptions.rst
diff --git a/docs/dev/models.rst b/mitmproxy/docs/dev/models.rst
index b09c8bae..b09c8bae 100644
--- a/docs/dev/models.rst
+++ b/mitmproxy/docs/dev/models.rst
diff --git a/docs/dev/protocols.rst b/mitmproxy/docs/dev/protocols.rst
index 1f8cca9a..1f8cca9a 100644
--- a/docs/dev/protocols.rst
+++ b/mitmproxy/docs/dev/protocols.rst
diff --git a/docs/dev/proxy.rst b/mitmproxy/docs/dev/proxy.rst
index dbd6fe67..dbd6fe67 100644
--- a/docs/dev/proxy.rst
+++ b/mitmproxy/docs/dev/proxy.rst
diff --git a/docs/dev/sslkeylogfile.rst b/mitmproxy/docs/dev/sslkeylogfile.rst
index 04b86cc4..04b86cc4 100644
--- a/docs/dev/sslkeylogfile.rst
+++ b/mitmproxy/docs/dev/sslkeylogfile.rst
diff --git a/docs/dev/testing.rst b/mitmproxy/docs/dev/testing.rst
index d7554954..d7554954 100644
--- a/docs/dev/testing.rst
+++ b/mitmproxy/docs/dev/testing.rst
diff --git a/docs/favicon.ico b/mitmproxy/docs/favicon.ico
index 3c3b891c..3c3b891c 100644
--- a/docs/favicon.ico
+++ b/mitmproxy/docs/favicon.ico
diff --git a/docs/features/anticache.rst b/mitmproxy/docs/features/anticache.rst
index 65d22bab..65d22bab 100644
--- a/docs/features/anticache.rst
+++ b/mitmproxy/docs/features/anticache.rst
diff --git a/docs/features/clientreplay.rst b/mitmproxy/docs/features/clientreplay.rst
index b0eb6792..b0eb6792 100644
--- a/docs/features/clientreplay.rst
+++ b/mitmproxy/docs/features/clientreplay.rst
diff --git a/docs/features/filters.rst b/mitmproxy/docs/features/filters.rst
index 2adcfb70..2adcfb70 100644
--- a/docs/features/filters.rst
+++ b/mitmproxy/docs/features/filters.rst
diff --git a/docs/features/passthrough.rst b/mitmproxy/docs/features/passthrough.rst
index b7b5df84..b7b5df84 100644
--- a/docs/features/passthrough.rst
+++ b/mitmproxy/docs/features/passthrough.rst
diff --git a/docs/features/proxyauth.rst b/mitmproxy/docs/features/proxyauth.rst
index bfd32fbd..bfd32fbd 100644
--- a/docs/features/proxyauth.rst
+++ b/mitmproxy/docs/features/proxyauth.rst
diff --git a/docs/features/replacements.rst b/mitmproxy/docs/features/replacements.rst
index 8f760866..8f760866 100644
--- a/docs/features/replacements.rst
+++ b/mitmproxy/docs/features/replacements.rst
diff --git a/docs/features/responsestreaming.rst b/mitmproxy/docs/features/responsestreaming.rst
index 8975c1f8..8975c1f8 100644
--- a/docs/features/responsestreaming.rst
+++ b/mitmproxy/docs/features/responsestreaming.rst
diff --git a/docs/features/reverseproxy.rst b/mitmproxy/docs/features/reverseproxy.rst
index 87065e73..87065e73 100644
--- a/docs/features/reverseproxy.rst
+++ b/mitmproxy/docs/features/reverseproxy.rst
diff --git a/docs/features/serverreplay.rst b/mitmproxy/docs/features/serverreplay.rst
index 261a1bd6..261a1bd6 100644
--- a/docs/features/serverreplay.rst
+++ b/mitmproxy/docs/features/serverreplay.rst
diff --git a/docs/features/setheaders.rst b/mitmproxy/docs/features/setheaders.rst
index cbc8b6a5..cbc8b6a5 100644
--- a/docs/features/setheaders.rst
+++ b/mitmproxy/docs/features/setheaders.rst
diff --git a/docs/features/socksproxy.rst b/mitmproxy/docs/features/socksproxy.rst
index 76d4cda9..76d4cda9 100644
--- a/docs/features/socksproxy.rst
+++ b/mitmproxy/docs/features/socksproxy.rst
diff --git a/docs/features/sticky.rst b/mitmproxy/docs/features/sticky.rst
index a79cbe8d..a79cbe8d 100644
--- a/docs/features/sticky.rst
+++ b/mitmproxy/docs/features/sticky.rst
diff --git a/docs/features/tcpproxy.rst b/mitmproxy/docs/features/tcpproxy.rst
index fd0746a2..fd0746a2 100644
--- a/docs/features/tcpproxy.rst
+++ b/mitmproxy/docs/features/tcpproxy.rst
diff --git a/docs/features/upstreamcerts.rst b/mitmproxy/docs/features/upstreamcerts.rst
index af2e2226..af2e2226 100644
--- a/docs/features/upstreamcerts.rst
+++ b/mitmproxy/docs/features/upstreamcerts.rst
diff --git a/docs/features/upstreamproxy.rst b/mitmproxy/docs/features/upstreamproxy.rst
index e06833c2..e06833c2 100644
--- a/docs/features/upstreamproxy.rst
+++ b/mitmproxy/docs/features/upstreamproxy.rst
diff --git a/docs/howmitmproxy.rst b/mitmproxy/docs/howmitmproxy.rst
index 7dcb4c30..7dcb4c30 100644
--- a/docs/howmitmproxy.rst
+++ b/mitmproxy/docs/howmitmproxy.rst
diff --git a/docs/index.rst b/mitmproxy/docs/index.rst
index 30fb4027..30fb4027 100644
--- a/docs/index.rst
+++ b/mitmproxy/docs/index.rst
diff --git a/docs/install.rst b/mitmproxy/docs/install.rst
index 3300807b..3300807b 100644
--- a/docs/install.rst
+++ b/mitmproxy/docs/install.rst
diff --git a/docs/introduction.rst b/mitmproxy/docs/introduction.rst
index c8593daf..c8593daf 100644
--- a/docs/introduction.rst
+++ b/mitmproxy/docs/introduction.rst
diff --git a/docs/mitmdump.rst b/mitmproxy/docs/mitmdump.rst
index d9b4a26b..d9b4a26b 100644
--- a/docs/mitmdump.rst
+++ b/mitmproxy/docs/mitmdump.rst
diff --git a/docs/mitmproxy-docs.png b/mitmproxy/docs/mitmproxy-docs.png
index 273fb8db..273fb8db 100644
--- a/docs/mitmproxy-docs.png
+++ b/mitmproxy/docs/mitmproxy-docs.png
diff --git a/docs/mitmproxy-long.png b/mitmproxy/docs/mitmproxy-long.png
index f9397d1e..f9397d1e 100644
--- a/docs/mitmproxy-long.png
+++ b/mitmproxy/docs/mitmproxy-long.png
diff --git a/docs/mitmproxy.rst b/mitmproxy/docs/mitmproxy.rst
index fa3b57c7..fa3b57c7 100644
--- a/docs/mitmproxy.rst
+++ b/mitmproxy/docs/mitmproxy.rst
diff --git a/docs/modes.rst b/mitmproxy/docs/modes.rst
index 2c87b2a3..2c87b2a3 100644
--- a/docs/modes.rst
+++ b/mitmproxy/docs/modes.rst
diff --git a/docs/schematics/_explicit.graffle/data.plist b/mitmproxy/docs/schematics/_explicit.graffle/data.plist
index bc5ef104..bc5ef104 100644
--- a/docs/schematics/_explicit.graffle/data.plist
+++ b/mitmproxy/docs/schematics/_explicit.graffle/data.plist
diff --git a/docs/schematics/_explicit.graffle/image3.icns b/mitmproxy/docs/schematics/_explicit.graffle/image3.icns
index 964df4b8..964df4b8 100644
--- a/docs/schematics/_explicit.graffle/image3.icns
+++ b/mitmproxy/docs/schematics/_explicit.graffle/image3.icns
diff --git a/docs/schematics/_explicit.graffle/image6.tiff b/mitmproxy/docs/schematics/_explicit.graffle/image6.tiff
index bd6ed534..bd6ed534 100644
--- a/docs/schematics/_explicit.graffle/image6.tiff
+++ b/mitmproxy/docs/schematics/_explicit.graffle/image6.tiff
diff --git a/docs/schematics/_explicit_https.graffle/data.plist b/mitmproxy/docs/schematics/_explicit_https.graffle/data.plist
index 306630a0..306630a0 100644
--- a/docs/schematics/_explicit_https.graffle/data.plist
+++ b/mitmproxy/docs/schematics/_explicit_https.graffle/data.plist
diff --git a/docs/schematics/_explicit_https.graffle/image3.icns b/mitmproxy/docs/schematics/_explicit_https.graffle/image3.icns
index 964df4b8..964df4b8 100644
--- a/docs/schematics/_explicit_https.graffle/image3.icns
+++ b/mitmproxy/docs/schematics/_explicit_https.graffle/image3.icns
diff --git a/docs/schematics/_explicit_https.graffle/image6.tiff b/mitmproxy/docs/schematics/_explicit_https.graffle/image6.tiff
index bd6ed534..bd6ed534 100644
--- a/docs/schematics/_explicit_https.graffle/image6.tiff
+++ b/mitmproxy/docs/schematics/_explicit_https.graffle/image6.tiff
diff --git a/docs/schematics/_transparent.graffle/data.plist b/mitmproxy/docs/schematics/_transparent.graffle/data.plist
index 722b4a44..722b4a44 100644
--- a/docs/schematics/_transparent.graffle/data.plist
+++ b/mitmproxy/docs/schematics/_transparent.graffle/data.plist
diff --git a/docs/schematics/_transparent.graffle/image3.icns b/mitmproxy/docs/schematics/_transparent.graffle/image3.icns
index 964df4b8..964df4b8 100644
--- a/docs/schematics/_transparent.graffle/image3.icns
+++ b/mitmproxy/docs/schematics/_transparent.graffle/image3.icns
diff --git a/docs/schematics/_transparent.graffle/image6.tiff b/mitmproxy/docs/schematics/_transparent.graffle/image6.tiff
index bd6ed534..bd6ed534 100644
--- a/docs/schematics/_transparent.graffle/image6.tiff
+++ b/mitmproxy/docs/schematics/_transparent.graffle/image6.tiff
diff --git a/docs/schematics/_transparent_https.graffle/data.plist b/mitmproxy/docs/schematics/_transparent_https.graffle/data.plist
index 9c1395d7..9c1395d7 100644
--- a/docs/schematics/_transparent_https.graffle/data.plist
+++ b/mitmproxy/docs/schematics/_transparent_https.graffle/data.plist
diff --git a/docs/schematics/_transparent_https.graffle/image3.icns b/mitmproxy/docs/schematics/_transparent_https.graffle/image3.icns
index 964df4b8..964df4b8 100644
--- a/docs/schematics/_transparent_https.graffle/image3.icns
+++ b/mitmproxy/docs/schematics/_transparent_https.graffle/image3.icns
diff --git a/docs/schematics/_transparent_https.graffle/image6.tiff b/mitmproxy/docs/schematics/_transparent_https.graffle/image6.tiff
index bd6ed534..bd6ed534 100644
--- a/docs/schematics/_transparent_https.graffle/image6.tiff
+++ b/mitmproxy/docs/schematics/_transparent_https.graffle/image6.tiff
diff --git a/docs/schematics/architecture.pdf b/mitmproxy/docs/schematics/architecture.pdf
index 77f5ad58..77f5ad58 100644
--- a/docs/schematics/architecture.pdf
+++ b/mitmproxy/docs/schematics/architecture.pdf
diff --git a/docs/schematics/architecture.png b/mitmproxy/docs/schematics/architecture.png
index 67d6c718..67d6c718 100644
--- a/docs/schematics/architecture.png
+++ b/mitmproxy/docs/schematics/architecture.png
diff --git a/docs/schematics/architecture.vsdx b/mitmproxy/docs/schematics/architecture.vsdx
index c4ff13d2..c4ff13d2 100644
--- a/docs/schematics/architecture.vsdx
+++ b/mitmproxy/docs/schematics/architecture.vsdx
diff --git a/docs/schematics/how-mitmproxy-works-explicit-https.png b/mitmproxy/docs/schematics/how-mitmproxy-works-explicit-https.png
index 1f1ca023..1f1ca023 100644
--- a/docs/schematics/how-mitmproxy-works-explicit-https.png
+++ b/mitmproxy/docs/schematics/how-mitmproxy-works-explicit-https.png
diff --git a/docs/schematics/how-mitmproxy-works-explicit.png b/mitmproxy/docs/schematics/how-mitmproxy-works-explicit.png
index c9ba26a7..c9ba26a7 100644
--- a/docs/schematics/how-mitmproxy-works-explicit.png
+++ b/mitmproxy/docs/schematics/how-mitmproxy-works-explicit.png
diff --git a/docs/schematics/how-mitmproxy-works-transparent-https.png b/mitmproxy/docs/schematics/how-mitmproxy-works-transparent-https.png
index 559cddd2..559cddd2 100644
--- a/docs/schematics/how-mitmproxy-works-transparent-https.png
+++ b/mitmproxy/docs/schematics/how-mitmproxy-works-transparent-https.png
diff --git a/docs/schematics/how-mitmproxy-works-transparent.png b/mitmproxy/docs/schematics/how-mitmproxy-works-transparent.png
index 3994d681..3994d681 100644
--- a/docs/schematics/how-mitmproxy-works-transparent.png
+++ b/mitmproxy/docs/schematics/how-mitmproxy-works-transparent.png
diff --git a/docs/schematics/proxy-modes-flowchart.png b/mitmproxy/docs/schematics/proxy-modes-flowchart.png
index e9568dac..e9568dac 100644
--- a/docs/schematics/proxy-modes-flowchart.png
+++ b/mitmproxy/docs/schematics/proxy-modes-flowchart.png
diff --git a/docs/schematics/proxy-modes-regular.png b/mitmproxy/docs/schematics/proxy-modes-regular.png
index 95bada08..95bada08 100644
--- a/docs/schematics/proxy-modes-regular.png
+++ b/mitmproxy/docs/schematics/proxy-modes-regular.png
diff --git a/docs/schematics/proxy-modes-reverse.png b/mitmproxy/docs/schematics/proxy-modes-reverse.png
index 071d3fc8..071d3fc8 100644
--- a/docs/schematics/proxy-modes-reverse.png
+++ b/mitmproxy/docs/schematics/proxy-modes-reverse.png
diff --git a/docs/schematics/proxy-modes-transparent-1.png b/mitmproxy/docs/schematics/proxy-modes-transparent-1.png
index 002e0e76..002e0e76 100644
--- a/docs/schematics/proxy-modes-transparent-1.png
+++ b/mitmproxy/docs/schematics/proxy-modes-transparent-1.png
diff --git a/docs/schematics/proxy-modes-transparent-2.png b/mitmproxy/docs/schematics/proxy-modes-transparent-2.png
index 41997b05..41997b05 100644
--- a/docs/schematics/proxy-modes-transparent-2.png
+++ b/mitmproxy/docs/schematics/proxy-modes-transparent-2.png
diff --git a/docs/schematics/proxy-modes-transparent-3.png b/mitmproxy/docs/schematics/proxy-modes-transparent-3.png
index ee26cb4f..ee26cb4f 100644
--- a/docs/schematics/proxy-modes-transparent-3.png
+++ b/mitmproxy/docs/schematics/proxy-modes-transparent-3.png
diff --git a/docs/schematics/proxy-modes-transparent-wrong.png b/mitmproxy/docs/schematics/proxy-modes-transparent-wrong.png
index ca501e93..ca501e93 100644
--- a/docs/schematics/proxy-modes-transparent-wrong.png
+++ b/mitmproxy/docs/schematics/proxy-modes-transparent-wrong.png
diff --git a/docs/schematics/proxy-modes-upstream.png b/mitmproxy/docs/schematics/proxy-modes-upstream.png
index d40a6494..d40a6494 100644
--- a/docs/schematics/proxy-modes-upstream.png
+++ b/mitmproxy/docs/schematics/proxy-modes-upstream.png
diff --git a/docs/schematics/proxy-modes.pdf b/mitmproxy/docs/schematics/proxy-modes.pdf
index f07ea05e..f07ea05e 100644
--- a/docs/schematics/proxy-modes.pdf
+++ b/mitmproxy/docs/schematics/proxy-modes.pdf
diff --git a/docs/schematics/proxy-modes.vsdx b/mitmproxy/docs/schematics/proxy-modes.vsdx
index 0128a142..0128a142 100644
--- a/docs/schematics/proxy-modes.vsdx
+++ b/mitmproxy/docs/schematics/proxy-modes.vsdx
diff --git a/docs/screenshots/firefox3-import.jpg b/mitmproxy/docs/screenshots/firefox3-import.jpg
index 47fcd672..47fcd672 100644
--- a/docs/screenshots/firefox3-import.jpg
+++ b/mitmproxy/docs/screenshots/firefox3-import.jpg
diff --git a/docs/screenshots/firefox3-trust.jpg b/mitmproxy/docs/screenshots/firefox3-trust.jpg
index 50a2f341..50a2f341 100644
--- a/docs/screenshots/firefox3-trust.jpg
+++ b/mitmproxy/docs/screenshots/firefox3-trust.jpg
diff --git a/docs/screenshots/firefox3.jpg b/mitmproxy/docs/screenshots/firefox3.jpg
index 6c4613b6..6c4613b6 100644
--- a/docs/screenshots/firefox3.jpg
+++ b/mitmproxy/docs/screenshots/firefox3.jpg
diff --git a/docs/screenshots/ios-gateway.png b/mitmproxy/docs/screenshots/ios-gateway.png
index 2489cba3..2489cba3 100644
--- a/docs/screenshots/ios-gateway.png
+++ b/mitmproxy/docs/screenshots/ios-gateway.png
diff --git a/docs/screenshots/ios-installed.png b/mitmproxy/docs/screenshots/ios-installed.png
index 2071e441..2071e441 100644
--- a/docs/screenshots/ios-installed.png
+++ b/mitmproxy/docs/screenshots/ios-installed.png
diff --git a/docs/screenshots/ios-manual.png b/mitmproxy/docs/screenshots/ios-manual.png
index 3977acfe..3977acfe 100644
--- a/docs/screenshots/ios-manual.png
+++ b/mitmproxy/docs/screenshots/ios-manual.png
diff --git a/docs/screenshots/ios-profile.png b/mitmproxy/docs/screenshots/ios-profile.png
index 5bcd5a0d..5bcd5a0d 100644
--- a/docs/screenshots/ios-profile.png
+++ b/mitmproxy/docs/screenshots/ios-profile.png
diff --git a/docs/screenshots/ios-reverse.png b/mitmproxy/docs/screenshots/ios-reverse.png
index 6ab5b7c0..6ab5b7c0 100644
--- a/docs/screenshots/ios-reverse.png
+++ b/mitmproxy/docs/screenshots/ios-reverse.png
diff --git a/docs/screenshots/ios-warning.png b/mitmproxy/docs/screenshots/ios-warning.png
index d882c514..d882c514 100644
--- a/docs/screenshots/ios-warning.png
+++ b/mitmproxy/docs/screenshots/ios-warning.png
diff --git a/docs/screenshots/mitmproxy-flowview.png b/mitmproxy/docs/screenshots/mitmproxy-flowview.png
index 154963fe..154963fe 100644
--- a/docs/screenshots/mitmproxy-flowview.png
+++ b/mitmproxy/docs/screenshots/mitmproxy-flowview.png
diff --git a/docs/screenshots/mitmproxy-intercept-filt.png b/mitmproxy/docs/screenshots/mitmproxy-intercept-filt.png
index 60556ee7..60556ee7 100644
--- a/docs/screenshots/mitmproxy-intercept-filt.png
+++ b/mitmproxy/docs/screenshots/mitmproxy-intercept-filt.png
diff --git a/docs/screenshots/mitmproxy-intercept-mid.png b/mitmproxy/docs/screenshots/mitmproxy-intercept-mid.png
index d5b03922..d5b03922 100644
--- a/docs/screenshots/mitmproxy-intercept-mid.png
+++ b/mitmproxy/docs/screenshots/mitmproxy-intercept-mid.png
diff --git a/docs/screenshots/mitmproxy-intercept-options.png b/mitmproxy/docs/screenshots/mitmproxy-intercept-options.png
index 8dc4ad2c..8dc4ad2c 100644
--- a/docs/screenshots/mitmproxy-intercept-options.png
+++ b/mitmproxy/docs/screenshots/mitmproxy-intercept-options.png
diff --git a/docs/screenshots/mitmproxy-intercept-result.png b/mitmproxy/docs/screenshots/mitmproxy-intercept-result.png
index 7d9f5c94..7d9f5c94 100644
--- a/docs/screenshots/mitmproxy-intercept-result.png
+++ b/mitmproxy/docs/screenshots/mitmproxy-intercept-result.png
diff --git a/docs/screenshots/mitmproxy-kveditor-editmode.png b/mitmproxy/docs/screenshots/mitmproxy-kveditor-editmode.png
index a8315ee5..a8315ee5 100644
--- a/docs/screenshots/mitmproxy-kveditor-editmode.png
+++ b/mitmproxy/docs/screenshots/mitmproxy-kveditor-editmode.png
diff --git a/docs/screenshots/mitmproxy-kveditor.png b/mitmproxy/docs/screenshots/mitmproxy-kveditor.png
index 144b9701..144b9701 100644
--- a/docs/screenshots/mitmproxy-kveditor.png
+++ b/mitmproxy/docs/screenshots/mitmproxy-kveditor.png
diff --git a/docs/screenshots/mitmproxy.png b/mitmproxy/docs/screenshots/mitmproxy.png
index 42a10e32..42a10e32 100644
--- a/docs/screenshots/mitmproxy.png
+++ b/mitmproxy/docs/screenshots/mitmproxy.png
diff --git a/docs/screenshots/osx-addcert-alwaystrust.png b/mitmproxy/docs/screenshots/osx-addcert-alwaystrust.png
index 4c5cc704..4c5cc704 100644
--- a/docs/screenshots/osx-addcert-alwaystrust.png
+++ b/mitmproxy/docs/screenshots/osx-addcert-alwaystrust.png
diff --git a/docs/screenshots/win7-certstore-trustedroot.png b/mitmproxy/docs/screenshots/win7-certstore-trustedroot.png
index e15a87f5..e15a87f5 100644
--- a/docs/screenshots/win7-certstore-trustedroot.png
+++ b/mitmproxy/docs/screenshots/win7-certstore-trustedroot.png
diff --git a/docs/screenshots/win7-certstore.png b/mitmproxy/docs/screenshots/win7-certstore.png
index f8ce54bd..f8ce54bd 100644
--- a/docs/screenshots/win7-certstore.png
+++ b/mitmproxy/docs/screenshots/win7-certstore.png
diff --git a/docs/screenshots/win7-wizard.png b/mitmproxy/docs/screenshots/win7-wizard.png
index eff6ad09..eff6ad09 100644
--- a/docs/screenshots/win7-wizard.png
+++ b/mitmproxy/docs/screenshots/win7-wizard.png
diff --git a/docs/screenshots/winpythoninstaller.jpg b/mitmproxy/docs/screenshots/winpythoninstaller.jpg
index 0473c66a..0473c66a 100644
--- a/docs/screenshots/winpythoninstaller.jpg
+++ b/mitmproxy/docs/screenshots/winpythoninstaller.jpg
diff --git a/docs/scripting/inlinescripts.rst b/mitmproxy/docs/scripting/inlinescripts.rst
index 27e4abef..27e4abef 100644
--- a/docs/scripting/inlinescripts.rst
+++ b/mitmproxy/docs/scripting/inlinescripts.rst
diff --git a/docs/scripting/libmproxy.rst b/mitmproxy/docs/scripting/libmproxy.rst
index 92fa5277..92fa5277 100644
--- a/docs/scripting/libmproxy.rst
+++ b/mitmproxy/docs/scripting/libmproxy.rst
diff --git a/docs/transparent.rst b/mitmproxy/docs/transparent.rst
index eb77c76c..eb77c76c 100644
--- a/docs/transparent.rst
+++ b/mitmproxy/docs/transparent.rst
diff --git a/docs/transparent/linux.rst b/mitmproxy/docs/transparent/linux.rst
index ce79128c..ce79128c 100644
--- a/docs/transparent/linux.rst
+++ b/mitmproxy/docs/transparent/linux.rst
diff --git a/docs/transparent/osx.rst b/mitmproxy/docs/transparent/osx.rst
index 1791105f..1791105f 100644
--- a/docs/transparent/osx.rst
+++ b/mitmproxy/docs/transparent/osx.rst
diff --git a/docs/tutorials/30second.rst b/mitmproxy/docs/tutorials/30second.rst
index 4c8bf326..4c8bf326 100644
--- a/docs/tutorials/30second.rst
+++ b/mitmproxy/docs/tutorials/30second.rst
diff --git a/docs/tutorials/gamecenter.rst b/mitmproxy/docs/tutorials/gamecenter.rst
index 9dce5df8..9dce5df8 100644
--- a/docs/tutorials/gamecenter.rst
+++ b/mitmproxy/docs/tutorials/gamecenter.rst
diff --git a/docs/tutorials/leaderboard.png b/mitmproxy/docs/tutorials/leaderboard.png
index c1be8df5..c1be8df5 100644
--- a/docs/tutorials/leaderboard.png
+++ b/mitmproxy/docs/tutorials/leaderboard.png
diff --git a/docs/tutorials/one.png b/mitmproxy/docs/tutorials/one.png
index 78a636cf..78a636cf 100644
--- a/docs/tutorials/one.png
+++ b/mitmproxy/docs/tutorials/one.png
diff --git a/docs/tutorials/supermega.png b/mitmproxy/docs/tutorials/supermega.png
index d416f71f..d416f71f 100644
--- a/docs/tutorials/supermega.png
+++ b/mitmproxy/docs/tutorials/supermega.png
diff --git a/docs/tutorials/transparent-dhcp.rst b/mitmproxy/docs/tutorials/transparent-dhcp.rst
index ce285b63..ce285b63 100644
--- a/docs/tutorials/transparent-dhcp.rst
+++ b/mitmproxy/docs/tutorials/transparent-dhcp.rst
diff --git a/docs/tutorials/transparent-dhcp/step1_proxy.png b/mitmproxy/docs/tutorials/transparent-dhcp/step1_proxy.png
index a0c94484..a0c94484 100644
--- a/docs/tutorials/transparent-dhcp/step1_proxy.png
+++ b/mitmproxy/docs/tutorials/transparent-dhcp/step1_proxy.png
diff --git a/docs/tutorials/transparent-dhcp/step1_vbox_eth0.png b/mitmproxy/docs/tutorials/transparent-dhcp/step1_vbox_eth0.png
index 4b7b4e9b..4b7b4e9b 100644
--- a/docs/tutorials/transparent-dhcp/step1_vbox_eth0.png
+++ b/mitmproxy/docs/tutorials/transparent-dhcp/step1_vbox_eth0.png
diff --git a/docs/tutorials/transparent-dhcp/step1_vbox_eth1.png b/mitmproxy/docs/tutorials/transparent-dhcp/step1_vbox_eth1.png
index b994d4cb..b994d4cb 100644
--- a/docs/tutorials/transparent-dhcp/step1_vbox_eth1.png
+++ b/mitmproxy/docs/tutorials/transparent-dhcp/step1_vbox_eth1.png
diff --git a/docs/tutorials/transparent-dhcp/step2_proxied_vm.png b/mitmproxy/docs/tutorials/transparent-dhcp/step2_proxied_vm.png
index 2046cc57..2046cc57 100644
--- a/docs/tutorials/transparent-dhcp/step2_proxied_vm.png
+++ b/mitmproxy/docs/tutorials/transparent-dhcp/step2_proxied_vm.png
diff --git a/examples/README b/mitmproxy/examples/README
index b4dec8e5..b4dec8e5 100644
--- a/examples/README
+++ b/mitmproxy/examples/README
diff --git a/examples/add_header.py b/mitmproxy/examples/add_header.py
index cf1b53cc..cf1b53cc 100644
--- a/examples/add_header.py
+++ b/mitmproxy/examples/add_header.py
diff --git a/examples/change_upstream_proxy.py b/mitmproxy/examples/change_upstream_proxy.py
index 9c454897..9c454897 100644
--- a/examples/change_upstream_proxy.py
+++ b/mitmproxy/examples/change_upstream_proxy.py
diff --git a/examples/custom_contentviews.py b/mitmproxy/examples/custom_contentviews.py
index 17920e51..17920e51 100644
--- a/examples/custom_contentviews.py
+++ b/mitmproxy/examples/custom_contentviews.py
diff --git a/examples/dns_spoofing.py b/mitmproxy/examples/dns_spoofing.py
index 7eb79695..7eb79695 100644
--- a/examples/dns_spoofing.py
+++ b/mitmproxy/examples/dns_spoofing.py
diff --git a/examples/dup_and_replay.py b/mitmproxy/examples/dup_and_replay.py
index 9ba91d3b..9ba91d3b 100644
--- a/examples/dup_and_replay.py
+++ b/mitmproxy/examples/dup_and_replay.py
diff --git a/examples/filt.py b/mitmproxy/examples/filt.py
index d2daf9a2..d2daf9a2 100644
--- a/examples/filt.py
+++ b/mitmproxy/examples/filt.py
diff --git a/examples/flowbasic b/mitmproxy/examples/flowbasic
index 78b9eff7..78b9eff7 100755..100644
--- a/examples/flowbasic
+++ b/mitmproxy/examples/flowbasic
diff --git a/examples/flowwriter.py b/mitmproxy/examples/flowwriter.py
index be2f285e..be2f285e 100644
--- a/examples/flowwriter.py
+++ b/mitmproxy/examples/flowwriter.py
diff --git a/examples/har_extractor.py b/mitmproxy/examples/har_extractor.py
index 4e905438..4e905438 100644
--- a/examples/har_extractor.py
+++ b/mitmproxy/examples/har_extractor.py
diff --git a/examples/iframe_injector.py b/mitmproxy/examples/iframe_injector.py
index 29de9b63..29de9b63 100644
--- a/examples/iframe_injector.py
+++ b/mitmproxy/examples/iframe_injector.py
diff --git a/examples/mitmproxywrapper.py b/mitmproxy/examples/mitmproxywrapper.py
index 7ea10715..7ea10715 100755..100644
--- a/examples/mitmproxywrapper.py
+++ b/mitmproxy/examples/mitmproxywrapper.py
diff --git a/examples/modify_form.py b/mitmproxy/examples/modify_form.py
index 3e9d15c0..3e9d15c0 100644
--- a/examples/modify_form.py
+++ b/mitmproxy/examples/modify_form.py
diff --git a/examples/modify_querystring.py b/mitmproxy/examples/modify_querystring.py
index 7f31a48f..7f31a48f 100644
--- a/examples/modify_querystring.py
+++ b/mitmproxy/examples/modify_querystring.py
diff --git a/examples/modify_response_body.py b/mitmproxy/examples/modify_response_body.py
index a35e1525..a35e1525 100644
--- a/examples/modify_response_body.py
+++ b/mitmproxy/examples/modify_response_body.py
diff --git a/examples/nonblocking.py b/mitmproxy/examples/nonblocking.py
index 7bc9c07b..7bc9c07b 100644
--- a/examples/nonblocking.py
+++ b/mitmproxy/examples/nonblocking.py
diff --git a/examples/proxapp.py b/mitmproxy/examples/proxapp.py
index 4d8e7b58..4d8e7b58 100644
--- a/examples/proxapp.py
+++ b/mitmproxy/examples/proxapp.py
diff --git a/examples/read_dumpfile b/mitmproxy/examples/read_dumpfile
index b329c0e1..b329c0e1 100755..100644
--- a/examples/read_dumpfile
+++ b/mitmproxy/examples/read_dumpfile
diff --git a/examples/redirect_requests.py b/mitmproxy/examples/redirect_requests.py
index a3145083..a3145083 100644
--- a/examples/redirect_requests.py
+++ b/mitmproxy/examples/redirect_requests.py
diff --git a/examples/sslstrip.py b/mitmproxy/examples/sslstrip.py
index 369427a2..369427a2 100644
--- a/examples/sslstrip.py
+++ b/mitmproxy/examples/sslstrip.py
diff --git a/examples/stickycookies b/mitmproxy/examples/stickycookies
index 7e84f71c..7e84f71c 100755..100644
--- a/examples/stickycookies
+++ b/mitmproxy/examples/stickycookies
diff --git a/examples/stream.py b/mitmproxy/examples/stream.py
index 3adbe437..3adbe437 100644
--- a/examples/stream.py
+++ b/mitmproxy/examples/stream.py
diff --git a/examples/stream_modify.py b/mitmproxy/examples/stream_modify.py
index aa395c03..aa395c03 100644
--- a/examples/stream_modify.py
+++ b/mitmproxy/examples/stream_modify.py
diff --git a/examples/stub.py b/mitmproxy/examples/stub.py
index 516b71a5..516b71a5 100644
--- a/examples/stub.py
+++ b/mitmproxy/examples/stub.py
diff --git a/examples/tcp_message.py b/mitmproxy/examples/tcp_message.py
index c63368e4..c63368e4 100644
--- a/examples/tcp_message.py
+++ b/mitmproxy/examples/tcp_message.py
diff --git a/examples/tls_passthrough.py b/mitmproxy/examples/tls_passthrough.py
index 0d41b725..0d41b725 100644
--- a/examples/tls_passthrough.py
+++ b/mitmproxy/examples/tls_passthrough.py
diff --git a/examples/upsidedownternet.py b/mitmproxy/examples/upsidedownternet.py
index f2e73047..f2e73047 100644
--- a/examples/upsidedownternet.py
+++ b/mitmproxy/examples/upsidedownternet.py
diff --git a/libmproxy/__init__.py b/mitmproxy/libmproxy/__init__.py
index e69de29b..e69de29b 100644
--- a/libmproxy/__init__.py
+++ b/mitmproxy/libmproxy/__init__.py
diff --git a/libmproxy/cmdline.py b/mitmproxy/libmproxy/cmdline.py
index b1cbfa3a..b1cbfa3a 100644
--- a/libmproxy/cmdline.py
+++ b/mitmproxy/libmproxy/cmdline.py
diff --git a/libmproxy/console/__init__.py b/mitmproxy/libmproxy/console/__init__.py
index e739ec61..e739ec61 100644
--- a/libmproxy/console/__init__.py
+++ b/mitmproxy/libmproxy/console/__init__.py
diff --git a/libmproxy/console/common.py b/mitmproxy/libmproxy/console/common.py
index c29ffddc..c29ffddc 100644
--- a/libmproxy/console/common.py
+++ b/mitmproxy/libmproxy/console/common.py
diff --git a/libmproxy/console/flowdetailview.py b/mitmproxy/libmproxy/console/flowdetailview.py
index f4b4262e..f4b4262e 100644
--- a/libmproxy/console/flowdetailview.py
+++ b/mitmproxy/libmproxy/console/flowdetailview.py
diff --git a/libmproxy/console/flowlist.py b/mitmproxy/libmproxy/console/flowlist.py
index c2201055..c2201055 100644
--- a/libmproxy/console/flowlist.py
+++ b/mitmproxy/libmproxy/console/flowlist.py
diff --git a/libmproxy/console/flowview.py b/mitmproxy/libmproxy/console/flowview.py
index d2b98b68..d2b98b68 100644
--- a/libmproxy/console/flowview.py
+++ b/mitmproxy/libmproxy/console/flowview.py
diff --git a/libmproxy/console/grideditor.py b/mitmproxy/libmproxy/console/grideditor.py
index a11c962c..a11c962c 100644
--- a/libmproxy/console/grideditor.py
+++ b/mitmproxy/libmproxy/console/grideditor.py
diff --git a/libmproxy/console/help.py b/mitmproxy/libmproxy/console/help.py
index 0c264ebf..0c264ebf 100644
--- a/libmproxy/console/help.py
+++ b/mitmproxy/libmproxy/console/help.py
diff --git a/libmproxy/console/options.py b/mitmproxy/libmproxy/console/options.py
index 5c9e0cc9..5c9e0cc9 100644
--- a/libmproxy/console/options.py
+++ b/mitmproxy/libmproxy/console/options.py
diff --git a/libmproxy/console/palettepicker.py b/mitmproxy/libmproxy/console/palettepicker.py
index 51ad0606..51ad0606 100644
--- a/libmproxy/console/palettepicker.py
+++ b/mitmproxy/libmproxy/console/palettepicker.py
diff --git a/libmproxy/console/palettes.py b/mitmproxy/libmproxy/console/palettes.py
index bd370181..bd370181 100644
--- a/libmproxy/console/palettes.py
+++ b/mitmproxy/libmproxy/console/palettes.py
diff --git a/libmproxy/console/pathedit.py b/mitmproxy/libmproxy/console/pathedit.py
index 4447070b..4447070b 100644
--- a/libmproxy/console/pathedit.py
+++ b/mitmproxy/libmproxy/console/pathedit.py
diff --git a/libmproxy/console/searchable.py b/mitmproxy/libmproxy/console/searchable.py
index cff1f0a1..cff1f0a1 100644
--- a/libmproxy/console/searchable.py
+++ b/mitmproxy/libmproxy/console/searchable.py
diff --git a/libmproxy/console/select.py b/mitmproxy/libmproxy/console/select.py
index 928a7ca5..928a7ca5 100644
--- a/libmproxy/console/select.py
+++ b/mitmproxy/libmproxy/console/select.py
diff --git a/libmproxy/console/signals.py b/mitmproxy/libmproxy/console/signals.py
index 6a439bf3..6a439bf3 100644
--- a/libmproxy/console/signals.py
+++ b/mitmproxy/libmproxy/console/signals.py
diff --git a/libmproxy/console/statusbar.py b/mitmproxy/libmproxy/console/statusbar.py
index 4cc63a54..4cc63a54 100644
--- a/libmproxy/console/statusbar.py
+++ b/mitmproxy/libmproxy/console/statusbar.py
diff --git a/libmproxy/console/tabs.py b/mitmproxy/libmproxy/console/tabs.py
index b5423038..b5423038 100644
--- a/libmproxy/console/tabs.py
+++ b/mitmproxy/libmproxy/console/tabs.py
diff --git a/libmproxy/console/window.py b/mitmproxy/libmproxy/console/window.py
index 47c284e4..47c284e4 100644
--- a/libmproxy/console/window.py
+++ b/mitmproxy/libmproxy/console/window.py
diff --git a/libmproxy/contentviews.py b/mitmproxy/libmproxy/contentviews.py
index c0652c18..c0652c18 100644
--- a/libmproxy/contentviews.py
+++ b/mitmproxy/libmproxy/contentviews.py
diff --git a/libmproxy/contrib/README b/mitmproxy/libmproxy/contrib/README
index e5ce11da..e5ce11da 100644
--- a/libmproxy/contrib/README
+++ b/mitmproxy/libmproxy/contrib/README
diff --git a/libmproxy/contrib/__init__.py b/mitmproxy/libmproxy/contrib/__init__.py
index e69de29b..e69de29b 100644
--- a/libmproxy/contrib/__init__.py
+++ b/mitmproxy/libmproxy/contrib/__init__.py
diff --git a/libmproxy/contrib/jsbeautifier/__init__.py b/mitmproxy/libmproxy/contrib/jsbeautifier/__init__.py
index e319e8dd..e319e8dd 100644
--- a/libmproxy/contrib/jsbeautifier/__init__.py
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/__init__.py
diff --git a/libmproxy/contrib/jsbeautifier/unpackers/README.specs.mkd b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/README.specs.mkd
index e937b762..e937b762 100644
--- a/libmproxy/contrib/jsbeautifier/unpackers/README.specs.mkd
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/README.specs.mkd
diff --git a/libmproxy/contrib/jsbeautifier/unpackers/__init__.py b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/__init__.py
index fcb5b07a..fcb5b07a 100644
--- a/libmproxy/contrib/jsbeautifier/unpackers/__init__.py
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/__init__.py
diff --git a/libmproxy/contrib/jsbeautifier/unpackers/evalbased.py b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/evalbased.py
index b17d926e..b17d926e 100644
--- a/libmproxy/contrib/jsbeautifier/unpackers/evalbased.py
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/evalbased.py
diff --git a/libmproxy/contrib/jsbeautifier/unpackers/javascriptobfuscator.py b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/javascriptobfuscator.py
index aa4344a3..aa4344a3 100644
--- a/libmproxy/contrib/jsbeautifier/unpackers/javascriptobfuscator.py
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/javascriptobfuscator.py
diff --git a/libmproxy/contrib/jsbeautifier/unpackers/myobfuscate.py b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/myobfuscate.py
index 9893f95f..9893f95f 100644
--- a/libmproxy/contrib/jsbeautifier/unpackers/myobfuscate.py
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/myobfuscate.py
diff --git a/libmproxy/contrib/jsbeautifier/unpackers/packer.py b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/packer.py
index 4ada669e..4ada669e 100644
--- a/libmproxy/contrib/jsbeautifier/unpackers/packer.py
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/packer.py
diff --git a/libmproxy/contrib/jsbeautifier/unpackers/urlencode.py b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/urlencode.py
index 72d2bd1c..72d2bd1c 100644
--- a/libmproxy/contrib/jsbeautifier/unpackers/urlencode.py
+++ b/mitmproxy/libmproxy/contrib/jsbeautifier/unpackers/urlencode.py
diff --git a/libmproxy/contrib/tls/__init__.py b/mitmproxy/libmproxy/contrib/tls/__init__.py
index 4b540884..4b540884 100644
--- a/libmproxy/contrib/tls/__init__.py
+++ b/mitmproxy/libmproxy/contrib/tls/__init__.py
diff --git a/libmproxy/contrib/tls/_constructs.py b/mitmproxy/libmproxy/contrib/tls/_constructs.py
index 4cb7d382..4cb7d382 100644
--- a/libmproxy/contrib/tls/_constructs.py
+++ b/mitmproxy/libmproxy/contrib/tls/_constructs.py
diff --git a/libmproxy/contrib/tls/utils.py b/mitmproxy/libmproxy/contrib/tls/utils.py
index 4c917303..4c917303 100644
--- a/libmproxy/contrib/tls/utils.py
+++ b/mitmproxy/libmproxy/contrib/tls/utils.py
diff --git a/libmproxy/contrib/wbxml/ASCommandResponse.py b/mitmproxy/libmproxy/contrib/wbxml/ASCommandResponse.py
index 08d03445..08d03445 100644
--- a/libmproxy/contrib/wbxml/ASCommandResponse.py
+++ b/mitmproxy/libmproxy/contrib/wbxml/ASCommandResponse.py
diff --git a/libmproxy/contrib/wbxml/ASWBXML.py b/mitmproxy/libmproxy/contrib/wbxml/ASWBXML.py
index 926d18c0..926d18c0 100644
--- a/libmproxy/contrib/wbxml/ASWBXML.py
+++ b/mitmproxy/libmproxy/contrib/wbxml/ASWBXML.py
diff --git a/libmproxy/contrib/wbxml/ASWBXMLByteQueue.py b/mitmproxy/libmproxy/contrib/wbxml/ASWBXMLByteQueue.py
index c7a9e0a5..c7a9e0a5 100644
--- a/libmproxy/contrib/wbxml/ASWBXMLByteQueue.py
+++ b/mitmproxy/libmproxy/contrib/wbxml/ASWBXMLByteQueue.py
diff --git a/libmproxy/contrib/wbxml/ASWBXMLCodePage.py b/mitmproxy/libmproxy/contrib/wbxml/ASWBXMLCodePage.py
index 2f9d8717..2f9d8717 100644
--- a/libmproxy/contrib/wbxml/ASWBXMLCodePage.py
+++ b/mitmproxy/libmproxy/contrib/wbxml/ASWBXMLCodePage.py
diff --git a/libmproxy/contrib/wbxml/GlobalTokens.py b/mitmproxy/libmproxy/contrib/wbxml/GlobalTokens.py
index 41310fb1..41310fb1 100644
--- a/libmproxy/contrib/wbxml/GlobalTokens.py
+++ b/mitmproxy/libmproxy/contrib/wbxml/GlobalTokens.py
diff --git a/libmproxy/contrib/wbxml/InvalidDataException.py b/mitmproxy/libmproxy/contrib/wbxml/InvalidDataException.py
index 67f8ea93..67f8ea93 100644
--- a/libmproxy/contrib/wbxml/InvalidDataException.py
+++ b/mitmproxy/libmproxy/contrib/wbxml/InvalidDataException.py
diff --git a/libmproxy/contrib/wbxml/__init__.py b/mitmproxy/libmproxy/contrib/wbxml/__init__.py
index e69de29b..e69de29b 100644
--- a/libmproxy/contrib/wbxml/__init__.py
+++ b/mitmproxy/libmproxy/contrib/wbxml/__init__.py
diff --git a/libmproxy/controller.py b/mitmproxy/libmproxy/controller.py
index 9a059856..9a059856 100644
--- a/libmproxy/controller.py
+++ b/mitmproxy/libmproxy/controller.py
diff --git a/libmproxy/dump.py b/mitmproxy/libmproxy/dump.py
index 6dab2ddc..6dab2ddc 100644
--- a/libmproxy/dump.py
+++ b/mitmproxy/libmproxy/dump.py
diff --git a/libmproxy/exceptions.py b/mitmproxy/libmproxy/exceptions.py
index a5d35263..a5d35263 100644
--- a/libmproxy/exceptions.py
+++ b/mitmproxy/libmproxy/exceptions.py
diff --git a/libmproxy/filt.py b/mitmproxy/libmproxy/filt.py
index aa62b717..aa62b717 100644
--- a/libmproxy/filt.py
+++ b/mitmproxy/libmproxy/filt.py
diff --git a/libmproxy/flow.py b/mitmproxy/libmproxy/flow.py
index ac0d0fbb..ac0d0fbb 100644
--- a/libmproxy/flow.py
+++ b/mitmproxy/libmproxy/flow.py
diff --git a/libmproxy/flow_export.py b/mitmproxy/libmproxy/flow_export.py
index 52145516..52145516 100644
--- a/libmproxy/flow_export.py
+++ b/mitmproxy/libmproxy/flow_export.py
diff --git a/libmproxy/flow_format_compat.py b/mitmproxy/libmproxy/flow_format_compat.py
index a7a95af3..a7a95af3 100644
--- a/libmproxy/flow_format_compat.py
+++ b/mitmproxy/libmproxy/flow_format_compat.py
diff --git a/libmproxy/main.py b/mitmproxy/libmproxy/main.py
index ef135754..ef135754 100644
--- a/libmproxy/main.py
+++ b/mitmproxy/libmproxy/main.py
diff --git a/libmproxy/models/__init__.py b/mitmproxy/libmproxy/models/__init__.py
index 653b19fd..653b19fd 100644
--- a/libmproxy/models/__init__.py
+++ b/mitmproxy/libmproxy/models/__init__.py
diff --git a/libmproxy/models/connections.py b/mitmproxy/libmproxy/models/connections.py
index d5920256..d5920256 100644
--- a/libmproxy/models/connections.py
+++ b/mitmproxy/libmproxy/models/connections.py
diff --git a/libmproxy/models/flow.py b/mitmproxy/libmproxy/models/flow.py
index 10255dad..10255dad 100644
--- a/libmproxy/models/flow.py
+++ b/mitmproxy/libmproxy/models/flow.py
diff --git a/libmproxy/models/http.py b/mitmproxy/libmproxy/models/http.py
index da9c430e..da9c430e 100644
--- a/libmproxy/models/http.py
+++ b/mitmproxy/libmproxy/models/http.py
diff --git a/libmproxy/onboarding/__init__.py b/mitmproxy/libmproxy/onboarding/__init__.py
index e69de29b..e69de29b 100644
--- a/libmproxy/onboarding/__init__.py
+++ b/mitmproxy/libmproxy/onboarding/__init__.py
diff --git a/libmproxy/onboarding/app.py b/mitmproxy/libmproxy/onboarding/app.py
index ff5ed63c..ff5ed63c 100644
--- a/libmproxy/onboarding/app.py
+++ b/mitmproxy/libmproxy/onboarding/app.py
diff --git a/libmproxy/onboarding/static/bootstrap.min.css b/mitmproxy/libmproxy/onboarding/static/bootstrap.min.css
index f31489f9..f31489f9 100644
--- a/libmproxy/onboarding/static/bootstrap.min.css
+++ b/mitmproxy/libmproxy/onboarding/static/bootstrap.min.css
diff --git a/libmproxy/onboarding/static/fontawesome/css/font-awesome.css b/mitmproxy/libmproxy/onboarding/static/fontawesome/css/font-awesome.css
index 048cff97..048cff97 100644
--- a/libmproxy/onboarding/static/fontawesome/css/font-awesome.css
+++ b/mitmproxy/libmproxy/onboarding/static/fontawesome/css/font-awesome.css
diff --git a/libmproxy/onboarding/static/fontawesome/css/font-awesome.min.css b/mitmproxy/libmproxy/onboarding/static/fontawesome/css/font-awesome.min.css
index 449d6ac5..449d6ac5 100644
--- a/libmproxy/onboarding/static/fontawesome/css/font-awesome.min.css
+++ b/mitmproxy/libmproxy/onboarding/static/fontawesome/css/font-awesome.min.css
diff --git a/libmproxy/onboarding/static/fontawesome/fonts/FontAwesome.otf b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/FontAwesome.otf
index 8b0f54e4..8b0f54e4 100644
--- a/libmproxy/onboarding/static/fontawesome/fonts/FontAwesome.otf
+++ b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/FontAwesome.otf
diff --git a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.eot b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.eot
index 7c79c6a6..7c79c6a6 100755..100644
--- a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.eot
+++ b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.eot
diff --git a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.svg b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.svg
index 45fdf338..45fdf338 100755..100644
--- a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.svg
+++ b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.svg
diff --git a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.ttf b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.ttf
index e89738de..e89738de 100755..100644
--- a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.ttf
+++ b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.ttf
diff --git a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.woff b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.woff
index 8c1748aa..8c1748aa 100755..100644
--- a/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.woff
+++ b/mitmproxy/libmproxy/onboarding/static/fontawesome/fonts/fontawesome-webfont.woff
diff --git a/libmproxy/onboarding/static/mitmproxy.css b/mitmproxy/libmproxy/onboarding/static/mitmproxy.css
index b390976a..b390976a 100644
--- a/libmproxy/onboarding/static/mitmproxy.css
+++ b/mitmproxy/libmproxy/onboarding/static/mitmproxy.css
diff --git a/libmproxy/onboarding/templates/frame.html b/mitmproxy/libmproxy/onboarding/templates/frame.html
index f00e1a66..f00e1a66 100644
--- a/libmproxy/onboarding/templates/frame.html
+++ b/mitmproxy/libmproxy/onboarding/templates/frame.html
diff --git a/libmproxy/onboarding/templates/index.html b/mitmproxy/libmproxy/onboarding/templates/index.html
index 1bcff1b8..1bcff1b8 100644
--- a/libmproxy/onboarding/templates/index.html
+++ b/mitmproxy/libmproxy/onboarding/templates/index.html
diff --git a/libmproxy/onboarding/templates/layout.html b/mitmproxy/libmproxy/onboarding/templates/layout.html
index 8726a788..8726a788 100644
--- a/libmproxy/onboarding/templates/layout.html
+++ b/mitmproxy/libmproxy/onboarding/templates/layout.html
diff --git a/libmproxy/platform/__init__.py b/mitmproxy/libmproxy/platform/__init__.py
index e1ff7c47..e1ff7c47 100644
--- a/libmproxy/platform/__init__.py
+++ b/mitmproxy/libmproxy/platform/__init__.py
diff --git a/libmproxy/platform/linux.py b/mitmproxy/libmproxy/platform/linux.py
index 38bfbe42..38bfbe42 100644
--- a/libmproxy/platform/linux.py
+++ b/mitmproxy/libmproxy/platform/linux.py
diff --git a/libmproxy/platform/osx.py b/mitmproxy/libmproxy/platform/osx.py
index afbc919b..afbc919b 100644
--- a/libmproxy/platform/osx.py
+++ b/mitmproxy/libmproxy/platform/osx.py
diff --git a/libmproxy/platform/pf.py b/mitmproxy/libmproxy/platform/pf.py
index 97a4c192..97a4c192 100644
--- a/libmproxy/platform/pf.py
+++ b/mitmproxy/libmproxy/platform/pf.py
diff --git a/libmproxy/platform/windows.py b/mitmproxy/libmproxy/platform/windows.py
index 9fe04cfa..9fe04cfa 100644
--- a/libmproxy/platform/windows.py
+++ b/mitmproxy/libmproxy/platform/windows.py
diff --git a/libmproxy/protocol/__init__.py b/mitmproxy/libmproxy/protocol/__init__.py
index ea958d06..ea958d06 100644
--- a/libmproxy/protocol/__init__.py
+++ b/mitmproxy/libmproxy/protocol/__init__.py
diff --git a/libmproxy/protocol/base.py b/mitmproxy/libmproxy/protocol/base.py
index 40fcaf65..40fcaf65 100644
--- a/libmproxy/protocol/base.py
+++ b/mitmproxy/libmproxy/protocol/base.py
diff --git a/libmproxy/protocol/http.py b/mitmproxy/libmproxy/protocol/http.py
index 13d7903b..13d7903b 100644
--- a/libmproxy/protocol/http.py
+++ b/mitmproxy/libmproxy/protocol/http.py
diff --git a/libmproxy/protocol/http1.py b/mitmproxy/libmproxy/protocol/http1.py
index a4cd8801..a4cd8801 100644
--- a/libmproxy/protocol/http1.py
+++ b/mitmproxy/libmproxy/protocol/http1.py
diff --git a/libmproxy/protocol/http2.py b/mitmproxy/libmproxy/protocol/http2.py
index c121637c..c121637c 100644
--- a/libmproxy/protocol/http2.py
+++ b/mitmproxy/libmproxy/protocol/http2.py
diff --git a/libmproxy/protocol/http_replay.py b/mitmproxy/libmproxy/protocol/http_replay.py
index 63870dfb..63870dfb 100644
--- a/libmproxy/protocol/http_replay.py
+++ b/mitmproxy/libmproxy/protocol/http_replay.py
diff --git a/libmproxy/protocol/rawtcp.py b/mitmproxy/libmproxy/protocol/rawtcp.py
index b87899e4..b87899e4 100644
--- a/libmproxy/protocol/rawtcp.py
+++ b/mitmproxy/libmproxy/protocol/rawtcp.py
diff --git a/libmproxy/protocol/tls.py b/mitmproxy/libmproxy/protocol/tls.py
index 378dd7d4..378dd7d4 100644
--- a/libmproxy/protocol/tls.py
+++ b/mitmproxy/libmproxy/protocol/tls.py
diff --git a/libmproxy/proxy/__init__.py b/mitmproxy/libmproxy/proxy/__init__.py
index be7f5207..be7f5207 100644
--- a/libmproxy/proxy/__init__.py
+++ b/mitmproxy/libmproxy/proxy/__init__.py
diff --git a/libmproxy/proxy/config.py b/mitmproxy/libmproxy/proxy/config.py
index a635ab19..a635ab19 100644
--- a/libmproxy/proxy/config.py
+++ b/mitmproxy/libmproxy/proxy/config.py
diff --git a/libmproxy/proxy/modes/__init__.py b/mitmproxy/libmproxy/proxy/modes/__init__.py
index f014ed98..f014ed98 100644
--- a/libmproxy/proxy/modes/__init__.py
+++ b/mitmproxy/libmproxy/proxy/modes/__init__.py
diff --git a/libmproxy/proxy/modes/http_proxy.py b/mitmproxy/libmproxy/proxy/modes/http_proxy.py
index e19062b9..e19062b9 100644
--- a/libmproxy/proxy/modes/http_proxy.py
+++ b/mitmproxy/libmproxy/proxy/modes/http_proxy.py
diff --git a/libmproxy/proxy/modes/reverse_proxy.py b/mitmproxy/libmproxy/proxy/modes/reverse_proxy.py
index c8e80a10..c8e80a10 100644
--- a/libmproxy/proxy/modes/reverse_proxy.py
+++ b/mitmproxy/libmproxy/proxy/modes/reverse_proxy.py
diff --git a/libmproxy/proxy/modes/socks_proxy.py b/mitmproxy/libmproxy/proxy/modes/socks_proxy.py
index e2ce44ae..e2ce44ae 100644
--- a/libmproxy/proxy/modes/socks_proxy.py
+++ b/mitmproxy/libmproxy/proxy/modes/socks_proxy.py
diff --git a/libmproxy/proxy/modes/transparent_proxy.py b/mitmproxy/libmproxy/proxy/modes/transparent_proxy.py
index 3fdda656..3fdda656 100644
--- a/libmproxy/proxy/modes/transparent_proxy.py
+++ b/mitmproxy/libmproxy/proxy/modes/transparent_proxy.py
diff --git a/libmproxy/proxy/root_context.py b/mitmproxy/libmproxy/proxy/root_context.py
index f56aee6d..f56aee6d 100644
--- a/libmproxy/proxy/root_context.py
+++ b/mitmproxy/libmproxy/proxy/root_context.py
diff --git a/libmproxy/proxy/server.py b/mitmproxy/libmproxy/proxy/server.py
index d208cff5..d208cff5 100644
--- a/libmproxy/proxy/server.py
+++ b/mitmproxy/libmproxy/proxy/server.py
diff --git a/libmproxy/script/__init__.py b/mitmproxy/libmproxy/script/__init__.py
index 3ee19b04..3ee19b04 100644
--- a/libmproxy/script/__init__.py
+++ b/mitmproxy/libmproxy/script/__init__.py
diff --git a/libmproxy/script/concurrent.py b/mitmproxy/libmproxy/script/concurrent.py
index f0f5e3cd..f0f5e3cd 100644
--- a/libmproxy/script/concurrent.py
+++ b/mitmproxy/libmproxy/script/concurrent.py
diff --git a/libmproxy/script/reloader.py b/mitmproxy/libmproxy/script/reloader.py
index b4acf51b..b4acf51b 100644
--- a/libmproxy/script/reloader.py
+++ b/mitmproxy/libmproxy/script/reloader.py
diff --git a/libmproxy/script/script.py b/mitmproxy/libmproxy/script/script.py
index 55778851..55778851 100644
--- a/libmproxy/script/script.py
+++ b/mitmproxy/libmproxy/script/script.py
diff --git a/libmproxy/script/script_context.py b/mitmproxy/libmproxy/script/script_context.py
index cd5d4b61..cd5d4b61 100644
--- a/libmproxy/script/script_context.py
+++ b/mitmproxy/libmproxy/script/script_context.py
diff --git a/libmproxy/stateobject.py b/mitmproxy/libmproxy/stateobject.py
index a4a1ffda..a4a1ffda 100644
--- a/libmproxy/stateobject.py
+++ b/mitmproxy/libmproxy/stateobject.py
diff --git a/libmproxy/tnetstring.py b/mitmproxy/libmproxy/tnetstring.py
index c5c185c6..c5c185c6 100644
--- a/libmproxy/tnetstring.py
+++ b/mitmproxy/libmproxy/tnetstring.py
diff --git a/libmproxy/utils.py b/mitmproxy/libmproxy/utils.py
index a697a637..4bdd036e 100644
--- a/libmproxy/utils.py
+++ b/mitmproxy/libmproxy/utils.py
@@ -4,7 +4,8 @@ import datetime
 import re
 import time
 import json
-
+import importlib
+import inspect
 
 def timestamp():
     """
@@ -75,8 +76,8 @@ def pretty_duration(secs):
 class Data:
 
     def __init__(self, name):
-        m = __import__(name)
-        dirname, _ = os.path.split(m.__file__)
+        m = importlib.import_module(name)
+        dirname = os.path.dirname(inspect.getsourcefile(m))
         self.dirname = os.path.abspath(dirname)
 
     def path(self, path):
diff --git a/mitmproxy/libmproxy/version.py b/mitmproxy/libmproxy/version.py
new file mode 100644
index 00000000..63f60a8d
--- /dev/null
+++ b/mitmproxy/libmproxy/version.py
@@ -0,0 +1,3 @@
+from __future__ import (absolute_import, print_function, division)
+
+from netlib.version import *
\ No newline at end of file
diff --git a/libmproxy/web/__init__.py b/mitmproxy/libmproxy/web/__init__.py
index 50c49e8d..50c49e8d 100644
--- a/libmproxy/web/__init__.py
+++ b/mitmproxy/libmproxy/web/__init__.py
diff --git a/libmproxy/web/app.py b/mitmproxy/libmproxy/web/app.py
index 63b7bf1a..63b7bf1a 100644
--- a/libmproxy/web/app.py
+++ b/mitmproxy/libmproxy/web/app.py
diff --git a/libmproxy/web/static/app.css b/mitmproxy/libmproxy/web/static/app.css
index 94a6abf0..94a6abf0 100644
--- a/libmproxy/web/static/app.css
+++ b/mitmproxy/libmproxy/web/static/app.css
diff --git a/libmproxy/web/static/app.js b/mitmproxy/libmproxy/web/static/app.js
index 27f356f7..27f356f7 100644
--- a/libmproxy/web/static/app.js
+++ b/mitmproxy/libmproxy/web/static/app.js
diff --git a/libmproxy/web/static/fonts/fontawesome-webfont.eot b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.eot
index 84677bc0..84677bc0 100644
--- a/libmproxy/web/static/fonts/fontawesome-webfont.eot
+++ b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.eot
diff --git a/libmproxy/web/static/fonts/fontawesome-webfont.svg b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.svg
index d907b25a..d907b25a 100644
--- a/libmproxy/web/static/fonts/fontawesome-webfont.svg
+++ b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.svg
diff --git a/libmproxy/web/static/fonts/fontawesome-webfont.ttf b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.ttf
index 96a3639c..96a3639c 100644
--- a/libmproxy/web/static/fonts/fontawesome-webfont.ttf
+++ b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.ttf
diff --git a/libmproxy/web/static/fonts/fontawesome-webfont.woff b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.woff
index 628b6a52..628b6a52 100644
--- a/libmproxy/web/static/fonts/fontawesome-webfont.woff
+++ b/mitmproxy/libmproxy/web/static/fonts/fontawesome-webfont.woff
diff --git a/libmproxy/web/static/images/chrome-devtools/LICENSE b/mitmproxy/libmproxy/web/static/images/chrome-devtools/LICENSE
index 6e4f8b9f..6e4f8b9f 100644
--- a/libmproxy/web/static/images/chrome-devtools/LICENSE
+++ b/mitmproxy/libmproxy/web/static/images/chrome-devtools/LICENSE
diff --git a/libmproxy/web/static/images/chrome-devtools/resourceCSSIcon.png b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourceCSSIcon.png
index 18828d06..18828d06 100644
--- a/libmproxy/web/static/images/chrome-devtools/resourceCSSIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourceCSSIcon.png
diff --git a/libmproxy/web/static/images/chrome-devtools/resourceDocumentIcon.png b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourceDocumentIcon.png
index fdc10e47..fdc10e47 100644
--- a/libmproxy/web/static/images/chrome-devtools/resourceDocumentIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourceDocumentIcon.png
diff --git a/libmproxy/web/static/images/chrome-devtools/resourceJSIcon.png b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourceJSIcon.png
index c1b72189..c1b72189 100644
--- a/libmproxy/web/static/images/chrome-devtools/resourceJSIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourceJSIcon.png
diff --git a/libmproxy/web/static/images/chrome-devtools/resourcePlainIcon.png b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourcePlainIcon.png
index 8c82a4c7..8c82a4c7 100644
--- a/libmproxy/web/static/images/chrome-devtools/resourcePlainIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/chrome-devtools/resourcePlainIcon.png
diff --git a/libmproxy/web/static/images/resourceExecutableIcon.png b/mitmproxy/libmproxy/web/static/images/resourceExecutableIcon.png
index fa70c2fd..fa70c2fd 100644
--- a/libmproxy/web/static/images/resourceExecutableIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/resourceExecutableIcon.png
diff --git a/libmproxy/web/static/images/resourceFlashIcon.png b/mitmproxy/libmproxy/web/static/images/resourceFlashIcon.png
index ead5a4d0..ead5a4d0 100644
--- a/libmproxy/web/static/images/resourceFlashIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/resourceFlashIcon.png
diff --git a/libmproxy/web/static/images/resourceImageIcon.png b/mitmproxy/libmproxy/web/static/images/resourceImageIcon.png
index 23163042..23163042 100644
--- a/libmproxy/web/static/images/resourceImageIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/resourceImageIcon.png
diff --git a/libmproxy/web/static/images/resourceJavaIcon.png b/mitmproxy/libmproxy/web/static/images/resourceJavaIcon.png
index 553b3391..553b3391 100644
--- a/libmproxy/web/static/images/resourceJavaIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/resourceJavaIcon.png
diff --git a/libmproxy/web/static/images/resourceNotModifiedIcon.png b/mitmproxy/libmproxy/web/static/images/resourceNotModifiedIcon.png
index 9c6a879d..9c6a879d 100644
--- a/libmproxy/web/static/images/resourceNotModifiedIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/resourceNotModifiedIcon.png
diff --git a/libmproxy/web/static/images/resourceRedirectIcon.png b/mitmproxy/libmproxy/web/static/images/resourceRedirectIcon.png
index 58fe3ac1..58fe3ac1 100644
--- a/libmproxy/web/static/images/resourceRedirectIcon.png
+++ b/mitmproxy/libmproxy/web/static/images/resourceRedirectIcon.png
diff --git a/libmproxy/web/static/vendor.css b/mitmproxy/libmproxy/web/static/vendor.css
index 4ed1f0b8..4ed1f0b8 100644
--- a/libmproxy/web/static/vendor.css
+++ b/mitmproxy/libmproxy/web/static/vendor.css
diff --git a/libmproxy/web/static/vendor.js b/mitmproxy/libmproxy/web/static/vendor.js
index 59d10445..59d10445 100644
--- a/libmproxy/web/static/vendor.js
+++ b/mitmproxy/libmproxy/web/static/vendor.js
diff --git a/libmproxy/web/templates/index.html b/mitmproxy/libmproxy/web/templates/index.html
index 5f2c6d5e..5f2c6d5e 100644
--- a/libmproxy/web/templates/index.html
+++ b/mitmproxy/libmproxy/web/templates/index.html
diff --git a/libmproxy/webfonts/fontawesome-webfont.eot b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.eot
index 84677bc0..84677bc0 100644
--- a/libmproxy/webfonts/fontawesome-webfont.eot
+++ b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.eot
diff --git a/libmproxy/webfonts/fontawesome-webfont.svg b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.svg
index d907b25a..d907b25a 100644
--- a/libmproxy/webfonts/fontawesome-webfont.svg
+++ b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.svg
diff --git a/libmproxy/webfonts/fontawesome-webfont.ttf b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.ttf
index 96a3639c..96a3639c 100644
--- a/libmproxy/webfonts/fontawesome-webfont.ttf
+++ b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.ttf
diff --git a/libmproxy/webfonts/fontawesome-webfont.woff b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.woff
index 628b6a52..628b6a52 100644
--- a/libmproxy/webfonts/fontawesome-webfont.woff
+++ b/mitmproxy/libmproxy/webfonts/fontawesome-webfont.woff
diff --git a/mitmdump b/mitmproxy/mitmdump
index 16087f61..16087f61 100755..100644
--- a/mitmdump
+++ b/mitmproxy/mitmdump
diff --git a/mitmproxy b/mitmproxy/mitmproxy
index b7c5c94e..b7c5c94e 100755..100644
--- a/mitmproxy
+++ b/mitmproxy/mitmproxy
diff --git a/mitmweb b/mitmproxy/mitmweb
index d709811b..d709811b 100755..100644
--- a/mitmweb
+++ b/mitmproxy/mitmweb
diff --git a/setup.cfg b/mitmproxy/setup.cfg
index 1151288f..1151288f 100644
--- a/setup.cfg
+++ b/mitmproxy/setup.cfg
diff --git a/setup.py b/mitmproxy/setup.py
index 52c7e6be..5bce0c5a 100644
--- a/setup.py
+++ b/mitmproxy/setup.py
@@ -1,13 +1,16 @@
 from setuptools import setup, find_packages
 from codecs import open
 import os
-from libmproxy import version
+import sys
 
 # Based on https://github.com/pypa/sampleproject/blob/master/setup.py
 # and https://python-packaging-user-guide.readthedocs.org/
 
 here = os.path.abspath(os.path.dirname(__file__))
 
+sys.path.append(os.path.join(here, "..", "netlib"))
+from libmproxy import version
+
 with open(os.path.join(here, 'README.rst'), encoding='utf-8') as f:
     long_description = f.read()
 
diff --git a/web/.bowerrc b/mitmproxy/web/.bowerrc
index 5e6701af..5e6701af 100644
--- a/web/.bowerrc
+++ b/mitmproxy/web/.bowerrc
diff --git a/web/.eslintrc b/mitmproxy/web/.eslintrc
index df187739..df187739 100644
--- a/web/.eslintrc
+++ b/mitmproxy/web/.eslintrc
diff --git a/web/README b/mitmproxy/web/README
index 63c3e6e0..63c3e6e0 100644
--- a/web/README
+++ b/mitmproxy/web/README
diff --git a/web/conf.js b/mitmproxy/web/conf.js
index 7c520973..7c520973 100644
--- a/web/conf.js
+++ b/mitmproxy/web/conf.js
diff --git a/web/gulpfile.js b/mitmproxy/web/gulpfile.js
index 83893c91..83893c91 100644
--- a/web/gulpfile.js
+++ b/mitmproxy/web/gulpfile.js
diff --git a/web/package.json b/mitmproxy/web/package.json
index 5bcbdd87..5bcbdd87 100644
--- a/web/package.json
+++ b/mitmproxy/web/package.json
diff --git a/web/src/css/app.less b/mitmproxy/web/src/css/app.less
index 046d378a..046d378a 100644
--- a/web/src/css/app.less
+++ b/mitmproxy/web/src/css/app.less
diff --git a/web/src/css/eventlog.less b/mitmproxy/web/src/css/eventlog.less
index 26dea3cc..26dea3cc 100644
--- a/web/src/css/eventlog.less
+++ b/mitmproxy/web/src/css/eventlog.less
diff --git a/web/src/css/flowdetail.less b/mitmproxy/web/src/css/flowdetail.less
index edf97566..edf97566 100644
--- a/web/src/css/flowdetail.less
+++ b/mitmproxy/web/src/css/flowdetail.less
diff --git a/web/src/css/flowtable.less b/mitmproxy/web/src/css/flowtable.less
index 3533983c..3533983c 100644
--- a/web/src/css/flowtable.less
+++ b/mitmproxy/web/src/css/flowtable.less
diff --git a/web/src/css/flowview.less b/mitmproxy/web/src/css/flowview.less
index aa8a2df2..aa8a2df2 100644
--- a/web/src/css/flowview.less
+++ b/mitmproxy/web/src/css/flowview.less
diff --git a/web/src/css/footer.less b/mitmproxy/web/src/css/footer.less
index c041a022..c041a022 100644
--- a/web/src/css/footer.less
+++ b/mitmproxy/web/src/css/footer.less
diff --git a/web/src/css/header.less b/mitmproxy/web/src/css/header.less
index 8fa5e37f..8fa5e37f 100644
--- a/web/src/css/header.less
+++ b/mitmproxy/web/src/css/header.less
diff --git a/web/src/css/layout.less b/mitmproxy/web/src/css/layout.less
index 1075d6c9..1075d6c9 100644
--- a/web/src/css/layout.less
+++ b/mitmproxy/web/src/css/layout.less
diff --git a/web/src/css/prompt.less b/mitmproxy/web/src/css/prompt.less
index eee0426d..eee0426d 100644
--- a/web/src/css/prompt.less
+++ b/mitmproxy/web/src/css/prompt.less
diff --git a/web/src/css/sprites.less b/mitmproxy/web/src/css/sprites.less
index 74131c5e..74131c5e 100644
--- a/web/src/css/sprites.less
+++ b/mitmproxy/web/src/css/sprites.less
diff --git a/web/src/css/tabs.less b/mitmproxy/web/src/css/tabs.less
index 43f7264e..43f7264e 100644
--- a/web/src/css/tabs.less
+++ b/mitmproxy/web/src/css/tabs.less
diff --git a/web/src/css/vendor-bootstrap-variables.less b/mitmproxy/web/src/css/vendor-bootstrap-variables.less
index e2c37bf5..e2c37bf5 100644
--- a/web/src/css/vendor-bootstrap-variables.less
+++ b/mitmproxy/web/src/css/vendor-bootstrap-variables.less
diff --git a/web/src/css/vendor-bootstrap.less b/mitmproxy/web/src/css/vendor-bootstrap.less
index 35fda379..35fda379 100644
--- a/web/src/css/vendor-bootstrap.less
+++ b/mitmproxy/web/src/css/vendor-bootstrap.less
diff --git a/web/src/css/vendor.less b/mitmproxy/web/src/css/vendor.less
index e91ae3a8..e91ae3a8 100644
--- a/web/src/css/vendor.less
+++ b/mitmproxy/web/src/css/vendor.less
diff --git a/web/src/fonts/FontAwesome.otf b/mitmproxy/web/src/fonts/FontAwesome.otf
index 81c9ad94..81c9ad94 100644
--- a/web/src/fonts/FontAwesome.otf
+++ b/mitmproxy/web/src/fonts/FontAwesome.otf
diff --git a/web/src/fonts/README b/mitmproxy/web/src/fonts/README
index 218a78e1..218a78e1 100644
--- a/web/src/fonts/README
+++ b/mitmproxy/web/src/fonts/README
diff --git a/web/src/fonts/font-awesome.css b/mitmproxy/web/src/fonts/font-awesome.css
index 9eb5d5b7..9eb5d5b7 100644
--- a/web/src/fonts/font-awesome.css
+++ b/mitmproxy/web/src/fonts/font-awesome.css
diff --git a/web/src/fonts/fontawesome-webfont.eot b/mitmproxy/web/src/fonts/fontawesome-webfont.eot
index 84677bc0..84677bc0 100644
--- a/web/src/fonts/fontawesome-webfont.eot
+++ b/mitmproxy/web/src/fonts/fontawesome-webfont.eot
diff --git a/web/src/fonts/fontawesome-webfont.svg b/mitmproxy/web/src/fonts/fontawesome-webfont.svg
index d907b25a..d907b25a 100644
--- a/web/src/fonts/fontawesome-webfont.svg
+++ b/mitmproxy/web/src/fonts/fontawesome-webfont.svg
diff --git a/web/src/fonts/fontawesome-webfont.ttf b/mitmproxy/web/src/fonts/fontawesome-webfont.ttf
index 96a3639c..96a3639c 100644
--- a/web/src/fonts/fontawesome-webfont.ttf
+++ b/mitmproxy/web/src/fonts/fontawesome-webfont.ttf
diff --git a/web/src/fonts/fontawesome-webfont.woff b/mitmproxy/web/src/fonts/fontawesome-webfont.woff
index 628b6a52..628b6a52 100644
--- a/web/src/fonts/fontawesome-webfont.woff
+++ b/mitmproxy/web/src/fonts/fontawesome-webfont.woff
diff --git a/web/src/images/chrome-devtools/LICENSE b/mitmproxy/web/src/images/chrome-devtools/LICENSE
index 6e4f8b9f..6e4f8b9f 100644
--- a/web/src/images/chrome-devtools/LICENSE
+++ b/mitmproxy/web/src/images/chrome-devtools/LICENSE
diff --git a/web/src/images/chrome-devtools/resourceCSSIcon.png b/mitmproxy/web/src/images/chrome-devtools/resourceCSSIcon.png
index 18828d06..18828d06 100644
--- a/web/src/images/chrome-devtools/resourceCSSIcon.png
+++ b/mitmproxy/web/src/images/chrome-devtools/resourceCSSIcon.png
diff --git a/web/src/images/chrome-devtools/resourceDocumentIcon.png b/mitmproxy/web/src/images/chrome-devtools/resourceDocumentIcon.png
index fdc10e47..fdc10e47 100644
--- a/web/src/images/chrome-devtools/resourceDocumentIcon.png
+++ b/mitmproxy/web/src/images/chrome-devtools/resourceDocumentIcon.png
diff --git a/web/src/images/chrome-devtools/resourceJSIcon.png b/mitmproxy/web/src/images/chrome-devtools/resourceJSIcon.png
index c1b72189..c1b72189 100644
--- a/web/src/images/chrome-devtools/resourceJSIcon.png
+++ b/mitmproxy/web/src/images/chrome-devtools/resourceJSIcon.png
diff --git a/web/src/images/chrome-devtools/resourcePlainIcon.png b/mitmproxy/web/src/images/chrome-devtools/resourcePlainIcon.png
index 8c82a4c7..8c82a4c7 100644
--- a/web/src/images/chrome-devtools/resourcePlainIcon.png
+++ b/mitmproxy/web/src/images/chrome-devtools/resourcePlainIcon.png
diff --git a/web/src/images/resourceExecutableIcon.png b/mitmproxy/web/src/images/resourceExecutableIcon.png
index fa70c2fd..fa70c2fd 100644
--- a/web/src/images/resourceExecutableIcon.png
+++ b/mitmproxy/web/src/images/resourceExecutableIcon.png
diff --git a/web/src/images/resourceFlashIcon.png b/mitmproxy/web/src/images/resourceFlashIcon.png
index ead5a4d0..ead5a4d0 100644
--- a/web/src/images/resourceFlashIcon.png
+++ b/mitmproxy/web/src/images/resourceFlashIcon.png
diff --git a/web/src/images/resourceImageIcon.png b/mitmproxy/web/src/images/resourceImageIcon.png
index 23163042..23163042 100644
--- a/web/src/images/resourceImageIcon.png
+++ b/mitmproxy/web/src/images/resourceImageIcon.png
diff --git a/web/src/images/resourceJavaIcon.png b/mitmproxy/web/src/images/resourceJavaIcon.png
index 553b3391..553b3391 100644
--- a/web/src/images/resourceJavaIcon.png
+++ b/mitmproxy/web/src/images/resourceJavaIcon.png
diff --git a/web/src/images/resourceNotModifiedIcon.png b/mitmproxy/web/src/images/resourceNotModifiedIcon.png
index 9c6a879d..9c6a879d 100644
--- a/web/src/images/resourceNotModifiedIcon.png
+++ b/mitmproxy/web/src/images/resourceNotModifiedIcon.png
diff --git a/web/src/images/resourceRedirectIcon.png b/mitmproxy/web/src/images/resourceRedirectIcon.png
index 58fe3ac1..58fe3ac1 100644
--- a/web/src/images/resourceRedirectIcon.png
+++ b/mitmproxy/web/src/images/resourceRedirectIcon.png
diff --git a/web/src/js/actions.js b/mitmproxy/web/src/js/actions.js
index 2455a52e..2455a52e 100644
--- a/web/src/js/actions.js
+++ b/mitmproxy/web/src/js/actions.js
diff --git a/web/src/js/app.js b/mitmproxy/web/src/js/app.js
index 9fb868b8..9fb868b8 100644
--- a/web/src/js/app.js
+++ b/mitmproxy/web/src/js/app.js
diff --git a/web/src/js/components/common.js b/mitmproxy/web/src/js/components/common.js
index 965ae9a7..965ae9a7 100644
--- a/web/src/js/components/common.js
+++ b/mitmproxy/web/src/js/components/common.js
diff --git a/web/src/js/components/editor.js b/mitmproxy/web/src/js/components/editor.js
index f2d44566..f2d44566 100644
--- a/web/src/js/components/editor.js
+++ b/mitmproxy/web/src/js/components/editor.js
diff --git a/web/src/js/components/eventlog.js b/mitmproxy/web/src/js/components/eventlog.js
index fea7b247..fea7b247 100644
--- a/web/src/js/components/eventlog.js
+++ b/mitmproxy/web/src/js/components/eventlog.js
diff --git a/web/src/js/components/flowtable-columns.js b/mitmproxy/web/src/js/components/flowtable-columns.js
index 74d96216..74d96216 100644
--- a/web/src/js/components/flowtable-columns.js
+++ b/mitmproxy/web/src/js/components/flowtable-columns.js
diff --git a/web/src/js/components/flowtable.js b/mitmproxy/web/src/js/components/flowtable.js
index 609034f6..609034f6 100644
--- a/web/src/js/components/flowtable.js
+++ b/mitmproxy/web/src/js/components/flowtable.js
diff --git a/web/src/js/components/flowview/contentview.js b/mitmproxy/web/src/js/components/flowview/contentview.js
index 63d22c1c..63d22c1c 100644
--- a/web/src/js/components/flowview/contentview.js
+++ b/mitmproxy/web/src/js/components/flowview/contentview.js
diff --git a/web/src/js/components/flowview/details.js b/mitmproxy/web/src/js/components/flowview/details.js
index 00e0116c..00e0116c 100644
--- a/web/src/js/components/flowview/details.js
+++ b/mitmproxy/web/src/js/components/flowview/details.js
diff --git a/web/src/js/components/flowview/index.js b/mitmproxy/web/src/js/components/flowview/index.js
index 739a46dc..739a46dc 100644
--- a/web/src/js/components/flowview/index.js
+++ b/mitmproxy/web/src/js/components/flowview/index.js
diff --git a/web/src/js/components/flowview/messages.js b/mitmproxy/web/src/js/components/flowview/messages.js
index 7ac95d85..7ac95d85 100644
--- a/web/src/js/components/flowview/messages.js
+++ b/mitmproxy/web/src/js/components/flowview/messages.js
diff --git a/web/src/js/components/flowview/nav.js b/mitmproxy/web/src/js/components/flowview/nav.js
index 46eda707..46eda707 100644
--- a/web/src/js/components/flowview/nav.js
+++ b/mitmproxy/web/src/js/components/flowview/nav.js
diff --git a/web/src/js/components/footer.js b/mitmproxy/web/src/js/components/footer.js
index 229d691b..229d691b 100644
--- a/web/src/js/components/footer.js
+++ b/mitmproxy/web/src/js/components/footer.js
diff --git a/web/src/js/components/header.js b/mitmproxy/web/src/js/components/header.js
index 998a41df..998a41df 100644
--- a/web/src/js/components/header.js
+++ b/mitmproxy/web/src/js/components/header.js
diff --git a/web/src/js/components/mainview.js b/mitmproxy/web/src/js/components/mainview.js
index 9ff51dfa..9ff51dfa 100644
--- a/web/src/js/components/mainview.js
+++ b/mitmproxy/web/src/js/components/mainview.js
diff --git a/web/src/js/components/prompt.js b/mitmproxy/web/src/js/components/prompt.js
index 121a1170..121a1170 100644
--- a/web/src/js/components/prompt.js
+++ b/mitmproxy/web/src/js/components/prompt.js
diff --git a/web/src/js/components/proxyapp.js b/mitmproxy/web/src/js/components/proxyapp.js
index e766d6e6..e766d6e6 100644
--- a/web/src/js/components/proxyapp.js
+++ b/mitmproxy/web/src/js/components/proxyapp.js
diff --git a/web/src/js/components/virtualscroll.js b/mitmproxy/web/src/js/components/virtualscroll.js
index 956e1a0b..956e1a0b 100644
--- a/web/src/js/components/virtualscroll.js
+++ b/mitmproxy/web/src/js/components/virtualscroll.js
diff --git a/web/src/js/connection.js b/mitmproxy/web/src/js/connection.js
index 5e229b6e..5e229b6e 100644
--- a/web/src/js/connection.js
+++ b/mitmproxy/web/src/js/connection.js
diff --git a/web/src/js/dispatcher.js b/mitmproxy/web/src/js/dispatcher.js
index 0c2aa202..0c2aa202 100644
--- a/web/src/js/dispatcher.js
+++ b/mitmproxy/web/src/js/dispatcher.js
diff --git a/web/src/js/filt/filt.js b/mitmproxy/web/src/js/filt/filt.js
index 45b42f3a..45b42f3a 100644
--- a/web/src/js/filt/filt.js
+++ b/mitmproxy/web/src/js/filt/filt.js
diff --git a/web/src/js/filt/filt.peg b/mitmproxy/web/src/js/filt/filt.peg
index 6f9bdac6..6f9bdac6 100644
--- a/web/src/js/filt/filt.peg
+++ b/mitmproxy/web/src/js/filt/filt.peg
diff --git a/web/src/js/flow/utils.js b/mitmproxy/web/src/js/flow/utils.js
index d72febaa..d72febaa 100644
--- a/web/src/js/flow/utils.js
+++ b/mitmproxy/web/src/js/flow/utils.js
diff --git a/web/src/js/store/store.js b/mitmproxy/web/src/js/store/store.js
index 5024049f..5024049f 100644
--- a/web/src/js/store/store.js
+++ b/mitmproxy/web/src/js/store/store.js
diff --git a/web/src/js/store/view.js b/mitmproxy/web/src/js/store/view.js
index d628d46b..d628d46b 100644
--- a/web/src/js/store/view.js
+++ b/mitmproxy/web/src/js/store/view.js
diff --git a/web/src/js/tests/utils.js b/mitmproxy/web/src/js/tests/utils.js
index dfbb9ba6..dfbb9ba6 100644
--- a/web/src/js/tests/utils.js
+++ b/mitmproxy/web/src/js/tests/utils.js
diff --git a/web/src/js/utils.js b/mitmproxy/web/src/js/utils.js
index 40575692..40575692 100644
--- a/web/src/js/utils.js
+++ b/mitmproxy/web/src/js/utils.js
diff --git a/web/src/templates/index.html b/mitmproxy/web/src/templates/index.html
index 5f2c6d5e..5f2c6d5e 100644
--- a/web/src/templates/index.html
+++ b/mitmproxy/web/src/templates/index.html
diff --git a/netlib/MANIFEST.in b/netlib/MANIFEST.in
new file mode 100644
index 00000000..db0e2ed6
--- /dev/null
+++ b/netlib/MANIFEST.in
@@ -0,0 +1,4 @@
+include LICENSE CONTRIBUTORS README.rst
+graft test
+prune test/tools
+recursive-exclude * *.pyc *.pyo *.swo *.swp
\ No newline at end of file
diff --git a/netlib/README.rst b/netlib/README.rst
new file mode 100644
index 00000000..16bd65a7
--- /dev/null
+++ b/netlib/README.rst
@@ -0,0 +1,35 @@
+|travis| |coveralls| |downloads| |latest_release| |python_versions|
+
+Netlib is a collection of network utility classes, used by the pathod and
+mitmproxy projects. It differs from other projects in some fundamental
+respects, because both pathod and mitmproxy often need to violate standards.
+This means that protocols are implemented as small, well-contained and flexible
+functions, and are designed to allow misbehaviour when needed.
+
+
+Development
+-----------
+
+If you'd like to work on netlib, check out the instructions in mitmproxy's README_.
+
+.. |travis| image:: https://shields.mitmproxy.org/travis/mitmproxy/netlib/master.svg
+    :target: https://travis-ci.org/mitmproxy/netlib
+    :alt: Build Status
+
+.. |coveralls| image:: https://shields.mitmproxy.org/coveralls/mitmproxy/netlib/master.svg
+    :target: https://coveralls.io/r/mitmproxy/netlib
+    :alt: Coverage Status
+
+.. |downloads| image:: https://shields.mitmproxy.org/pypi/dm/netlib.svg?color=orange
+    :target: https://pypi.python.org/pypi/netlib
+    :alt: Downloads
+
+.. |latest_release| image:: https://shields.mitmproxy.org/pypi/v/netlib.svg
+    :target: https://pypi.python.org/pypi/netlib
+    :alt: Latest Version
+
+.. |python_versions| image:: https://shields.mitmproxy.org/pypi/pyversions/netlib.svg
+    :target: https://pypi.python.org/pypi/netlib
+    :alt: Supported Python versions
+
+.. _README: https://github.com/mitmproxy/mitmproxy#hacking
\ No newline at end of file
diff --git a/netlib/netlib/__init__.py b/netlib/netlib/__init__.py
new file mode 100644
index 00000000..9b4faa33
--- /dev/null
+++ b/netlib/netlib/__init__.py
@@ -0,0 +1 @@
+from __future__ import (absolute_import, print_function, division)
diff --git a/netlib/netlib/certutils.py b/netlib/netlib/certutils.py
new file mode 100644
index 00000000..616a778e
--- /dev/null
+++ b/netlib/netlib/certutils.py
@@ -0,0 +1,472 @@
+from __future__ import (absolute_import, print_function, division)
+import os
+import ssl
+import time
+import datetime
+from six.moves import filter
+import ipaddress
+
+import sys
+from pyasn1.type import univ, constraint, char, namedtype, tag
+from pyasn1.codec.der.decoder import decode
+from pyasn1.error import PyAsn1Error
+import OpenSSL
+
+from .utils import Serializable
+
+# Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
+
+DEFAULT_EXP = 94608000  # = 24 * 60 * 60 * 365 * 3
+# Generated with "openssl dhparam". It's too slow to generate this on startup.
+DEFAULT_DHPARAM = b"""
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAyT6LzpwVFS3gryIo29J5icvgxCnCebcdSe/NHMkD8dKJf8suFCg3
+O2+dguLakSVif/t6dhImxInJk230HmfC8q93hdcg/j8rLGJYDKu3ik6H//BAHKIv
+j5O9yjU3rXCfmVJQic2Nne39sg3CreAepEts2TvYHhVv3TEAzEqCtOuTjgDv0ntJ
+Gwpj+BJBRQGG9NvprX1YGJ7WOFBP/hWU7d6tgvE6Xa7T/u9QIKpYHMIkcN/l3ZFB
+chZEqVlyrcngtSXCROTPcDOQ6Q8QzhaBJS+Z6rcsd7X+haiQqvoFcmaJ08Ks6LQC
+ZIL2EtYJw8V8z7C0igVEBIADZBI6OTbuuhDwRw//zU1uq52Oc48CIZlGxTYG/Evq
+o9EWAXUYVzWkDSTeBH1r4z/qLPE2cnhtMxbFxuvK53jGB0emy2y1Ei6IhKshJ5qX
+IB/aE7SSHyQ3MDHHkCmQJCsOd4Mo26YX61NZ+n501XjqpCBQ2+DfZCBh8Va2wDyv
+A2Ryg9SUz8j0AXViRNMJgJrr446yro/FuJZwnQcO3WQnXeqSBnURqKjmqkeFP+d8
+6mk2tqJaY507lRNqtGlLnj7f5RNoBFJDCLBNurVgfvq9TCVWKDIFD4vZRjCrnl6I
+rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
+-----END DH PARAMETERS-----
+"""
+
+
+def create_ca(o, cn, exp):
+    key = OpenSSL.crypto.PKey()
+    key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
+    cert = OpenSSL.crypto.X509()
+    cert.set_serial_number(int(time.time() * 10000))
+    cert.set_version(2)
+    cert.get_subject().CN = cn
+    cert.get_subject().O = o
+    cert.gmtime_adj_notBefore(-3600 * 48)
+    cert.gmtime_adj_notAfter(exp)
+    cert.set_issuer(cert.get_subject())
+    cert.set_pubkey(key)
+    cert.add_extensions([
+        OpenSSL.crypto.X509Extension(
+            b"basicConstraints",
+            True,
+            b"CA:TRUE"
+        ),
+        OpenSSL.crypto.X509Extension(
+            b"nsCertType",
+            False,
+            b"sslCA"
+        ),
+        OpenSSL.crypto.X509Extension(
+            b"extendedKeyUsage",
+            False,
+            b"serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"
+        ),
+        OpenSSL.crypto.X509Extension(
+            b"keyUsage",
+            True,
+            b"keyCertSign, cRLSign"
+        ),
+        OpenSSL.crypto.X509Extension(
+            b"subjectKeyIdentifier",
+            False,
+            b"hash",
+            subject=cert
+        ),
+    ])
+    cert.sign(key, "sha256")
+    return key, cert
+
+
+def dummy_cert(privkey, cacert, commonname, sans):
+    """
+        Generates a dummy certificate.
+
+        privkey: CA private key
+        cacert: CA certificate
+        commonname: Common name for the generated certificate.
+        sans: A list of Subject Alternate Names.
+
+        Returns cert if operation succeeded, None if not.
+    """
+    ss = []
+    for i in sans:
+        try:
+            ipaddress.ip_address(i.decode("ascii"))
+        except ValueError:
+            ss.append(b"DNS: %s" % i)
+        else:
+            ss.append(b"IP: %s" % i)
+    ss = b", ".join(ss)
+
+    cert = OpenSSL.crypto.X509()
+    cert.gmtime_adj_notBefore(-3600 * 48)
+    cert.gmtime_adj_notAfter(DEFAULT_EXP)
+    cert.set_issuer(cacert.get_subject())
+    if commonname is not None:
+        cert.get_subject().CN = commonname
+    cert.set_serial_number(int(time.time() * 10000))
+    if ss:
+        cert.set_version(2)
+        cert.add_extensions(
+            [OpenSSL.crypto.X509Extension(b"subjectAltName", False, ss)])
+    cert.set_pubkey(cacert.get_pubkey())
+    cert.sign(privkey, "sha256")
+    return SSLCert(cert)
+
+
+# DNTree did not pass TestCertStore.test_sans_change and is temporarily replaced by a simple dict.
+#
+# class _Node(UserDict.UserDict):
+#     def __init__(self):
+#         UserDict.UserDict.__init__(self)
+#         self.value = None
+#
+#
+# class DNTree:
+#     """
+#         Domain store that knows about wildcards. DNS wildcards are very
+#         restricted - the only valid variety is an asterisk on the left-most
+#         domain component, i.e.:
+#
+#             *.foo.com
+#     """
+#     def __init__(self):
+#         self.d = _Node()
+#
+#     def add(self, dn, cert):
+#         parts = dn.split(".")
+#         parts.reverse()
+#         current = self.d
+#         for i in parts:
+#             current = current.setdefault(i, _Node())
+#         current.value = cert
+#
+#     def get(self, dn):
+#         parts = dn.split(".")
+#         current = self.d
+#         for i in reversed(parts):
+#             if i in current:
+#                 current = current[i]
+#             elif "*" in current:
+#                 return current["*"].value
+#             else:
+#                 return None
+#         return current.value
+
+
+class CertStoreEntry(object):
+
+    def __init__(self, cert, privatekey, chain_file):
+        self.cert = cert
+        self.privatekey = privatekey
+        self.chain_file = chain_file
+
+
+class CertStore(object):
+
+    """
+        Implements an in-memory certificate store.
+    """
+
+    def __init__(
+            self,
+            default_privatekey,
+            default_ca,
+            default_chain_file,
+            dhparams):
+        self.default_privatekey = default_privatekey
+        self.default_ca = default_ca
+        self.default_chain_file = default_chain_file
+        self.dhparams = dhparams
+        self.certs = dict()
+
+    @staticmethod
+    def load_dhparam(path):
+
+        # netlib<=0.10 doesn't generate a dhparam file.
+        # Create it now if neccessary.
+        if not os.path.exists(path):
+            with open(path, "wb") as f:
+                f.write(DEFAULT_DHPARAM)
+
+        bio = OpenSSL.SSL._lib.BIO_new_file(path.encode(sys.getfilesystemencoding()), b"r")
+        if bio != OpenSSL.SSL._ffi.NULL:
+            bio = OpenSSL.SSL._ffi.gc(bio, OpenSSL.SSL._lib.BIO_free)
+            dh = OpenSSL.SSL._lib.PEM_read_bio_DHparams(
+                bio,
+                OpenSSL.SSL._ffi.NULL,
+                OpenSSL.SSL._ffi.NULL,
+                OpenSSL.SSL._ffi.NULL)
+            dh = OpenSSL.SSL._ffi.gc(dh, OpenSSL.SSL._lib.DH_free)
+            return dh
+
+    @classmethod
+    def from_store(cls, path, basename):
+        ca_path = os.path.join(path, basename + "-ca.pem")
+        if not os.path.exists(ca_path):
+            key, ca = cls.create_store(path, basename)
+        else:
+            with open(ca_path, "rb") as f:
+                raw = f.read()
+            ca = OpenSSL.crypto.load_certificate(
+                OpenSSL.crypto.FILETYPE_PEM,
+                raw)
+            key = OpenSSL.crypto.load_privatekey(
+                OpenSSL.crypto.FILETYPE_PEM,
+                raw)
+        dh_path = os.path.join(path, basename + "-dhparam.pem")
+        dh = cls.load_dhparam(dh_path)
+        return cls(key, ca, ca_path, dh)
+
+    @staticmethod
+    def create_store(path, basename, o=None, cn=None, expiry=DEFAULT_EXP):
+        if not os.path.exists(path):
+            os.makedirs(path)
+
+        o = o or basename
+        cn = cn or basename
+
+        key, ca = create_ca(o=o, cn=cn, exp=expiry)
+        # Dump the CA plus private key
+        with open(os.path.join(path, basename + "-ca.pem"), "wb") as f:
+            f.write(
+                OpenSSL.crypto.dump_privatekey(
+                    OpenSSL.crypto.FILETYPE_PEM,
+                    key))
+            f.write(
+                OpenSSL.crypto.dump_certificate(
+                    OpenSSL.crypto.FILETYPE_PEM,
+                    ca))
+
+        # Dump the certificate in PEM format
+        with open(os.path.join(path, basename + "-ca-cert.pem"), "wb") as f:
+            f.write(
+                OpenSSL.crypto.dump_certificate(
+                    OpenSSL.crypto.FILETYPE_PEM,
+                    ca))
+
+        # Create a .cer file with the same contents for Android
+        with open(os.path.join(path, basename + "-ca-cert.cer"), "wb") as f:
+            f.write(
+                OpenSSL.crypto.dump_certificate(
+                    OpenSSL.crypto.FILETYPE_PEM,
+                    ca))
+
+        # Dump the certificate in PKCS12 format for Windows devices
+        with open(os.path.join(path, basename + "-ca-cert.p12"), "wb") as f:
+            p12 = OpenSSL.crypto.PKCS12()
+            p12.set_certificate(ca)
+            p12.set_privatekey(key)
+            f.write(p12.export())
+
+        with open(os.path.join(path, basename + "-dhparam.pem"), "wb") as f:
+            f.write(DEFAULT_DHPARAM)
+
+        return key, ca
+
+    def add_cert_file(self, spec, path):
+        with open(path, "rb") as f:
+            raw = f.read()
+        cert = SSLCert(
+            OpenSSL.crypto.load_certificate(
+                OpenSSL.crypto.FILETYPE_PEM,
+                raw))
+        try:
+            privatekey = OpenSSL.crypto.load_privatekey(
+                OpenSSL.crypto.FILETYPE_PEM,
+                raw)
+        except Exception:
+            privatekey = self.default_privatekey
+        self.add_cert(
+            CertStoreEntry(cert, privatekey, path),
+            spec
+        )
+
+    def add_cert(self, entry, *names):
+        """
+            Adds a cert to the certstore. We register the CN in the cert plus
+            any SANs, and also the list of names provided as an argument.
+        """
+        if entry.cert.cn:
+            self.certs[entry.cert.cn] = entry
+        for i in entry.cert.altnames:
+            self.certs[i] = entry
+        for i in names:
+            self.certs[i] = entry
+
+    @staticmethod
+    def asterisk_forms(dn):
+        if dn is None:
+            return []
+        parts = dn.split(b".")
+        parts.reverse()
+        curr_dn = b""
+        dn_forms = [b"*"]
+        for part in parts[:-1]:
+            curr_dn = b"." + part + curr_dn  # .example.com
+            dn_forms.append(b"*" + curr_dn)   # *.example.com
+        if parts[-1] != b"*":
+            dn_forms.append(parts[-1] + curr_dn)
+        return dn_forms
+
+    def get_cert(self, commonname, sans):
+        """
+            Returns an (cert, privkey, cert_chain) tuple.
+
+            commonname: Common name for the generated certificate. Must be a
+            valid, plain-ASCII, IDNA-encoded domain name.
+
+            sans: A list of Subject Alternate Names.
+        """
+
+        potential_keys = self.asterisk_forms(commonname)
+        for s in sans:
+            potential_keys.extend(self.asterisk_forms(s))
+        potential_keys.append((commonname, tuple(sans)))
+
+        name = next(
+            filter(lambda key: key in self.certs, potential_keys),
+            None
+        )
+        if name:
+            entry = self.certs[name]
+        else:
+            entry = CertStoreEntry(
+                cert=dummy_cert(
+                    self.default_privatekey,
+                    self.default_ca,
+                    commonname,
+                    sans),
+                privatekey=self.default_privatekey,
+                chain_file=self.default_chain_file)
+            self.certs[(commonname, tuple(sans))] = entry
+
+        return entry.cert, entry.privatekey, entry.chain_file
+
+
+class _GeneralName(univ.Choice):
+    # We are only interested in dNSNames. We use a default handler to ignore
+    # other types.
+    # TODO: We should also handle iPAddresses.
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('dNSName', char.IA5String().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
+        )
+        ),
+    )
+
+
+class _GeneralNames(univ.SequenceOf):
+    componentType = _GeneralName()
+    sizeSpec = univ.SequenceOf.sizeSpec + \
+        constraint.ValueSizeConstraint(1, 1024)
+
+
+class SSLCert(Serializable):
+
+    def __init__(self, cert):
+        """
+            Returns a (common name, [subject alternative names]) tuple.
+        """
+        self.x509 = cert
+
+    def __eq__(self, other):
+        return self.digest("sha256") == other.digest("sha256")
+
+    def __ne__(self, other):
+        return not self.__eq__(other)
+
+    def get_state(self):
+        return self.to_pem()
+
+    def set_state(self, state):
+        self.x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, state)
+
+    @classmethod
+    def from_state(cls, state):
+        cls.from_pem(state)
+
+    @classmethod
+    def from_pem(cls, txt):
+        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, txt)
+        return cls(x509)
+
+    @classmethod
+    def from_der(cls, der):
+        pem = ssl.DER_cert_to_PEM_cert(der)
+        return cls.from_pem(pem)
+
+    def to_pem(self):
+        return OpenSSL.crypto.dump_certificate(
+            OpenSSL.crypto.FILETYPE_PEM,
+            self.x509)
+
+    def digest(self, name):
+        return self.x509.digest(name)
+
+    @property
+    def issuer(self):
+        return self.x509.get_issuer().get_components()
+
+    @property
+    def notbefore(self):
+        t = self.x509.get_notBefore()
+        return datetime.datetime.strptime(t.decode("ascii"), "%Y%m%d%H%M%SZ")
+
+    @property
+    def notafter(self):
+        t = self.x509.get_notAfter()
+        return datetime.datetime.strptime(t.decode("ascii"), "%Y%m%d%H%M%SZ")
+
+    @property
+    def has_expired(self):
+        return self.x509.has_expired()
+
+    @property
+    def subject(self):
+        return self.x509.get_subject().get_components()
+
+    @property
+    def serial(self):
+        return self.x509.get_serial_number()
+
+    @property
+    def keyinfo(self):
+        pk = self.x509.get_pubkey()
+        types = {
+            OpenSSL.crypto.TYPE_RSA: "RSA",
+            OpenSSL.crypto.TYPE_DSA: "DSA",
+        }
+        return (
+            types.get(pk.type(), "UNKNOWN"),
+            pk.bits()
+        )
+
+    @property
+    def cn(self):
+        c = None
+        for i in self.subject:
+            if i[0] == b"CN":
+                c = i[1]
+        return c
+
+    @property
+    def altnames(self):
+        """
+        Returns:
+            All DNS altnames.
+        """
+        # tcp.TCPClient.convert_to_ssl assumes that this property only contains DNS altnames for hostname verification.
+        altnames = []
+        for i in range(self.x509.get_extension_count()):
+            ext = self.x509.get_extension(i)
+            if ext.get_short_name() == b"subjectAltName":
+                try:
+                    dec = decode(ext.get_data(), asn1Spec=_GeneralNames())
+                except PyAsn1Error:
+                    continue
+                for i in dec[0]:
+                    altnames.append(i[0].asOctets())
+        return altnames
diff --git a/netlib/netlib/encoding.py b/netlib/netlib/encoding.py
new file mode 100644
index 00000000..14479e00
--- /dev/null
+++ b/netlib/netlib/encoding.py
@@ -0,0 +1,88 @@
+"""
+    Utility functions for decoding response bodies.
+"""
+from __future__ import absolute_import
+from io import BytesIO
+import gzip
+import zlib
+from .utils import always_byte_args
+
+
+ENCODINGS = {"identity", "gzip", "deflate"}
+
+
+def decode(e, content):
+    if not isinstance(content, bytes):
+        return None
+    encoding_map = {
+        "identity": identity,
+        "gzip": decode_gzip,
+        "deflate": decode_deflate,
+    }
+    if e not in encoding_map:
+        return None
+    return encoding_map[e](content)
+
+
+def encode(e, content):
+    if not isinstance(content, bytes):
+        return None
+    encoding_map = {
+        "identity": identity,
+        "gzip": encode_gzip,
+        "deflate": encode_deflate,
+    }
+    if e not in encoding_map:
+        return None
+    return encoding_map[e](content)
+
+
+def identity(content):
+    """
+        Returns content unchanged. Identity is the default value of
+        Accept-Encoding headers.
+    """
+    return content
+
+
+def decode_gzip(content):
+    gfile = gzip.GzipFile(fileobj=BytesIO(content))
+    try:
+        return gfile.read()
+    except (IOError, EOFError):
+        return None
+
+
+def encode_gzip(content):
+    s = BytesIO()
+    gf = gzip.GzipFile(fileobj=s, mode='wb')
+    gf.write(content)
+    gf.close()
+    return s.getvalue()
+
+
+def decode_deflate(content):
+    """
+        Returns decompressed data for DEFLATE. Some servers may respond with
+        compressed data without a zlib header or checksum. An undocumented
+        feature of zlib permits the lenient decompression of data missing both
+        values.
+
+        http://bugs.python.org/issue5784
+    """
+    try:
+        try:
+            return zlib.decompress(content)
+        except zlib.error:
+            return zlib.decompress(content, -15)
+    except zlib.error:
+        return None
+
+
+def encode_deflate(content):
+    """
+        Returns compressed content, always including zlib header and checksum.
+    """
+    return zlib.compress(content)
+
+__all__ = ["ENCODINGS", "encode", "decode"]
diff --git a/netlib/netlib/exceptions.py b/netlib/netlib/exceptions.py
new file mode 100644
index 00000000..05f1054b
--- /dev/null
+++ b/netlib/netlib/exceptions.py
@@ -0,0 +1,56 @@
+"""
+We try to be very hygienic regarding the exceptions we throw:
+Every Exception netlib raises shall be a subclass of NetlibException.
+
+
+See also: http://lucumr.pocoo.org/2014/10/16/on-error-handling/
+"""
+from __future__ import absolute_import, print_function, division
+
+
+class NetlibException(Exception):
+    """
+    Base class for all exceptions thrown by netlib.
+    """
+    def __init__(self, message=None):
+        super(NetlibException, self).__init__(message)
+
+
+class Disconnect(object):
+    """Immediate EOF"""
+
+
+class HttpException(NetlibException):
+    pass
+
+
+class HttpReadDisconnect(HttpException, Disconnect):
+    pass
+
+
+class HttpSyntaxException(HttpException):
+    pass
+
+
+class TcpException(NetlibException):
+    pass
+
+
+class TcpDisconnect(TcpException, Disconnect):
+    pass
+
+
+class TcpReadIncomplete(TcpException):
+    pass
+
+
+class TcpTimeout(TcpException):
+    pass
+
+
+class TlsException(NetlibException):
+    pass
+
+
+class InvalidCertificateException(TlsException):
+    pass
diff --git a/netlib/netlib/http/__init__.py b/netlib/netlib/http/__init__.py
new file mode 100644
index 00000000..fd632cd5
--- /dev/null
+++ b/netlib/netlib/http/__init__.py
@@ -0,0 +1,14 @@
+from __future__ import absolute_import, print_function, division
+from .request import Request
+from .response import Response
+from .headers import Headers
+from .message import decoded, CONTENT_MISSING
+from . import http1, http2
+
+__all__ = [
+    "Request",
+    "Response",
+    "Headers",
+    "decoded", "CONTENT_MISSING",
+    "http1", "http2",
+]
diff --git a/netlib/netlib/http/authentication.py b/netlib/netlib/http/authentication.py
new file mode 100644
index 00000000..d769abe5
--- /dev/null
+++ b/netlib/netlib/http/authentication.py
@@ -0,0 +1,167 @@
+from __future__ import (absolute_import, print_function, division)
+from argparse import Action, ArgumentTypeError
+import binascii
+
+
+def parse_http_basic_auth(s):
+    words = s.split()
+    if len(words) != 2:
+        return None
+    scheme = words[0]
+    try:
+        user = binascii.a2b_base64(words[1]).decode("utf8", "replace")
+    except binascii.Error:
+        return None
+    parts = user.split(':')
+    if len(parts) != 2:
+        return None
+    return scheme, parts[0], parts[1]
+
+
+def assemble_http_basic_auth(scheme, username, password):
+    v = binascii.b2a_base64((username + ":" + password).encode("utf8")).decode("ascii")
+    return scheme + " " + v
+
+
+class NullProxyAuth(object):
+
+    """
+        No proxy auth at all (returns empty challange headers)
+    """
+
+    def __init__(self, password_manager):
+        self.password_manager = password_manager
+
+    def clean(self, headers_):
+        """
+            Clean up authentication headers, so they're not passed upstream.
+        """
+
+    def authenticate(self, headers_):
+        """
+            Tests that the user is allowed to use the proxy
+        """
+        return True
+
+    def auth_challenge_headers(self):
+        """
+            Returns a dictionary containing the headers require to challenge the user
+        """
+        return {}
+
+
+class BasicProxyAuth(NullProxyAuth):
+    CHALLENGE_HEADER = 'Proxy-Authenticate'
+    AUTH_HEADER = 'Proxy-Authorization'
+
+    def __init__(self, password_manager, realm):
+        NullProxyAuth.__init__(self, password_manager)
+        self.realm = realm
+
+    def clean(self, headers):
+        del headers[self.AUTH_HEADER]
+
+    def authenticate(self, headers):
+        auth_value = headers.get(self.AUTH_HEADER)
+        if not auth_value:
+            return False
+        parts = parse_http_basic_auth(auth_value)
+        if not parts:
+            return False
+        scheme, username, password = parts
+        if scheme.lower() != 'basic':
+            return False
+        if not self.password_manager.test(username, password):
+            return False
+        self.username = username
+        return True
+
+    def auth_challenge_headers(self):
+        return {self.CHALLENGE_HEADER: 'Basic realm="%s"' % self.realm}
+
+
+class PassMan(object):
+
+    def test(self, username_, password_token_):
+        return False
+
+
+class PassManNonAnon(PassMan):
+
+    """
+        Ensure the user specifies a username, accept any password.
+    """
+
+    def test(self, username, password_token_):
+        if username:
+            return True
+        return False
+
+
+class PassManHtpasswd(PassMan):
+
+    """
+        Read usernames and passwords from an htpasswd file
+    """
+
+    def __init__(self, path):
+        """
+            Raises ValueError if htpasswd file is invalid.
+        """
+        import passlib.apache
+        self.htpasswd = passlib.apache.HtpasswdFile(path)
+
+    def test(self, username, password_token):
+        return bool(self.htpasswd.check_password(username, password_token))
+
+
+class PassManSingleUser(PassMan):
+
+    def __init__(self, username, password):
+        self.username, self.password = username, password
+
+    def test(self, username, password_token):
+        return self.username == username and self.password == password_token
+
+
+class AuthAction(Action):
+
+    """
+    Helper class to allow seamless integration int argparse. Example usage:
+    parser.add_argument(
+        "--nonanonymous",
+        action=NonanonymousAuthAction, nargs=0,
+        help="Allow access to any user long as a credentials are specified."
+    )
+    """
+
+    def __call__(self, parser, namespace, values, option_string=None):
+        passman = self.getPasswordManager(values)
+        authenticator = BasicProxyAuth(passman, "mitmproxy")
+        setattr(namespace, self.dest, authenticator)
+
+    def getPasswordManager(self, s):  # pragma: nocover
+        raise NotImplementedError()
+
+
+class SingleuserAuthAction(AuthAction):
+
+    def getPasswordManager(self, s):
+        if len(s.split(':')) != 2:
+            raise ArgumentTypeError(
+                "Invalid single-user specification. Please use the format username:password"
+            )
+        username, password = s.split(':')
+        return PassManSingleUser(username, password)
+
+
+class NonanonymousAuthAction(AuthAction):
+
+    def getPasswordManager(self, s):
+        return PassManNonAnon()
+
+
+class HtpasswdAuthAction(AuthAction):
+
+    def getPasswordManager(self, s):
+        return PassManHtpasswd(s)
diff --git a/netlib/netlib/http/cookies.py b/netlib/netlib/http/cookies.py
new file mode 100644
index 00000000..18544b5e
--- /dev/null
+++ b/netlib/netlib/http/cookies.py
@@ -0,0 +1,193 @@
+import re
+
+from .. import odict
+
+"""
+A flexible module for cookie parsing and manipulation.
+
+This module differs from usual standards-compliant cookie modules in a number
+of ways. We try to be as permissive as possible, and to retain even mal-formed
+information. Duplicate cookies are preserved in parsing, and can be set in
+formatting. We do attempt to escape and quote values where needed, but will not
+reject data that violate the specs.
+
+Parsing accepts the formats in RFC6265 and partially RFC2109 and RFC2965. We do
+not parse the comma-separated variant of Set-Cookie that allows multiple
+cookies to be set in a single header. Technically this should be feasible, but
+it turns out that violations of RFC6265 that makes the parsing problem
+indeterminate are much more common than genuine occurences of the multi-cookie
+variants. Serialization follows RFC6265.
+
+    http://tools.ietf.org/html/rfc6265
+    http://tools.ietf.org/html/rfc2109
+    http://tools.ietf.org/html/rfc2965
+"""
+
+# TODO: Disallow LHS-only Cookie values
+
+
+def _read_until(s, start, term):
+    """
+        Read until one of the characters in term is reached.
+    """
+    if start == len(s):
+        return "", start + 1
+    for i in range(start, len(s)):
+        if s[i] in term:
+            return s[start:i], i
+    return s[start:i + 1], i + 1
+
+
+def _read_token(s, start):
+    """
+        Read a token - the LHS of a token/value pair in a cookie.
+    """
+    return _read_until(s, start, ";=")
+
+
+def _read_quoted_string(s, start):
+    """
+        start: offset to the first quote of the string to be read
+
+        A sort of loose super-set of the various quoted string specifications.
+
+        RFC6265 disallows backslashes or double quotes within quoted strings.
+        Prior RFCs use backslashes to escape. This leaves us free to apply
+        backslash escaping by default and be compatible with everything.
+    """
+    escaping = False
+    ret = []
+    # Skip the first quote
+    i = start  # initialize in case the loop doesn't run.
+    for i in range(start + 1, len(s)):
+        if escaping:
+            ret.append(s[i])
+            escaping = False
+        elif s[i] == '"':
+            break
+        elif s[i] == "\\":
+            escaping = True
+        else:
+            ret.append(s[i])
+    return "".join(ret), i + 1
+
+
+def _read_value(s, start, delims):
+    """
+        Reads a value - the RHS of a token/value pair in a cookie.
+
+        special: If the value is special, commas are premitted. Else comma
+        terminates. This helps us support old and new style values.
+    """
+    if start >= len(s):
+        return "", start
+    elif s[start] == '"':
+        return _read_quoted_string(s, start)
+    else:
+        return _read_until(s, start, delims)
+
+
+def _read_pairs(s, off=0):
+    """
+        Read pairs of lhs=rhs values.
+
+        off: start offset
+        specials: a lower-cased list of keys that may contain commas
+    """
+    vals = []
+    while True:
+        lhs, off = _read_token(s, off)
+        lhs = lhs.lstrip()
+        if lhs:
+            rhs = None
+            if off < len(s):
+                if s[off] == "=":
+                    rhs, off = _read_value(s, off + 1, ";")
+            vals.append([lhs, rhs])
+        off += 1
+        if not off < len(s):
+            break
+    return vals, off
+
+
+def _has_special(s):
+    for i in s:
+        if i in '",;\\':
+            return True
+        o = ord(i)
+        if o < 0x21 or o > 0x7e:
+            return True
+    return False
+
+
+ESCAPE = re.compile(r"([\"\\])")
+
+
+def _format_pairs(lst, specials=(), sep="; "):
+    """
+        specials: A lower-cased list of keys that will not be quoted.
+    """
+    vals = []
+    for k, v in lst:
+        if v is None:
+            vals.append(k)
+        else:
+            if k.lower() not in specials and _has_special(v):
+                v = ESCAPE.sub(r"\\\1", v)
+                v = '"%s"' % v
+            vals.append("%s=%s" % (k, v))
+    return sep.join(vals)
+
+
+def _format_set_cookie_pairs(lst):
+    return _format_pairs(
+        lst,
+        specials=("expires", "path")
+    )
+
+
+def _parse_set_cookie_pairs(s):
+    """
+        For Set-Cookie, we support multiple cookies as described in RFC2109.
+        This function therefore returns a list of lists.
+    """
+    pairs, off_ = _read_pairs(s)
+    return pairs
+
+
+def parse_set_cookie_header(line):
+    """
+        Parse a Set-Cookie header value
+
+        Returns a (name, value, attrs) tuple, or None, where attrs is an
+        ODictCaseless set of attributes. No attempt is made to parse attribute
+        values - they are treated purely as strings.
+    """
+    pairs = _parse_set_cookie_pairs(line)
+    if pairs:
+        return pairs[0][0], pairs[0][1], odict.ODictCaseless(pairs[1:])
+
+
+def format_set_cookie_header(name, value, attrs):
+    """
+        Formats a Set-Cookie header value.
+    """
+    pairs = [[name, value]]
+    pairs.extend(attrs.lst)
+    return _format_set_cookie_pairs(pairs)
+
+
+def parse_cookie_header(line):
+    """
+        Parse a Cookie header value.
+        Returns a (possibly empty) ODict object.
+    """
+    pairs, off_ = _read_pairs(line)
+    return odict.ODict(pairs)
+
+
+def format_cookie_header(od):
+    """
+        Formats a Cookie header value.
+    """
+    return _format_pairs(od.lst)
diff --git a/netlib/netlib/http/headers.py b/netlib/netlib/http/headers.py
new file mode 100644
index 00000000..78404796
--- /dev/null
+++ b/netlib/netlib/http/headers.py
@@ -0,0 +1,204 @@
+"""
+
+Unicode Handling
+----------------
+See also: http://lucumr.pocoo.org/2013/7/2/the-updated-guide-to-unicode/
+"""
+from __future__ import absolute_import, print_function, division
+import copy
+try:
+    from collections.abc import MutableMapping
+except ImportError:  # pragma: nocover
+    from collections import MutableMapping  # Workaround for Python < 3.3
+
+
+import six
+
+from netlib.utils import always_byte_args, always_bytes, Serializable
+
+if six.PY2:  # pragma: nocover
+    _native = lambda x: x
+    _always_bytes = lambda x: x
+    _always_byte_args = lambda x: x
+else:
+    # While headers _should_ be ASCII, it's not uncommon for certain headers to be utf-8 encoded.
+    _native = lambda x: x.decode("utf-8", "surrogateescape")
+    _always_bytes = lambda x: always_bytes(x, "utf-8", "surrogateescape")
+    _always_byte_args = always_byte_args("utf-8", "surrogateescape")
+
+
+class Headers(MutableMapping, Serializable):
+    """
+    Header class which allows both convenient access to individual headers as well as
+    direct access to the underlying raw data. Provides a full dictionary interface.
+
+    Example:
+
+    .. code-block:: python
+
+        # Create headers with keyword arguments
+        >>> h = Headers(host="example.com", content_type="application/xml")
+
+        # Headers mostly behave like a normal dict.
+        >>> h["Host"]
+        "example.com"
+
+        # HTTP Headers are case insensitive
+        >>> h["host"]
+        "example.com"
+
+        # Headers can also be creatd from a list of raw (header_name, header_value) byte tuples
+        >>> h = Headers([
+            [b"Host",b"example.com"],
+            [b"Accept",b"text/html"],
+            [b"accept",b"application/xml"]
+        ])
+
+        # Multiple headers are folded into a single header as per RFC7230
+        >>> h["Accept"]
+        "text/html, application/xml"
+
+        # Setting a header removes all existing headers with the same name.
+        >>> h["Accept"] = "application/text"
+        >>> h["Accept"]
+        "application/text"
+
+        # bytes(h) returns a HTTP1 header block.
+        >>> print(bytes(h))
+        Host: example.com
+        Accept: application/text
+
+        # For full control, the raw header fields can be accessed
+        >>> h.fields
+
+    Caveats:
+        For use with the "Set-Cookie" header, see :py:meth:`get_all`.
+    """
+
+    @_always_byte_args
+    def __init__(self, fields=None, **headers):
+        """
+        Args:
+            fields: (optional) list of ``(name, value)`` header byte tuples,
+                e.g. ``[(b"Host", b"example.com")]``. All names and values must be bytes.
+            **headers: Additional headers to set. Will overwrite existing values from `fields`.
+                For convenience, underscores in header names will be transformed to dashes -
+                this behaviour does not extend to other methods.
+                If ``**headers`` contains multiple keys that have equal ``.lower()`` s,
+                the behavior is undefined.
+        """
+        self.fields = fields or []
+
+        for name, value in self.fields:
+            if not isinstance(name, bytes) or not isinstance(value, bytes):
+                raise ValueError("Headers passed as fields must be bytes.")
+
+        # content_type -> content-type
+        headers = {
+            _always_bytes(name).replace(b"_", b"-"): value
+            for name, value in six.iteritems(headers)
+            }
+        self.update(headers)
+
+    def __bytes__(self):
+        if self.fields:
+            return b"\r\n".join(b": ".join(field) for field in self.fields) + b"\r\n"
+        else:
+            return b""
+
+    if six.PY2:  # pragma: nocover
+        __str__ = __bytes__
+
+    @_always_byte_args
+    def __getitem__(self, name):
+        values = self.get_all(name)
+        if not values:
+            raise KeyError(name)
+        return ", ".join(values)
+
+    @_always_byte_args
+    def __setitem__(self, name, value):
+        idx = self._index(name)
+
+        # To please the human eye, we insert at the same position the first existing header occured.
+        if idx is not None:
+            del self[name]
+            self.fields.insert(idx, [name, value])
+        else:
+            self.fields.append([name, value])
+
+    @_always_byte_args
+    def __delitem__(self, name):
+        if name not in self:
+            raise KeyError(name)
+        name = name.lower()
+        self.fields = [
+            field for field in self.fields
+            if name != field[0].lower()
+        ]
+
+    def __iter__(self):
+        seen = set()
+        for name, _ in self.fields:
+            name_lower = name.lower()
+            if name_lower not in seen:
+                seen.add(name_lower)
+                yield _native(name)
+
+    def __len__(self):
+        return len(set(name.lower() for name, _ in self.fields))
+
+    # __hash__ = object.__hash__
+
+    def _index(self, name):
+        name = name.lower()
+        for i, field in enumerate(self.fields):
+            if field[0].lower() == name:
+                return i
+        return None
+
+    def __eq__(self, other):
+        if isinstance(other, Headers):
+            return self.fields == other.fields
+        return False
+
+    def __ne__(self, other):
+        return not self.__eq__(other)
+
+    @_always_byte_args
+    def get_all(self, name):
+        """
+        Like :py:meth:`get`, but does not fold multiple headers into a single one.
+        This is useful for Set-Cookie headers, which do not support folding.
+
+        See also: https://tools.ietf.org/html/rfc7230#section-3.2.2
+        """
+        name_lower = name.lower()
+        values = [_native(value) for n, value in self.fields if n.lower() == name_lower]
+        return values
+
+    @_always_byte_args
+    def set_all(self, name, values):
+        """
+        Explicitly set multiple headers for the given key.
+        See: :py:meth:`get_all`
+        """
+        values = map(_always_bytes, values)  # _always_byte_args does not fix lists
+        if name in self:
+            del self[name]
+        self.fields.extend(
+            [name, value] for value in values
+        )
+
+    def copy(self):
+        return Headers(copy.copy(self.fields))
+
+    def get_state(self):
+        return tuple(tuple(field) for field in self.fields)
+
+    def set_state(self, state):
+        self.fields = [list(field) for field in state]
+
+    @classmethod
+    def from_state(cls, state):
+        return cls([list(field) for field in state])
\ No newline at end of file
diff --git a/netlib/netlib/http/http1/__init__.py b/netlib/netlib/http/http1/__init__.py
new file mode 100644
index 00000000..2aa7e26a
--- /dev/null
+++ b/netlib/netlib/http/http1/__init__.py
@@ -0,0 +1,25 @@
+from __future__ import absolute_import, print_function, division
+from .read import (
+    read_request, read_request_head,
+    read_response, read_response_head,
+    read_body,
+    connection_close,
+    expected_http_body_size,
+)
+from .assemble import (
+    assemble_request, assemble_request_head,
+    assemble_response, assemble_response_head,
+    assemble_body,
+)
+
+
+__all__ = [
+    "read_request", "read_request_head",
+    "read_response", "read_response_head",
+    "read_body",
+    "connection_close",
+    "expected_http_body_size",
+    "assemble_request", "assemble_request_head",
+    "assemble_response", "assemble_response_head",
+    "assemble_body",
+]
diff --git a/netlib/netlib/http/http1/assemble.py b/netlib/netlib/http/http1/assemble.py
new file mode 100644
index 00000000..785ee8d3
--- /dev/null
+++ b/netlib/netlib/http/http1/assemble.py
@@ -0,0 +1,104 @@
+from __future__ import absolute_import, print_function, division
+
+from ... import utils
+import itertools
+from ...exceptions import HttpException
+from .. import CONTENT_MISSING
+
+
+def assemble_request(request):
+    if request.content == CONTENT_MISSING:
+        raise HttpException("Cannot assemble flow with CONTENT_MISSING")
+    head = assemble_request_head(request)
+    body = b"".join(assemble_body(request.data.headers, [request.data.content]))
+    return head + body
+
+
+def assemble_request_head(request):
+    first_line = _assemble_request_line(request.data)
+    headers = _assemble_request_headers(request.data)
+    return b"%s\r\n%s\r\n" % (first_line, headers)
+
+
+def assemble_response(response):
+    if response.content == CONTENT_MISSING:
+        raise HttpException("Cannot assemble flow with CONTENT_MISSING")
+    head = assemble_response_head(response)
+    body = b"".join(assemble_body(response.data.headers, [response.data.content]))
+    return head + body
+
+
+def assemble_response_head(response):
+    first_line = _assemble_response_line(response.data)
+    headers = _assemble_response_headers(response.data)
+    return b"%s\r\n%s\r\n" % (first_line, headers)
+
+
+def assemble_body(headers, body_chunks):
+    if "chunked" in headers.get("transfer-encoding", "").lower():
+        for chunk in body_chunks:
+            if chunk:
+                yield b"%x\r\n%s\r\n" % (len(chunk), chunk)
+        yield b"0\r\n\r\n"
+    else:
+        for chunk in body_chunks:
+            yield chunk
+
+
+def _assemble_request_line(request_data):
+    """
+    Args:
+        request_data (netlib.http.request.RequestData)
+    """
+    form = request_data.first_line_format
+    if form == "relative":
+        return b"%s %s %s" % (
+            request_data.method,
+            request_data.path,
+            request_data.http_version
+        )
+    elif form == "authority":
+        return b"%s %s:%d %s" % (
+            request_data.method,
+            request_data.host,
+            request_data.port,
+            request_data.http_version
+        )
+    elif form == "absolute":
+        return b"%s %s://%s:%d%s %s" % (
+            request_data.method,
+            request_data.scheme,
+            request_data.host,
+            request_data.port,
+            request_data.path,
+            request_data.http_version
+        )
+    else:
+        raise RuntimeError("Invalid request form")
+
+
+def _assemble_request_headers(request_data):
+    """
+    Args:
+        request_data (netlib.http.request.RequestData)
+    """
+    headers = request_data.headers.copy()
+    if "host" not in headers and request_data.scheme and request_data.host and request_data.port:
+        headers["host"] = utils.hostport(
+            request_data.scheme,
+            request_data.host,
+            request_data.port
+        )
+    return bytes(headers)
+
+
+def _assemble_response_line(response_data):
+    return b"%s %d %s" % (
+        response_data.http_version,
+        response_data.status_code,
+        response_data.reason,
+    )
+
+
+def _assemble_response_headers(response):
+    return bytes(response.headers)
diff --git a/netlib/netlib/http/http1/read.py b/netlib/netlib/http/http1/read.py
new file mode 100644
index 00000000..6e3a1b93
--- /dev/null
+++ b/netlib/netlib/http/http1/read.py
@@ -0,0 +1,362 @@
+from __future__ import absolute_import, print_function, division
+import time
+import sys
+import re
+
+from ... import utils
+from ...exceptions import HttpReadDisconnect, HttpSyntaxException, HttpException, TcpDisconnect
+from .. import Request, Response, Headers
+
+
+def read_request(rfile, body_size_limit=None):
+    request = read_request_head(rfile)
+    expected_body_size = expected_http_body_size(request)
+    request.data.content = b"".join(read_body(rfile, expected_body_size, limit=body_size_limit))
+    request.timestamp_end = time.time()
+    return request
+
+
+def read_request_head(rfile):
+    """
+    Parse an HTTP request head (request line + headers) from an input stream
+
+    Args:
+        rfile: The input stream
+
+    Returns:
+        The HTTP request object (without body)
+
+    Raises:
+        HttpReadDisconnect: No bytes can be read from rfile.
+        HttpSyntaxException: The input is malformed HTTP.
+        HttpException: Any other error occured.
+    """
+    timestamp_start = time.time()
+    if hasattr(rfile, "reset_timestamps"):
+        rfile.reset_timestamps()
+
+    form, method, scheme, host, port, path, http_version = _read_request_line(rfile)
+    headers = _read_headers(rfile)
+
+    if hasattr(rfile, "first_byte_timestamp"):
+        # more accurate timestamp_start
+        timestamp_start = rfile.first_byte_timestamp
+
+    return Request(
+        form, method, scheme, host, port, path, http_version, headers, None, timestamp_start
+    )
+
+
+def read_response(rfile, request, body_size_limit=None):
+    response = read_response_head(rfile)
+    expected_body_size = expected_http_body_size(request, response)
+    response.data.content = b"".join(read_body(rfile, expected_body_size, body_size_limit))
+    response.timestamp_end = time.time()
+    return response
+
+
+def read_response_head(rfile):
+    """
+    Parse an HTTP response head (response line + headers) from an input stream
+
+    Args:
+        rfile: The input stream
+
+    Returns:
+        The HTTP request object (without body)
+
+    Raises:
+        HttpReadDisconnect: No bytes can be read from rfile.
+        HttpSyntaxException: The input is malformed HTTP.
+        HttpException: Any other error occured.
+    """
+
+    timestamp_start = time.time()
+    if hasattr(rfile, "reset_timestamps"):
+        rfile.reset_timestamps()
+
+    http_version, status_code, message = _read_response_line(rfile)
+    headers = _read_headers(rfile)
+
+    if hasattr(rfile, "first_byte_timestamp"):
+        # more accurate timestamp_start
+        timestamp_start = rfile.first_byte_timestamp
+
+    return Response(http_version, status_code, message, headers, None, timestamp_start)
+
+
+def read_body(rfile, expected_size, limit=None, max_chunk_size=4096):
+    """
+        Read an HTTP message body
+
+        Args:
+            rfile: The input stream
+            expected_size: The expected body size (see :py:meth:`expected_body_size`)
+            limit: Maximum body size
+            max_chunk_size: Maximium chunk size that gets yielded
+
+        Returns:
+            A generator that yields byte chunks of the content.
+
+        Raises:
+            HttpException, if an error occurs
+
+        Caveats:
+            max_chunk_size is not considered if the transfer encoding is chunked.
+    """
+    if not limit or limit < 0:
+        limit = sys.maxsize
+    if not max_chunk_size:
+        max_chunk_size = limit
+
+    if expected_size is None:
+        for x in _read_chunked(rfile, limit):
+            yield x
+    elif expected_size >= 0:
+        if limit is not None and expected_size > limit:
+            raise HttpException(
+                "HTTP Body too large. "
+                "Limit is {}, content length was advertised as {}".format(limit, expected_size)
+            )
+        bytes_left = expected_size
+        while bytes_left:
+            chunk_size = min(bytes_left, max_chunk_size)
+            content = rfile.read(chunk_size)
+            if len(content) < chunk_size:
+                raise HttpException("Unexpected EOF")
+            yield content
+            bytes_left -= chunk_size
+    else:
+        bytes_left = limit
+        while bytes_left:
+            chunk_size = min(bytes_left, max_chunk_size)
+            content = rfile.read(chunk_size)
+            if not content:
+                return
+            yield content
+            bytes_left -= chunk_size
+        not_done = rfile.read(1)
+        if not_done:
+            raise HttpException("HTTP body too large. Limit is {}.".format(limit))
+
+
+def connection_close(http_version, headers):
+    """
+        Checks the message to see if the client connection should be closed
+        according to RFC 2616 Section 8.1.
+    """
+    # At first, check if we have an explicit Connection header.
+    if "connection" in headers:
+        tokens = utils.get_header_tokens(headers, "connection")
+        if "close" in tokens:
+            return True
+        elif "keep-alive" in tokens:
+            return False
+
+    # If we don't have a Connection header, HTTP 1.1 connections are assumed to
+    # be persistent
+    return http_version != "HTTP/1.1" and http_version != b"HTTP/1.1"  # FIXME: Remove one case.
+
+
+def expected_http_body_size(request, response=None):
+    """
+        Returns:
+            The expected body length:
+            - a positive integer, if the size is known in advance
+            - None, if the size in unknown in advance (chunked encoding)
+            - -1, if all data should be read until end of stream.
+
+        Raises:
+            HttpSyntaxException, if the content length header is invalid
+    """
+    # Determine response size according to
+    # http://tools.ietf.org/html/rfc7230#section-3.3
+    if not response:
+        headers = request.headers
+        response_code = None
+        is_request = True
+    else:
+        headers = response.headers
+        response_code = response.status_code
+        is_request = False
+
+    if is_request:
+        if headers.get("expect", "").lower() == "100-continue":
+            return 0
+    else:
+        if request.method.upper() == "HEAD":
+            return 0
+        if 100 <= response_code <= 199:
+            return 0
+        if response_code == 200 and request.method.upper() == "CONNECT":
+            return 0
+        if response_code in (204, 304):
+            return 0
+
+    if "chunked" in headers.get("transfer-encoding", "").lower():
+        return None
+    if "content-length" in headers:
+        try:
+            size = int(headers["content-length"])
+            if size < 0:
+                raise ValueError()
+            return size
+        except ValueError:
+            raise HttpSyntaxException("Unparseable Content Length")
+    if is_request:
+        return 0
+    return -1
+
+
+def _get_first_line(rfile):
+    try:
+        line = rfile.readline()
+        if line == b"\r\n" or line == b"\n":
+            # Possible leftover from previous message
+            line = rfile.readline()
+    except TcpDisconnect:
+        raise HttpReadDisconnect("Remote disconnected")
+    if not line:
+        raise HttpReadDisconnect("Remote disconnected")
+    return line.strip()
+
+
+def _read_request_line(rfile):
+    try:
+        line = _get_first_line(rfile)
+    except HttpReadDisconnect:
+        # We want to provide a better error message.
+        raise HttpReadDisconnect("Client disconnected")
+
+    try:
+        method, path, http_version = line.split(b" ")
+
+        if path == b"*" or path.startswith(b"/"):
+            form = "relative"
+            scheme, host, port = None, None, None
+        elif method == b"CONNECT":
+            form = "authority"
+            host, port = _parse_authority_form(path)
+            scheme, path = None, None
+        else:
+            form = "absolute"
+            scheme, host, port, path = utils.parse_url(path)
+
+        _check_http_version(http_version)
+    except ValueError:
+        raise HttpSyntaxException("Bad HTTP request line: {}".format(line))
+
+    return form, method, scheme, host, port, path, http_version
+
+
+def _parse_authority_form(hostport):
+    """
+        Returns (host, port) if hostport is a valid authority-form host specification.
+        http://tools.ietf.org/html/draft-luotonen-web-proxy-tunneling-01 section 3.1
+
+        Raises:
+            ValueError, if the input is malformed
+    """
+    try:
+        host, port = hostport.split(b":")
+        port = int(port)
+        if not utils.is_valid_host(host) or not utils.is_valid_port(port):
+            raise ValueError()
+    except ValueError:
+        raise HttpSyntaxException("Invalid host specification: {}".format(hostport))
+
+    return host, port
+
+
+def _read_response_line(rfile):
+    try:
+        line = _get_first_line(rfile)
+    except HttpReadDisconnect:
+        # We want to provide a better error message.
+        raise HttpReadDisconnect("Server disconnected")
+
+    try:
+
+        parts = line.split(b" ", 2)
+        if len(parts) == 2:  # handle missing message gracefully
+            parts.append(b"")
+
+        http_version, status_code, message = parts
+        status_code = int(status_code)
+        _check_http_version(http_version)
+
+    except ValueError:
+        raise HttpSyntaxException("Bad HTTP response line: {}".format(line))
+
+    return http_version, status_code, message
+
+
+def _check_http_version(http_version):
+    if not re.match(br"^HTTP/\d\.\d$", http_version):
+        raise HttpSyntaxException("Unknown HTTP version: {}".format(http_version))
+
+
+def _read_headers(rfile):
+    """
+        Read a set of headers.
+        Stop once a blank line is reached.
+
+        Returns:
+            A headers object
+
+        Raises:
+            HttpSyntaxException
+    """
+    ret = []
+    while True:
+        line = rfile.readline()
+        if not line or line == b"\r\n" or line == b"\n":
+            break
+        if line[0] in b" \t":
+            if not ret:
+                raise HttpSyntaxException("Invalid headers")
+            # continued header
+            ret[-1][1] = ret[-1][1] + b'\r\n ' + line.strip()
+        else:
+            try:
+                name, value = line.split(b":", 1)
+                value = value.strip()
+                if not name:
+                    raise ValueError()
+                ret.append([name, value])
+            except ValueError:
+                raise HttpSyntaxException("Invalid headers")
+    return Headers(ret)
+
+
+def _read_chunked(rfile, limit=sys.maxsize):
+    """
+    Read a HTTP body with chunked transfer encoding.
+
+    Args:
+        rfile: the input file
+        limit: A positive integer
+    """
+    total = 0
+    while True:
+        line = rfile.readline(128)
+        if line == b"":
+            raise HttpException("Connection closed prematurely")
+        if line != b"\r\n" and line != b"\n":
+            try:
+                length = int(line, 16)
+            except ValueError:
+                raise HttpSyntaxException("Invalid chunked encoding length: {}".format(line))
+            total += length
+            if total > limit:
+                raise HttpException(
+                    "HTTP Body too large. Limit is {}, "
+                    "chunked content longer than {}".format(limit, total)
+                )
+            chunk = rfile.read(length)
+            suffix = rfile.readline(5)
+            if suffix != b"\r\n":
+                raise HttpSyntaxException("Malformed chunked body")
+            if length == 0:
+                return
+            yield chunk
diff --git a/netlib/netlib/http/http2/__init__.py b/netlib/netlib/http/http2/__init__.py
new file mode 100644
index 00000000..7043d36f
--- /dev/null
+++ b/netlib/netlib/http/http2/__init__.py
@@ -0,0 +1,6 @@
+from __future__ import absolute_import, print_function, division
+from .connections import HTTP2Protocol
+
+__all__ = [
+    "HTTP2Protocol"
+]
diff --git a/netlib/netlib/http/http2/connections.py b/netlib/netlib/http/http2/connections.py
new file mode 100644
index 00000000..52fa7193
--- /dev/null
+++ b/netlib/netlib/http/http2/connections.py
@@ -0,0 +1,426 @@
+from __future__ import (absolute_import, print_function, division)
+import itertools
+import time
+
+from hpack.hpack import Encoder, Decoder
+from ... import utils
+from .. import Headers, Response, Request
+
+from hyperframe import frame
+
+
+class TCPHandler(object):
+
+    def __init__(self, rfile, wfile=None):
+        self.rfile = rfile
+        self.wfile = wfile
+
+
+class HTTP2Protocol(object):
+
+    ERROR_CODES = utils.BiDi(
+        NO_ERROR=0x0,
+        PROTOCOL_ERROR=0x1,
+        INTERNAL_ERROR=0x2,
+        FLOW_CONTROL_ERROR=0x3,
+        SETTINGS_TIMEOUT=0x4,
+        STREAM_CLOSED=0x5,
+        FRAME_SIZE_ERROR=0x6,
+        REFUSED_STREAM=0x7,
+        CANCEL=0x8,
+        COMPRESSION_ERROR=0x9,
+        CONNECT_ERROR=0xa,
+        ENHANCE_YOUR_CALM=0xb,
+        INADEQUATE_SECURITY=0xc,
+        HTTP_1_1_REQUIRED=0xd
+    )
+
+    CLIENT_CONNECTION_PREFACE = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'
+
+    HTTP2_DEFAULT_SETTINGS = {
+        frame.SettingsFrame.HEADER_TABLE_SIZE: 4096,
+        frame.SettingsFrame.ENABLE_PUSH: 1,
+        frame.SettingsFrame.MAX_CONCURRENT_STREAMS: None,
+        frame.SettingsFrame.INITIAL_WINDOW_SIZE: 2 ** 16 - 1,
+        frame.SettingsFrame.MAX_FRAME_SIZE: 2 ** 14,
+        frame.SettingsFrame.MAX_HEADER_LIST_SIZE: None,
+    }
+
+    def __init__(
+        self,
+        tcp_handler=None,
+        rfile=None,
+        wfile=None,
+        is_server=False,
+        dump_frames=False,
+        encoder=None,
+        decoder=None,
+        unhandled_frame_cb=None,
+    ):
+        self.tcp_handler = tcp_handler or TCPHandler(rfile, wfile)
+        self.is_server = is_server
+        self.dump_frames = dump_frames
+        self.encoder = encoder or Encoder()
+        self.decoder = decoder or Decoder()
+        self.unhandled_frame_cb = unhandled_frame_cb
+
+        self.http2_settings = self.HTTP2_DEFAULT_SETTINGS.copy()
+        self.current_stream_id = None
+        self.connection_preface_performed = False
+
+    def read_request(
+        self,
+        __rfile,
+        include_body=True,
+        body_size_limit=None,
+        allow_empty=False,
+    ):
+        if body_size_limit is not None:
+            raise NotImplementedError()
+
+        self.perform_connection_preface()
+
+        timestamp_start = time.time()
+        if hasattr(self.tcp_handler.rfile, "reset_timestamps"):
+            self.tcp_handler.rfile.reset_timestamps()
+
+        stream_id, headers, body = self._receive_transmission(
+            include_body=include_body,
+        )
+
+        if hasattr(self.tcp_handler.rfile, "first_byte_timestamp"):
+            # more accurate timestamp_start
+            timestamp_start = self.tcp_handler.rfile.first_byte_timestamp
+
+        timestamp_end = time.time()
+
+        authority = headers.get(':authority', b'')
+        method = headers.get(':method', 'GET')
+        scheme = headers.get(':scheme', 'https')
+        path = headers.get(':path', '/')
+        host = None
+        port = None
+
+        if path == '*' or path.startswith("/"):
+            form_in = "relative"
+        elif method == 'CONNECT':
+            form_in = "authority"
+            if ":" in authority:
+                host, port = authority.split(":", 1)
+            else:
+                host = authority
+        else:
+            form_in = "absolute"
+            # FIXME: verify if path or :host contains what we need
+            scheme, host, port, _ = utils.parse_url(path)
+            scheme = scheme.decode('ascii')
+            host = host.decode('ascii')
+
+        if host is None:
+            host = 'localhost'
+        if port is None:
+            port = 80 if scheme == 'http' else 443
+        port = int(port)
+
+        request = Request(
+            form_in,
+            method.encode('ascii'),
+            scheme.encode('ascii'),
+            host.encode('ascii'),
+            port,
+            path.encode('ascii'),
+            b"HTTP/2.0",
+            headers,
+            body,
+            timestamp_start,
+            timestamp_end,
+        )
+        request.stream_id = stream_id
+
+        return request
+
+    def read_response(
+        self,
+        __rfile,
+        request_method=b'',
+        body_size_limit=None,
+        include_body=True,
+        stream_id=None,
+    ):
+        if body_size_limit is not None:
+            raise NotImplementedError()
+
+        self.perform_connection_preface()
+
+        timestamp_start = time.time()
+        if hasattr(self.tcp_handler.rfile, "reset_timestamps"):
+            self.tcp_handler.rfile.reset_timestamps()
+
+        stream_id, headers, body = self._receive_transmission(
+            stream_id=stream_id,
+            include_body=include_body,
+        )
+
+        if hasattr(self.tcp_handler.rfile, "first_byte_timestamp"):
+            # more accurate timestamp_start
+            timestamp_start = self.tcp_handler.rfile.first_byte_timestamp
+
+        if include_body:
+            timestamp_end = time.time()
+        else:
+            timestamp_end = None
+
+        response = Response(
+            b"HTTP/2.0",
+            int(headers.get(':status', 502)),
+            b'',
+            headers,
+            body,
+            timestamp_start=timestamp_start,
+            timestamp_end=timestamp_end,
+        )
+        response.stream_id = stream_id
+
+        return response
+
+    def assemble(self, message):
+        if isinstance(message, Request):
+            return self.assemble_request(message)
+        elif isinstance(message, Response):
+            return self.assemble_response(message)
+        else:
+            raise ValueError("HTTP message not supported.")
+
+    def assemble_request(self, request):
+        assert isinstance(request, Request)
+
+        authority = self.tcp_handler.sni if self.tcp_handler.sni else self.tcp_handler.address.host
+        if self.tcp_handler.address.port != 443:
+            authority += ":%d" % self.tcp_handler.address.port
+
+        headers = request.headers.copy()
+
+        if ':authority' not in headers:
+            headers.fields.insert(0, (b':authority', authority.encode('ascii')))
+        if ':scheme' not in headers:
+            headers.fields.insert(0, (b':scheme', request.scheme.encode('ascii')))
+        if ':path' not in headers:
+            headers.fields.insert(0, (b':path', request.path.encode('ascii')))
+        if ':method' not in headers:
+            headers.fields.insert(0, (b':method', request.method.encode('ascii')))
+
+        if hasattr(request, 'stream_id'):
+            stream_id = request.stream_id
+        else:
+            stream_id = self._next_stream_id()
+
+        return list(itertools.chain(
+            self._create_headers(headers, stream_id, end_stream=(request.body is None or len(request.body) == 0)),
+            self._create_body(request.body, stream_id)))
+
+    def assemble_response(self, response):
+        assert isinstance(response, Response)
+
+        headers = response.headers.copy()
+
+        if ':status' not in headers:
+            headers.fields.insert(0, (b':status', str(response.status_code).encode('ascii')))
+
+        if hasattr(response, 'stream_id'):
+            stream_id = response.stream_id
+        else:
+            stream_id = self._next_stream_id()
+
+        return list(itertools.chain(
+            self._create_headers(headers, stream_id, end_stream=(response.body is None or len(response.body) == 0)),
+            self._create_body(response.body, stream_id),
+        ))
+
+    def perform_connection_preface(self, force=False):
+        if force or not self.connection_preface_performed:
+            if self.is_server:
+                self.perform_server_connection_preface(force)
+            else:
+                self.perform_client_connection_preface(force)
+
+    def perform_server_connection_preface(self, force=False):
+        if force or not self.connection_preface_performed:
+            self.connection_preface_performed = True
+
+            magic_length = len(self.CLIENT_CONNECTION_PREFACE)
+            magic = self.tcp_handler.rfile.safe_read(magic_length)
+            assert magic == self.CLIENT_CONNECTION_PREFACE
+
+            frm = frame.SettingsFrame(settings={
+                frame.SettingsFrame.ENABLE_PUSH: 0,
+                frame.SettingsFrame.MAX_CONCURRENT_STREAMS: 1,
+            })
+            self.send_frame(frm, hide=True)
+            self._receive_settings(hide=True)
+
+    def perform_client_connection_preface(self, force=False):
+        if force or not self.connection_preface_performed:
+            self.connection_preface_performed = True
+
+            self.tcp_handler.wfile.write(self.CLIENT_CONNECTION_PREFACE)
+
+            self.send_frame(frame.SettingsFrame(), hide=True)
+            self._receive_settings(hide=True)  # server announces own settings
+            self._receive_settings(hide=True)  # server acks my settings
+
+    def send_frame(self, frm, hide=False):
+        raw_bytes = frm.serialize()
+        self.tcp_handler.wfile.write(raw_bytes)
+        self.tcp_handler.wfile.flush()
+        if not hide and self.dump_frames:  # pragma no cover
+            print(frm.human_readable(">>"))
+
+    def read_frame(self, hide=False):
+        while True:
+            frm = utils.http2_read_frame(self.tcp_handler.rfile)
+            if not hide and self.dump_frames:  # pragma no cover
+                print(frm.human_readable("<<"))
+
+            if isinstance(frm, frame.PingFrame):
+                raw_bytes = frame.PingFrame(flags=['ACK'], payload=frm.payload).serialize()
+                self.tcp_handler.wfile.write(raw_bytes)
+                self.tcp_handler.wfile.flush()
+                continue
+            if isinstance(frm, frame.SettingsFrame) and 'ACK' not in frm.flags:
+                self._apply_settings(frm.settings, hide)
+            if isinstance(frm, frame.DataFrame) and frm.flow_controlled_length > 0:
+                self._update_flow_control_window(frm.stream_id, frm.flow_controlled_length)
+            return frm
+
+    def check_alpn(self):
+        alp = self.tcp_handler.get_alpn_proto_negotiated()
+        if alp != b'h2':
+            raise NotImplementedError(
+                "HTTP2Protocol can not handle unknown ALP: %s" % alp)
+        return True
+
+    def _handle_unexpected_frame(self, frm):
+        if isinstance(frm, frame.SettingsFrame):
+            return
+        if self.unhandled_frame_cb:
+            self.unhandled_frame_cb(frm)
+
+    def _receive_settings(self, hide=False):
+        while True:
+            frm = self.read_frame(hide)
+            if isinstance(frm, frame.SettingsFrame):
+                break
+            else:
+                self._handle_unexpected_frame(frm)
+
+    def _next_stream_id(self):
+        if self.current_stream_id is None:
+            if self.is_server:
+                # servers must use even stream ids
+                self.current_stream_id = 2
+            else:
+                # clients must use odd stream ids
+                self.current_stream_id = 1
+        else:
+            self.current_stream_id += 2
+        return self.current_stream_id
+
+    def _apply_settings(self, settings, hide=False):
+        for setting, value in settings.items():
+            old_value = self.http2_settings[setting]
+            if not old_value:
+                old_value = '-'
+            self.http2_settings[setting] = value
+
+        frm = frame.SettingsFrame(flags=['ACK'])
+        self.send_frame(frm, hide)
+
+    def _update_flow_control_window(self, stream_id, increment):
+        frm = frame.WindowUpdateFrame(stream_id=0, window_increment=increment)
+        self.send_frame(frm)
+        frm = frame.WindowUpdateFrame(stream_id=stream_id, window_increment=increment)
+        self.send_frame(frm)
+
+    def _create_headers(self, headers, stream_id, end_stream=True):
+        def frame_cls(chunks):
+            for i in chunks:
+                if i == 0:
+                    yield frame.HeadersFrame, i
+                else:
+                    yield frame.ContinuationFrame, i
+
+        header_block_fragment = self.encoder.encode(headers.fields)
+
+        chunk_size = self.http2_settings[frame.SettingsFrame.MAX_FRAME_SIZE]
+        chunks = range(0, len(header_block_fragment), chunk_size)
+        frms = [frm_cls(
+            flags=[],
+            stream_id=stream_id,
+            data=header_block_fragment[i:i+chunk_size]) for frm_cls, i in frame_cls(chunks)]
+
+        frms[-1].flags.add('END_HEADERS')
+        if end_stream:
+            frms[0].flags.add('END_STREAM')
+
+        if self.dump_frames:  # pragma no cover
+            for frm in frms:
+                print(frm.human_readable(">>"))
+
+        return [frm.serialize() for frm in frms]
+
+    def _create_body(self, body, stream_id):
+        if body is None or len(body) == 0:
+            return b''
+
+        chunk_size = self.http2_settings[frame.SettingsFrame.MAX_FRAME_SIZE]
+        chunks = range(0, len(body), chunk_size)
+        frms = [frame.DataFrame(
+            flags=[],
+            stream_id=stream_id,
+            data=body[i:i+chunk_size]) for i in chunks]
+        frms[-1].flags.add('END_STREAM')
+
+        if self.dump_frames:  # pragma no cover
+            for frm in frms:
+                print(frm.human_readable(">>"))
+
+        return [frm.serialize() for frm in frms]
+
+    def _receive_transmission(self, stream_id=None, include_body=True):
+        if not include_body:
+            raise NotImplementedError()
+
+        body_expected = True
+
+        header_blocks = b''
+        body = b''
+
+        while True:
+            frm = self.read_frame()
+            if (
+                (isinstance(frm, frame.HeadersFrame) or isinstance(frm, frame.ContinuationFrame)) and
+                (stream_id is None or frm.stream_id == stream_id)
+            ):
+                stream_id = frm.stream_id
+                header_blocks += frm.data
+                if 'END_STREAM' in frm.flags:
+                    body_expected = False
+                if 'END_HEADERS' in frm.flags:
+                    break
+            else:
+                self._handle_unexpected_frame(frm)
+
+        while body_expected:
+            frm = self.read_frame()
+            if isinstance(frm, frame.DataFrame) and frm.stream_id == stream_id:
+                body += frm.data
+                if 'END_STREAM' in frm.flags:
+                    break
+            else:
+                self._handle_unexpected_frame(frm)
+
+        headers = Headers(
+            [[k.encode('ascii'), v.encode('ascii')] for k, v in self.decoder.decode(header_blocks)]
+        )
+
+        return stream_id, headers, body
diff --git a/netlib/netlib/http/message.py b/netlib/netlib/http/message.py
new file mode 100644
index 00000000..e3d8ce37
--- /dev/null
+++ b/netlib/netlib/http/message.py
@@ -0,0 +1,222 @@
+from __future__ import absolute_import, print_function, division
+
+import warnings
+
+import six
+
+from .headers import Headers
+from .. import encoding, utils
+
+CONTENT_MISSING = 0
+
+if six.PY2:  # pragma: nocover
+    _native = lambda x: x
+    _always_bytes = lambda x: x
+else:
+    # While the HTTP head _should_ be ASCII, it's not uncommon for certain headers to be utf-8 encoded.
+    _native = lambda x: x.decode("utf-8", "surrogateescape")
+    _always_bytes = lambda x: utils.always_bytes(x, "utf-8", "surrogateescape")
+
+
+class MessageData(utils.Serializable):
+    def __eq__(self, other):
+        if isinstance(other, MessageData):
+            return self.__dict__ == other.__dict__
+        return False
+
+    def __ne__(self, other):
+        return not self.__eq__(other)
+
+    def set_state(self, state):
+        for k, v in state.items():
+            if k == "headers":
+                v = Headers.from_state(v)
+            setattr(self, k, v)
+
+    def get_state(self):
+        state = vars(self).copy()
+        state["headers"] = state["headers"].get_state()
+        return state
+
+    @classmethod
+    def from_state(cls, state):
+        state["headers"] = Headers.from_state(state["headers"])
+        return cls(**state)
+
+
+class Message(utils.Serializable):
+    def __init__(self, data):
+        self.data = data
+
+    def __eq__(self, other):
+        if isinstance(other, Message):
+            return self.data == other.data
+        return False
+
+    def __ne__(self, other):
+        return not self.__eq__(other)
+
+    def get_state(self):
+        return self.data.get_state()
+
+    def set_state(self, state):
+        self.data.set_state(state)
+
+    @classmethod
+    def from_state(cls, state):
+        return cls(**state)
+
+    @property
+    def headers(self):
+        """
+        Message headers object
+
+        Returns:
+            netlib.http.Headers
+        """
+        return self.data.headers
+
+    @headers.setter
+    def headers(self, h):
+        self.data.headers = h
+
+    @property
+    def content(self):
+        """
+        The raw (encoded) HTTP message body
+
+        See also: :py:attr:`text`
+        """
+        return self.data.content
+
+    @content.setter
+    def content(self, content):
+        self.data.content = content
+        if isinstance(content, bytes):
+            self.headers["content-length"] = str(len(content))
+
+    @property
+    def http_version(self):
+        """
+        Version string, e.g. "HTTP/1.1"
+        """
+        return _native(self.data.http_version)
+
+    @http_version.setter
+    def http_version(self, http_version):
+        self.data.http_version = _always_bytes(http_version)
+
+    @property
+    def timestamp_start(self):
+        """
+        First byte timestamp
+        """
+        return self.data.timestamp_start
+
+    @timestamp_start.setter
+    def timestamp_start(self, timestamp_start):
+        self.data.timestamp_start = timestamp_start
+
+    @property
+    def timestamp_end(self):
+        """
+        Last byte timestamp
+        """
+        return self.data.timestamp_end
+
+    @timestamp_end.setter
+    def timestamp_end(self, timestamp_end):
+        self.data.timestamp_end = timestamp_end
+
+    @property
+    def text(self):
+        """
+        The decoded HTTP message body.
+        Decoded contents are not cached, so accessing this attribute repeatedly is relatively expensive.
+
+        .. note::
+            This is not implemented yet.
+
+        See also: :py:attr:`content`, :py:class:`decoded`
+        """
+        # This attribute should be called text, because that's what requests does.
+        raise NotImplementedError()
+
+    @text.setter
+    def text(self, text):
+        raise NotImplementedError()
+
+    def decode(self):
+        """
+            Decodes body based on the current Content-Encoding header, then
+            removes the header. If there is no Content-Encoding header, no
+            action is taken.
+
+            Returns:
+                True, if decoding succeeded.
+                False, otherwise.
+        """
+        ce = self.headers.get("content-encoding")
+        data = encoding.decode(ce, self.content)
+        if data is None:
+            return False
+        self.content = data
+        self.headers.pop("content-encoding", None)
+        return True
+
+    def encode(self, e):
+        """
+            Encodes body with the encoding e, where e is "gzip", "deflate" or "identity".
+
+            Returns:
+                True, if decoding succeeded.
+                False, otherwise.
+        """
+        data = encoding.encode(e, self.content)
+        if data is None:
+            return False
+        self.content = data
+        self.headers["content-encoding"] = e
+        return True
+
+    # Legacy
+
+    @property
+    def body(self):  # pragma: nocover
+        warnings.warn(".body is deprecated, use .content instead.", DeprecationWarning)
+        return self.content
+
+    @body.setter
+    def body(self, body):  # pragma: nocover
+        warnings.warn(".body is deprecated, use .content instead.", DeprecationWarning)
+        self.content = body
+
+
+class decoded(object):
+    """
+    A context manager that decodes a request or response, and then
+    re-encodes it with the same encoding after execution of the block.
+
+    Example:
+
+    .. code-block:: python
+
+        with decoded(request):
+            request.content = request.content.replace("foo", "bar")
+    """
+
+    def __init__(self, message):
+        self.message = message
+        ce = message.headers.get("content-encoding")
+        if ce in encoding.ENCODINGS:
+            self.ce = ce
+        else:
+            self.ce = None
+
+    def __enter__(self):
+        if self.ce:
+            self.message.decode()
+
+    def __exit__(self, type, value, tb):
+        if self.ce:
+            self.message.encode(self.ce)
diff --git a/netlib/netlib/http/request.py b/netlib/netlib/http/request.py
new file mode 100644
index 00000000..0e0f88ce
--- /dev/null
+++ b/netlib/netlib/http/request.py
@@ -0,0 +1,353 @@
+from __future__ import absolute_import, print_function, division
+
+import warnings
+
+import six
+from six.moves import urllib
+
+from netlib import utils
+from netlib.http import cookies
+from netlib.odict import ODict
+from .. import encoding
+from .headers import Headers
+from .message import Message, _native, _always_bytes, MessageData
+
+
+class RequestData(MessageData):
+    def __init__(self, first_line_format, method, scheme, host, port, path, http_version, headers=None, content=None,
+                 timestamp_start=None, timestamp_end=None):
+        if not isinstance(headers, Headers):
+            headers = Headers(headers)
+
+        self.first_line_format = first_line_format
+        self.method = method
+        self.scheme = scheme
+        self.host = host
+        self.port = port
+        self.path = path
+        self.http_version = http_version
+        self.headers = headers
+        self.content = content
+        self.timestamp_start = timestamp_start
+        self.timestamp_end = timestamp_end
+
+
+class Request(Message):
+    """
+    An HTTP request.
+    """
+    def __init__(self, *args, **kwargs):
+        data = RequestData(*args, **kwargs)
+        super(Request, self).__init__(data)
+
+    def __repr__(self):
+        if self.host and self.port:
+            hostport = "{}:{}".format(self.host, self.port)
+        else:
+            hostport = ""
+        path = self.path or ""
+        return "Request({} {}{})".format(
+            self.method, hostport, path
+        )
+
+    @property
+    def first_line_format(self):
+        """
+        HTTP request form as defined in `RFC7230 <https://tools.ietf.org/html/rfc7230#section-5.3>`_.
+
+        origin-form and asterisk-form are subsumed as "relative".
+        """
+        return self.data.first_line_format
+
+    @first_line_format.setter
+    def first_line_format(self, first_line_format):
+        self.data.first_line_format = first_line_format
+
+    @property
+    def method(self):
+        """
+        HTTP request method, e.g. "GET".
+        """
+        return _native(self.data.method).upper()
+
+    @method.setter
+    def method(self, method):
+        self.data.method = _always_bytes(method)
+
+    @property
+    def scheme(self):
+        """
+        HTTP request scheme, which should be "http" or "https".
+        """
+        return _native(self.data.scheme)
+
+    @scheme.setter
+    def scheme(self, scheme):
+        self.data.scheme = _always_bytes(scheme)
+
+    @property
+    def host(self):
+        """
+        Target host. This may be parsed from the raw request
+        (e.g. from a ``GET http://example.com/ HTTP/1.1`` request line)
+        or inferred from the proxy mode (e.g. an IP in transparent mode).
+
+        Setting the host attribute also updates the host header, if present.
+        """
+
+        if six.PY2:  # pragma: nocover
+            return self.data.host
+
+        if not self.data.host:
+            return self.data.host
+        try:
+            return self.data.host.decode("idna")
+        except UnicodeError:
+            return self.data.host.decode("utf8", "surrogateescape")
+
+    @host.setter
+    def host(self, host):
+        if isinstance(host, six.text_type):
+            try:
+                # There's no non-strict mode for IDNA encoding.
+                # We don't want this operation to fail though, so we try
+                # utf8 as a last resort.
+                host = host.encode("idna", "strict")
+            except UnicodeError:
+                host = host.encode("utf8", "surrogateescape")
+
+        self.data.host = host
+
+        # Update host header
+        if "host" in self.headers:
+            if host:
+                self.headers["host"] = host
+            else:
+                self.headers.pop("host")
+
+    @property
+    def port(self):
+        """
+        Target port
+        """
+        return self.data.port
+
+    @port.setter
+    def port(self, port):
+        self.data.port = port
+
+    @property
+    def path(self):
+        """
+        HTTP request path, e.g. "/index.html".
+        Guaranteed to start with a slash.
+        """
+        return _native(self.data.path)
+
+    @path.setter
+    def path(self, path):
+        self.data.path = _always_bytes(path)
+
+    @property
+    def url(self):
+        """
+        The URL string, constructed from the request's URL components
+        """
+        return utils.unparse_url(self.scheme, self.host, self.port, self.path)
+
+    @url.setter
+    def url(self, url):
+        self.scheme, self.host, self.port, self.path = utils.parse_url(url)
+
+    @property
+    def pretty_host(self):
+        """
+        Similar to :py:attr:`host`, but using the Host headers as an additional preferred data source.
+        This is useful in transparent mode where :py:attr:`host` is only an IP address,
+        but may not reflect the actual destination as the Host header could be spoofed.
+        """
+        return self.headers.get("host", self.host)
+
+    @property
+    def pretty_url(self):
+        """
+        Like :py:attr:`url`, but using :py:attr:`pretty_host` instead of :py:attr:`host`.
+        """
+        if self.first_line_format == "authority":
+            return "%s:%d" % (self.pretty_host, self.port)
+        return utils.unparse_url(self.scheme, self.pretty_host, self.port, self.path)
+
+    @property
+    def query(self):
+        """
+        The request query string as an :py:class:`ODict` object.
+        None, if there is no query.
+        """
+        _, _, _, _, query, _ = urllib.parse.urlparse(self.url)
+        if query:
+            return ODict(utils.urldecode(query))
+        return None
+
+    @query.setter
+    def query(self, odict):
+        query = utils.urlencode(odict.lst)
+        scheme, netloc, path, params, _, fragment = urllib.parse.urlparse(self.url)
+        self.url = urllib.parse.urlunparse([scheme, netloc, path, params, query, fragment])
+
+    @property
+    def cookies(self):
+        """
+        The request cookies.
+        An empty :py:class:`ODict` object if the cookie monster ate them all.
+        """
+        ret = ODict()
+        for i in self.headers.get_all("Cookie"):
+            ret.extend(cookies.parse_cookie_header(i))
+        return ret
+
+    @cookies.setter
+    def cookies(self, odict):
+        self.headers["cookie"] = cookies.format_cookie_header(odict)
+
+    @property
+    def path_components(self):
+        """
+        The URL's path components as a list of strings.
+        Components are unquoted.
+        """
+        _, _, path, _, _, _ = urllib.parse.urlparse(self.url)
+        return [urllib.parse.unquote(i) for i in path.split("/") if i]
+
+    @path_components.setter
+    def path_components(self, components):
+        components = map(lambda x: urllib.parse.quote(x, safe=""), components)
+        path = "/" + "/".join(components)
+        scheme, netloc, _, params, query, fragment = urllib.parse.urlparse(self.url)
+        self.url = urllib.parse.urlunparse([scheme, netloc, path, params, query, fragment])
+
+    def anticache(self):
+        """
+        Modifies this request to remove headers that might produce a cached
+        response. That is, we remove ETags and If-Modified-Since headers.
+        """
+        delheaders = [
+            "if-modified-since",
+            "if-none-match",
+        ]
+        for i in delheaders:
+            self.headers.pop(i, None)
+
+    def anticomp(self):
+        """
+        Modifies this request to remove headers that will compress the
+        resource's data.
+        """
+        self.headers["accept-encoding"] = "identity"
+
+    def constrain_encoding(self):
+        """
+        Limits the permissible Accept-Encoding values, based on what we can
+        decode appropriately.
+        """
+        accept_encoding = self.headers.get("accept-encoding")
+        if accept_encoding:
+            self.headers["accept-encoding"] = (
+                ', '.join(
+                    e
+                    for e in encoding.ENCODINGS
+                    if e in accept_encoding
+                )
+            )
+
+    @property
+    def urlencoded_form(self):
+        """
+        The URL-encoded form data as an :py:class:`ODict` object.
+        None if there is no data or the content-type indicates non-form data.
+        """
+        is_valid_content_type = "application/x-www-form-urlencoded" in self.headers.get("content-type", "").lower()
+        if self.content and is_valid_content_type:
+            return ODict(utils.urldecode(self.content))
+        return None
+
+    @urlencoded_form.setter
+    def urlencoded_form(self, odict):
+        """
+        Sets the body to the URL-encoded form data, and adds the appropriate content-type header.
+        This will overwrite the existing content if there is one.
+        """
+        self.headers["content-type"] = "application/x-www-form-urlencoded"
+        self.content = utils.urlencode(odict.lst)
+
+    @property
+    def multipart_form(self):
+        """
+        The multipart form data as an :py:class:`ODict` object.
+        None if there is no data or the content-type indicates non-form data.
+        """
+        is_valid_content_type = "multipart/form-data" in self.headers.get("content-type", "").lower()
+        if self.content and is_valid_content_type:
+            return ODict(utils.multipartdecode(self.headers,self.content))
+        return None
+
+    @multipart_form.setter
+    def multipart_form(self, value):
+        raise NotImplementedError()
+
+    # Legacy
+
+    def get_cookies(self):  # pragma: nocover
+        warnings.warn(".get_cookies is deprecated, use .cookies instead.", DeprecationWarning)
+        return self.cookies
+
+    def set_cookies(self, odict):  # pragma: nocover
+        warnings.warn(".set_cookies is deprecated, use .cookies instead.", DeprecationWarning)
+        self.cookies = odict
+
+    def get_query(self):  # pragma: nocover
+        warnings.warn(".get_query is deprecated, use .query instead.", DeprecationWarning)
+        return self.query or ODict([])
+
+    def set_query(self, odict):  # pragma: nocover
+        warnings.warn(".set_query is deprecated, use .query instead.", DeprecationWarning)
+        self.query = odict
+
+    def get_path_components(self):  # pragma: nocover
+        warnings.warn(".get_path_components is deprecated, use .path_components instead.", DeprecationWarning)
+        return self.path_components
+
+    def set_path_components(self, lst):  # pragma: nocover
+        warnings.warn(".set_path_components is deprecated, use .path_components instead.", DeprecationWarning)
+        self.path_components = lst
+
+    def get_form_urlencoded(self):  # pragma: nocover
+        warnings.warn(".get_form_urlencoded is deprecated, use .urlencoded_form instead.", DeprecationWarning)
+        return self.urlencoded_form or ODict([])
+
+    def set_form_urlencoded(self, odict):  # pragma: nocover
+        warnings.warn(".set_form_urlencoded is deprecated, use .urlencoded_form instead.", DeprecationWarning)
+        self.urlencoded_form = odict
+
+    def get_form_multipart(self):  # pragma: nocover
+        warnings.warn(".get_form_multipart is deprecated, use .multipart_form instead.", DeprecationWarning)
+        return self.multipart_form or ODict([])
+
+    @property
+    def form_in(self):  # pragma: nocover
+        warnings.warn(".form_in is deprecated, use .first_line_format instead.", DeprecationWarning)
+        return self.first_line_format
+
+    @form_in.setter
+    def form_in(self, form_in):  # pragma: nocover
+        warnings.warn(".form_in is deprecated, use .first_line_format instead.", DeprecationWarning)
+        self.first_line_format = form_in
+
+    @property
+    def form_out(self):  # pragma: nocover
+        warnings.warn(".form_out is deprecated, use .first_line_format instead.", DeprecationWarning)
+        return self.first_line_format
+
+    @form_out.setter
+    def form_out(self, form_out):  # pragma: nocover
+        warnings.warn(".form_out is deprecated, use .first_line_format instead.", DeprecationWarning)
+        self.first_line_format = form_out
\ No newline at end of file
diff --git a/netlib/netlib/http/response.py b/netlib/netlib/http/response.py
new file mode 100644
index 00000000..8f4d6215
--- /dev/null
+++ b/netlib/netlib/http/response.py
@@ -0,0 +1,116 @@
+from __future__ import absolute_import, print_function, division
+
+import warnings
+
+from . import cookies
+from .headers import Headers
+from .message import Message, _native, _always_bytes, MessageData
+from .. import utils
+from ..odict import ODict
+
+
+class ResponseData(MessageData):
+    def __init__(self, http_version, status_code, reason=None, headers=None, content=None,
+                 timestamp_start=None, timestamp_end=None):
+        if not isinstance(headers, Headers):
+            headers = Headers(headers)
+
+        self.http_version = http_version
+        self.status_code = status_code
+        self.reason = reason
+        self.headers = headers
+        self.content = content
+        self.timestamp_start = timestamp_start
+        self.timestamp_end = timestamp_end
+
+
+class Response(Message):
+    """
+    An HTTP response.
+    """
+    def __init__(self, *args, **kwargs):
+        data = ResponseData(*args, **kwargs)
+        super(Response, self).__init__(data)
+
+    def __repr__(self):
+        if self.content:
+            details = "{}, {}".format(
+                self.headers.get("content-type", "unknown content type"),
+                utils.pretty_size(len(self.content))
+            )
+        else:
+            details = "no content"
+        return "Response({status_code} {reason}, {details})".format(
+            status_code=self.status_code,
+            reason=self.reason,
+            details=details
+        )
+
+    @property
+    def status_code(self):
+        """
+        HTTP Status Code, e.g. ``200``.
+        """
+        return self.data.status_code
+
+    @status_code.setter
+    def status_code(self, status_code):
+        self.data.status_code = status_code
+
+    @property
+    def reason(self):
+        """
+        HTTP Reason Phrase, e.g. "Not Found".
+        This is always :py:obj:`None` for HTTP2 requests, because HTTP2 responses do not contain a reason phrase.
+        """
+        return _native(self.data.reason)
+
+    @reason.setter
+    def reason(self, reason):
+        self.data.reason = _always_bytes(reason)
+
+    @property
+    def cookies(self):
+        """
+        Get the contents of all Set-Cookie headers.
+
+        A possibly empty :py:class:`ODict`, where keys are cookie name strings,
+        and values are [value, attr] lists. Value is a string, and attr is
+        an ODictCaseless containing cookie attributes. Within attrs, unary
+        attributes (e.g. HTTPOnly) are indicated by a Null value.
+        """
+        ret = []
+        for header in self.headers.get_all("set-cookie"):
+            v = cookies.parse_set_cookie_header(header)
+            if v:
+                name, value, attrs = v
+                ret.append([name, [value, attrs]])
+        return ODict(ret)
+
+    @cookies.setter
+    def cookies(self, odict):
+        values = []
+        for i in odict.lst:
+            header = cookies.format_set_cookie_header(i[0], i[1][0], i[1][1])
+            values.append(header)
+        self.headers.set_all("set-cookie", values)
+
+    # Legacy
+
+    def get_cookies(self):  # pragma: nocover
+        warnings.warn(".get_cookies is deprecated, use .cookies instead.", DeprecationWarning)
+        return self.cookies
+
+    def set_cookies(self, odict):  # pragma: nocover
+        warnings.warn(".set_cookies is deprecated, use .cookies instead.", DeprecationWarning)
+        self.cookies = odict
+
+    @property
+    def msg(self):  # pragma: nocover
+        warnings.warn(".msg is deprecated, use .reason instead.", DeprecationWarning)
+        return self.reason
+
+    @msg.setter
+    def msg(self, reason):  # pragma: nocover
+        warnings.warn(".msg is deprecated, use .reason instead.", DeprecationWarning)
+        self.reason = reason
diff --git a/netlib/netlib/http/status_codes.py b/netlib/netlib/http/status_codes.py
new file mode 100644
index 00000000..8a4dc1f5
--- /dev/null
+++ b/netlib/netlib/http/status_codes.py
@@ -0,0 +1,106 @@
+from __future__ import absolute_import, print_function, division
+
+CONTINUE = 100
+SWITCHING = 101
+OK = 200
+CREATED = 201
+ACCEPTED = 202
+NON_AUTHORITATIVE_INFORMATION = 203
+NO_CONTENT = 204
+RESET_CONTENT = 205
+PARTIAL_CONTENT = 206
+MULTI_STATUS = 207
+
+MULTIPLE_CHOICE = 300
+MOVED_PERMANENTLY = 301
+FOUND = 302
+SEE_OTHER = 303
+NOT_MODIFIED = 304
+USE_PROXY = 305
+TEMPORARY_REDIRECT = 307
+
+BAD_REQUEST = 400
+UNAUTHORIZED = 401
+PAYMENT_REQUIRED = 402
+FORBIDDEN = 403
+NOT_FOUND = 404
+NOT_ALLOWED = 405
+NOT_ACCEPTABLE = 406
+PROXY_AUTH_REQUIRED = 407
+REQUEST_TIMEOUT = 408
+CONFLICT = 409
+GONE = 410
+LENGTH_REQUIRED = 411
+PRECONDITION_FAILED = 412
+REQUEST_ENTITY_TOO_LARGE = 413
+REQUEST_URI_TOO_LONG = 414
+UNSUPPORTED_MEDIA_TYPE = 415
+REQUESTED_RANGE_NOT_SATISFIABLE = 416
+EXPECTATION_FAILED = 417
+IM_A_TEAPOT = 418
+
+INTERNAL_SERVER_ERROR = 500
+NOT_IMPLEMENTED = 501
+BAD_GATEWAY = 502
+SERVICE_UNAVAILABLE = 503
+GATEWAY_TIMEOUT = 504
+HTTP_VERSION_NOT_SUPPORTED = 505
+INSUFFICIENT_STORAGE_SPACE = 507
+NOT_EXTENDED = 510
+
+RESPONSES = {
+    # 100
+    CONTINUE: "Continue",
+    SWITCHING: "Switching Protocols",
+
+    # 200
+    OK: "OK",
+    CREATED: "Created",
+    ACCEPTED: "Accepted",
+    NON_AUTHORITATIVE_INFORMATION: "Non-Authoritative Information",
+    NO_CONTENT: "No Content",
+    RESET_CONTENT: "Reset Content.",
+    PARTIAL_CONTENT: "Partial Content",
+    MULTI_STATUS: "Multi-Status",
+
+    # 300
+    MULTIPLE_CHOICE: "Multiple Choices",
+    MOVED_PERMANENTLY: "Moved Permanently",
+    FOUND: "Found",
+    SEE_OTHER: "See Other",
+    NOT_MODIFIED: "Not Modified",
+    USE_PROXY: "Use Proxy",
+    # 306 not defined??
+    TEMPORARY_REDIRECT: "Temporary Redirect",
+
+    # 400
+    BAD_REQUEST: "Bad Request",
+    UNAUTHORIZED: "Unauthorized",
+    PAYMENT_REQUIRED: "Payment Required",
+    FORBIDDEN: "Forbidden",
+    NOT_FOUND: "Not Found",
+    NOT_ALLOWED: "Method Not Allowed",
+    NOT_ACCEPTABLE: "Not Acceptable",
+    PROXY_AUTH_REQUIRED: "Proxy Authentication Required",
+    REQUEST_TIMEOUT: "Request Time-out",
+    CONFLICT: "Conflict",
+    GONE: "Gone",
+    LENGTH_REQUIRED: "Length Required",
+    PRECONDITION_FAILED: "Precondition Failed",
+    REQUEST_ENTITY_TOO_LARGE: "Request Entity Too Large",
+    REQUEST_URI_TOO_LONG: "Request-URI Too Long",
+    UNSUPPORTED_MEDIA_TYPE: "Unsupported Media Type",
+    REQUESTED_RANGE_NOT_SATISFIABLE: "Requested Range not satisfiable",
+    EXPECTATION_FAILED: "Expectation Failed",
+    IM_A_TEAPOT: "I'm a teapot",
+
+    # 500
+    INTERNAL_SERVER_ERROR: "Internal Server Error",
+    NOT_IMPLEMENTED: "Not Implemented",
+    BAD_GATEWAY: "Bad Gateway",
+    SERVICE_UNAVAILABLE: "Service Unavailable",
+    GATEWAY_TIMEOUT: "Gateway Time-out",
+    HTTP_VERSION_NOT_SUPPORTED: "HTTP Version not supported",
+    INSUFFICIENT_STORAGE_SPACE: "Insufficient Storage Space",
+    NOT_EXTENDED: "Not Extended"
+}
diff --git a/netlib/netlib/http/user_agents.py b/netlib/netlib/http/user_agents.py
new file mode 100644
index 00000000..e8681908
--- /dev/null
+++ b/netlib/netlib/http/user_agents.py
@@ -0,0 +1,52 @@
+from __future__ import (absolute_import, print_function, division)
+
+"""
+    A small collection of useful user-agent header strings. These should be
+    kept reasonably current to reflect common usage.
+"""
+
+# pylint: line-too-long
+
+# A collection of (name, shortcut, string) tuples.
+
+UASTRINGS = [
+    ("android",
+     "a",
+     "Mozilla/5.0 (Linux; U; Android 4.1.1; en-gb; Nexus 7 Build/JRO03D) AFL/01.04.02"),  # noqa
+    ("blackberry",
+     "l",
+     "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+"),  # noqa
+    ("bingbot",
+     "b",
+     "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"),  # noqa
+    ("chrome",
+     "c",
+     "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1"),  # noqa
+    ("firefox",
+     "f",
+     "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:14.0) Gecko/20120405 Firefox/14.0a1"),  # noqa
+    ("googlebot",
+     "g",
+     "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"),  # noqa
+    ("ie9",
+     "i",
+     "Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)"),  # noqa
+    ("ipad",
+     "p",
+     "Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3"),  # noqa
+    ("iphone",
+     "h",
+     "Mozilla/5.0 (iPhone; CPU iPhone OS 4_2_1 like Mac OS X) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148a Safari/6533.18.5"),  # noqa
+    ("safari",
+     "s",
+     "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10"),  # noqa
+]
+
+
+def get_by_shortcut(s):
+    """
+        Retrieve a user agent entry by shortcut.
+    """
+    for i in UASTRINGS:
+        if s == i[1]:
+            return i
diff --git a/netlib/netlib/odict.py b/netlib/netlib/odict.py
new file mode 100644
index 00000000..1e6e381a
--- /dev/null
+++ b/netlib/netlib/odict.py
@@ -0,0 +1,193 @@
+from __future__ import (absolute_import, print_function, division)
+import re
+import copy
+import six
+
+from .utils import Serializable
+
+
+def safe_subn(pattern, repl, target, *args, **kwargs):
+    """
+        There are Unicode conversion problems with re.subn. We try to smooth
+        that over by casting the pattern and replacement to strings. We really
+        need a better solution that is aware of the actual content ecoding.
+    """
+    return re.subn(str(pattern), str(repl), target, *args, **kwargs)
+
+
+class ODict(Serializable):
+
+    """
+        A dictionary-like object for managing ordered (key, value) data. Think
+        about it as a convenient interface to a list of (key, value) tuples.
+    """
+
+    def __init__(self, lst=None):
+        self.lst = lst or []
+
+    def _kconv(self, s):
+        return s
+
+    def __eq__(self, other):
+        return self.lst == other.lst
+
+    def __ne__(self, other):
+        return not self.__eq__(other)
+
+    def __iter__(self):
+        return self.lst.__iter__()
+
+    def __getitem__(self, k):
+        """
+            Returns a list of values matching key.
+        """
+        ret = []
+        k = self._kconv(k)
+        for i in self.lst:
+            if self._kconv(i[0]) == k:
+                ret.append(i[1])
+        return ret
+
+    def keys(self):
+        return list(set([self._kconv(i[0]) for i in self.lst]))
+
+    def _filter_lst(self, k, lst):
+        k = self._kconv(k)
+        new = []
+        for i in lst:
+            if self._kconv(i[0]) != k:
+                new.append(i)
+        return new
+
+    def __len__(self):
+        """
+            Total number of (key, value) pairs.
+        """
+        return len(self.lst)
+
+    def __setitem__(self, k, valuelist):
+        """
+            Sets the values for key k. If there are existing values for this
+            key, they are cleared.
+        """
+        if isinstance(valuelist, six.text_type) or isinstance(valuelist, six.binary_type):
+            raise ValueError(
+                "Expected list of values instead of string. "
+                "Example: odict[b'Host'] = [b'www.example.com']"
+            )
+        kc = self._kconv(k)
+        new = []
+        for i in self.lst:
+            if self._kconv(i[0]) == kc:
+                if valuelist:
+                    new.append([k, valuelist.pop(0)])
+            else:
+                new.append(i)
+        while valuelist:
+            new.append([k, valuelist.pop(0)])
+        self.lst = new
+
+    def __delitem__(self, k):
+        """
+            Delete all items matching k.
+        """
+        self.lst = self._filter_lst(k, self.lst)
+
+    def __contains__(self, k):
+        k = self._kconv(k)
+        for i in self.lst:
+            if self._kconv(i[0]) == k:
+                return True
+        return False
+
+    def add(self, key, value, prepend=False):
+        if prepend:
+            self.lst.insert(0, [key, value])
+        else:
+            self.lst.append([key, value])
+
+    def get(self, k, d=None):
+        if k in self:
+            return self[k]
+        else:
+            return d
+
+    def get_first(self, k, d=None):
+        if k in self:
+            return self[k][0]
+        else:
+            return d
+
+    def items(self):
+        return self.lst[:]
+
+    def copy(self):
+        """
+            Returns a copy of this object.
+        """
+        lst = copy.deepcopy(self.lst)
+        return self.__class__(lst)
+
+    def extend(self, other):
+        """
+            Add the contents of other, preserving any duplicates.
+        """
+        self.lst.extend(other.lst)
+
+    def __repr__(self):
+        return repr(self.lst)
+
+    def in_any(self, key, value, caseless=False):
+        """
+            Do any of the values matching key contain value?
+
+            If caseless is true, value comparison is case-insensitive.
+        """
+        if caseless:
+            value = value.lower()
+        for i in self[key]:
+            if caseless:
+                i = i.lower()
+            if value in i:
+                return True
+        return False
+
+    def replace(self, pattern, repl, *args, **kwargs):
+        """
+            Replaces a regular expression pattern with repl in both keys and
+            values. Encoded content will be decoded before replacement, and
+            re-encoded afterwards.
+
+            Returns the number of replacements made.
+        """
+        nlst, count = [], 0
+        for i in self.lst:
+            k, c = safe_subn(pattern, repl, i[0], *args, **kwargs)
+            count += c
+            v, c = safe_subn(pattern, repl, i[1], *args, **kwargs)
+            count += c
+            nlst.append([k, v])
+        self.lst = nlst
+        return count
+
+    # Implement the StateObject protocol from mitmproxy
+    def get_state(self):
+        return [tuple(i) for i in self.lst]
+
+    def set_state(self, state):
+        self.lst = [list(i) for i in state]
+
+    @classmethod
+    def from_state(cls, state):
+        return cls([list(i) for i in state])
+
+
+class ODictCaseless(ODict):
+
+    """
+        A variant of ODict with "caseless" keys. This version _preserves_ key
+        case, but does not consider case when setting or getting items.
+    """
+
+    def _kconv(self, s):
+        return s.lower()
diff --git a/netlib/netlib/socks.py b/netlib/netlib/socks.py
new file mode 100644
index 00000000..51ad1c63
--- /dev/null
+++ b/netlib/netlib/socks.py
@@ -0,0 +1,176 @@
+from __future__ import (absolute_import, print_function, division)
+import struct
+import array
+import ipaddress
+from . import tcp, utils
+
+
+class SocksError(Exception):
+    def __init__(self, code, message):
+        super(SocksError, self).__init__(message)
+        self.code = code
+
+
+VERSION = utils.BiDi(
+    SOCKS4=0x04,
+    SOCKS5=0x05
+)
+
+CMD = utils.BiDi(
+    CONNECT=0x01,
+    BIND=0x02,
+    UDP_ASSOCIATE=0x03
+)
+
+ATYP = utils.BiDi(
+    IPV4_ADDRESS=0x01,
+    DOMAINNAME=0x03,
+    IPV6_ADDRESS=0x04
+)
+
+REP = utils.BiDi(
+    SUCCEEDED=0x00,
+    GENERAL_SOCKS_SERVER_FAILURE=0x01,
+    CONNECTION_NOT_ALLOWED_BY_RULESET=0x02,
+    NETWORK_UNREACHABLE=0x03,
+    HOST_UNREACHABLE=0x04,
+    CONNECTION_REFUSED=0x05,
+    TTL_EXPIRED=0x06,
+    COMMAND_NOT_SUPPORTED=0x07,
+    ADDRESS_TYPE_NOT_SUPPORTED=0x08,
+)
+
+METHOD = utils.BiDi(
+    NO_AUTHENTICATION_REQUIRED=0x00,
+    GSSAPI=0x01,
+    USERNAME_PASSWORD=0x02,
+    NO_ACCEPTABLE_METHODS=0xFF
+)
+
+
+class ClientGreeting(object):
+    __slots__ = ("ver", "methods")
+
+    def __init__(self, ver, methods):
+        self.ver = ver
+        self.methods = array.array("B")
+        self.methods.extend(methods)
+
+    def assert_socks5(self):
+        if self.ver != VERSION.SOCKS5:
+            if self.ver == ord("G") and len(self.methods) == ord("E"):
+                guess = "Probably not a SOCKS request but a regular HTTP request. "
+            else:
+                guess = ""
+
+            raise SocksError(
+                REP.GENERAL_SOCKS_SERVER_FAILURE,
+                guess + "Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
+            )
+
+    @classmethod
+    def from_file(cls, f, fail_early=False):
+        """
+        :param fail_early: If true, a SocksError will be raised if the first byte does not indicate socks5.
+        """
+        ver, nmethods = struct.unpack("!BB", f.safe_read(2))
+        client_greeting = cls(ver, [])
+        if fail_early:
+            client_greeting.assert_socks5()
+        client_greeting.methods.fromstring(f.safe_read(nmethods))
+        return client_greeting
+
+    def to_file(self, f):
+        f.write(struct.pack("!BB", self.ver, len(self.methods)))
+        f.write(self.methods.tostring())
+
+
+class ServerGreeting(object):
+    __slots__ = ("ver", "method")
+
+    def __init__(self, ver, method):
+        self.ver = ver
+        self.method = method
+
+    def assert_socks5(self):
+        if self.ver != VERSION.SOCKS5:
+            if self.ver == ord("H") and self.method == ord("T"):
+                guess = "Probably not a SOCKS request but a regular HTTP response. "
+            else:
+                guess = ""
+
+            raise SocksError(
+                REP.GENERAL_SOCKS_SERVER_FAILURE,
+                guess + "Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
+            )
+
+    @classmethod
+    def from_file(cls, f):
+        ver, method = struct.unpack("!BB", f.safe_read(2))
+        return cls(ver, method)
+
+    def to_file(self, f):
+        f.write(struct.pack("!BB", self.ver, self.method))
+
+
+class Message(object):
+    __slots__ = ("ver", "msg", "atyp", "addr")
+
+    def __init__(self, ver, msg, atyp, addr):
+        self.ver = ver
+        self.msg = msg
+        self.atyp = atyp
+        self.addr = tcp.Address.wrap(addr)
+
+    def assert_socks5(self):
+        if self.ver != VERSION.SOCKS5:
+            raise SocksError(
+                REP.GENERAL_SOCKS_SERVER_FAILURE,
+                "Invalid SOCKS version. Expected 0x05, got 0x%x" % self.ver
+            )
+
+    @classmethod
+    def from_file(cls, f):
+        ver, msg, rsv, atyp = struct.unpack("!BBBB", f.safe_read(4))
+        if rsv != 0x00:
+            raise SocksError(
+                REP.GENERAL_SOCKS_SERVER_FAILURE,
+                "Socks Request: Invalid reserved byte: %s" % rsv
+            )
+        if atyp == ATYP.IPV4_ADDRESS:
+            # We use tnoa here as ntop is not commonly available on Windows.
+            host = ipaddress.IPv4Address(f.safe_read(4)).compressed
+            use_ipv6 = False
+        elif atyp == ATYP.IPV6_ADDRESS:
+            host = ipaddress.IPv6Address(f.safe_read(16)).compressed
+            use_ipv6 = True
+        elif atyp == ATYP.DOMAINNAME:
+            length, = struct.unpack("!B", f.safe_read(1))
+            host = f.safe_read(length)
+            if not utils.is_valid_host(host):
+                raise SocksError(REP.GENERAL_SOCKS_SERVER_FAILURE, "Invalid hostname: %s" % host)
+            host = host.decode("idna")
+            use_ipv6 = False
+        else:
+            raise SocksError(REP.ADDRESS_TYPE_NOT_SUPPORTED,
+                             "Socks Request: Unknown ATYP: %s" % atyp)
+
+        port, = struct.unpack("!H", f.safe_read(2))
+        addr = tcp.Address((host, port), use_ipv6=use_ipv6)
+        return cls(ver, msg, atyp, addr)
+
+    def to_file(self, f):
+        f.write(struct.pack("!BBBB", self.ver, self.msg, 0x00, self.atyp))
+        if self.atyp == ATYP.IPV4_ADDRESS:
+            f.write(ipaddress.IPv4Address(self.addr.host).packed)
+        elif self.atyp == ATYP.IPV6_ADDRESS:
+            f.write(ipaddress.IPv6Address(self.addr.host).packed)
+        elif self.atyp == ATYP.DOMAINNAME:
+            f.write(struct.pack("!B", len(self.addr.host)))
+            f.write(self.addr.host.encode("idna"))
+        else:
+            raise SocksError(
+                REP.ADDRESS_TYPE_NOT_SUPPORTED,
+                "Unknown ATYP: %s" % self.atyp
+            )
+        f.write(struct.pack("!H", self.addr.port))
diff --git a/netlib/netlib/tcp.py b/netlib/netlib/tcp.py
new file mode 100644
index 00000000..61b41cdc
--- /dev/null
+++ b/netlib/netlib/tcp.py
@@ -0,0 +1,911 @@
+from __future__ import (absolute_import, print_function, division)
+import os
+import select
+import socket
+import sys
+import threading
+import time
+import traceback
+
+import binascii
+from six.moves import range
+
+import certifi
+from backports import ssl_match_hostname
+import six
+import OpenSSL
+from OpenSSL import SSL
+
+from . import certutils, version_check, utils
+
+# This is a rather hackish way to make sure that
+# the latest version of pyOpenSSL is actually installed.
+from netlib.exceptions import InvalidCertificateException, TcpReadIncomplete, TlsException, \
+    TcpTimeout, TcpDisconnect, TcpException
+
+version_check.check_pyopenssl_version()
+
+if six.PY2:
+    socket_fileobject = socket._fileobject
+else:
+    socket_fileobject = socket.SocketIO
+
+EINTR = 4
+if os.environ.get("NO_ALPN"):
+    HAS_ALPN = False
+else:
+    HAS_ALPN = OpenSSL._util.lib.Cryptography_HAS_ALPN
+
+# To enable all SSL methods use: SSLv23
+# then add options to disable certain methods
+# https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
+SSL_BASIC_OPTIONS = (
+    SSL.OP_CIPHER_SERVER_PREFERENCE
+)
+if hasattr(SSL, "OP_NO_COMPRESSION"):
+    SSL_BASIC_OPTIONS |= SSL.OP_NO_COMPRESSION
+
+SSL_DEFAULT_METHOD = SSL.SSLv23_METHOD
+SSL_DEFAULT_OPTIONS = (
+    SSL.OP_NO_SSLv2 |
+    SSL.OP_NO_SSLv3 |
+    SSL_BASIC_OPTIONS
+)
+if hasattr(SSL, "OP_NO_COMPRESSION"):
+    SSL_DEFAULT_OPTIONS |= SSL.OP_NO_COMPRESSION
+
+"""
+Map a reasonable SSL version specification into the format OpenSSL expects.
+Don't ask...
+https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
+"""
+sslversion_choices = {
+    "all": (SSL.SSLv23_METHOD, SSL_BASIC_OPTIONS),
+    # SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+
+    # TLSv1_METHOD would be TLS 1.0 only
+    "secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL_BASIC_OPTIONS)),
+    "SSLv2": (SSL.SSLv2_METHOD, SSL_BASIC_OPTIONS),
+    "SSLv3": (SSL.SSLv3_METHOD, SSL_BASIC_OPTIONS),
+    "TLSv1": (SSL.TLSv1_METHOD, SSL_BASIC_OPTIONS),
+    "TLSv1_1": (SSL.TLSv1_1_METHOD, SSL_BASIC_OPTIONS),
+    "TLSv1_2": (SSL.TLSv1_2_METHOD, SSL_BASIC_OPTIONS),
+}
+
+class SSLKeyLogger(object):
+
+    def __init__(self, filename):
+        self.filename = filename
+        self.f = None
+        self.lock = threading.Lock()
+
+    # required for functools.wraps, which pyOpenSSL uses.
+    __name__ = "SSLKeyLogger"
+
+    def __call__(self, connection, where, ret):
+        if where == SSL.SSL_CB_HANDSHAKE_DONE and ret == 1:
+            with self.lock:
+                if not self.f:
+                    d = os.path.dirname(self.filename)
+                    if not os.path.isdir(d):
+                        os.makedirs(d)
+                    self.f = open(self.filename, "ab")
+                    self.f.write(b"\r\n")
+                client_random = binascii.hexlify(connection.client_random())
+                masterkey = binascii.hexlify(connection.master_key())
+                self.f.write(b"CLIENT_RANDOM %s %s\r\n" % (client_random, masterkey))
+                self.f.flush()
+
+    def close(self):
+        with self.lock:
+            if self.f:
+                self.f.close()
+
+    @staticmethod
+    def create_logfun(filename):
+        if filename:
+            return SSLKeyLogger(filename)
+        return False
+
+log_ssl_key = SSLKeyLogger.create_logfun(
+    os.getenv("MITMPROXY_SSLKEYLOGFILE") or os.getenv("SSLKEYLOGFILE"))
+
+
+class _FileLike(object):
+    BLOCKSIZE = 1024 * 32
+
+    def __init__(self, o):
+        self.o = o
+        self._log = None
+        self.first_byte_timestamp = None
+
+    def set_descriptor(self, o):
+        self.o = o
+
+    def __getattr__(self, attr):
+        return getattr(self.o, attr)
+
+    def start_log(self):
+        """
+            Starts or resets the log.
+
+            This will store all bytes read or written.
+        """
+        self._log = []
+
+    def stop_log(self):
+        """
+            Stops the log.
+        """
+        self._log = None
+
+    def is_logging(self):
+        return self._log is not None
+
+    def get_log(self):
+        """
+            Returns the log as a string.
+        """
+        if not self.is_logging():
+            raise ValueError("Not logging!")
+        return b"".join(self._log)
+
+    def add_log(self, v):
+        if self.is_logging():
+            self._log.append(v)
+
+    def reset_timestamps(self):
+        self.first_byte_timestamp = None
+
+
+class Writer(_FileLike):
+
+    def flush(self):
+        """
+            May raise TcpDisconnect
+        """
+        if hasattr(self.o, "flush"):
+            try:
+                self.o.flush()
+            except (socket.error, IOError) as v:
+                raise TcpDisconnect(str(v))
+
+    def write(self, v):
+        """
+            May raise TcpDisconnect
+        """
+        if v:
+            self.first_byte_timestamp = self.first_byte_timestamp or time.time()
+            try:
+                if hasattr(self.o, "sendall"):
+                    self.add_log(v)
+                    return self.o.sendall(v)
+                else:
+                    r = self.o.write(v)
+                    self.add_log(v[:r])
+                    return r
+            except (SSL.Error, socket.error) as e:
+                raise TcpDisconnect(str(e))
+
+
+class Reader(_FileLike):
+
+    def read(self, length):
+        """
+            If length is -1, we read until connection closes.
+        """
+        result = b''
+        start = time.time()
+        while length == -1 or length > 0:
+            if length == -1 or length > self.BLOCKSIZE:
+                rlen = self.BLOCKSIZE
+            else:
+                rlen = length
+            try:
+                data = self.o.read(rlen)
+            except SSL.ZeroReturnError:
+                # TLS connection was shut down cleanly
+                break
+            except (SSL.WantWriteError, SSL.WantReadError):
+                # From the OpenSSL docs:
+                # If the underlying BIO is non-blocking, SSL_read() will also return when the
+                # underlying BIO could not satisfy the needs of SSL_read() to continue the
+                # operation. In this case a call to SSL_get_error with the return value of
+                # SSL_read() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
+                if (time.time() - start) < self.o.gettimeout():
+                    time.sleep(0.1)
+                    continue
+                else:
+                    raise TcpTimeout()
+            except socket.timeout:
+                raise TcpTimeout()
+            except socket.error as e:
+                raise TcpDisconnect(str(e))
+            except SSL.SysCallError as e:
+                if e.args == (-1, 'Unexpected EOF'):
+                    break
+                raise TlsException(str(e))
+            except SSL.Error as e:
+                raise TlsException(str(e))
+            self.first_byte_timestamp = self.first_byte_timestamp or time.time()
+            if not data:
+                break
+            result += data
+            if length != -1:
+                length -= len(data)
+        self.add_log(result)
+        return result
+
+    def readline(self, size=None):
+        result = b''
+        bytes_read = 0
+        while True:
+            if size is not None and bytes_read >= size:
+                break
+            ch = self.read(1)
+            bytes_read += 1
+            if not ch:
+                break
+            else:
+                result += ch
+                if ch == b'\n':
+                    break
+        return result
+
+    def safe_read(self, length):
+        """
+            Like .read, but is guaranteed to either return length bytes, or
+            raise an exception.
+        """
+        result = self.read(length)
+        if length != -1 and len(result) != length:
+            if not result:
+                raise TcpDisconnect()
+            else:
+                raise TcpReadIncomplete(
+                    "Expected %s bytes, got %s" % (length, len(result))
+                )
+        return result
+
+    def peek(self, length):
+        """
+        Tries to peek into the underlying file object.
+
+        Returns:
+            Up to the next N bytes if peeking is successful.
+
+        Raises:
+            TcpException if there was an error with the socket
+            TlsException if there was an error with pyOpenSSL.
+            NotImplementedError if the underlying file object is not a [pyOpenSSL] socket
+        """
+        if isinstance(self.o, socket_fileobject):
+            try:
+                return self.o._sock.recv(length, socket.MSG_PEEK)
+            except socket.error as e:
+                raise TcpException(repr(e))
+        elif isinstance(self.o, SSL.Connection):
+            try:
+                if tuple(int(x) for x in OpenSSL.__version__.split(".")[:2]) > (0, 15):
+                    return self.o.recv(length, socket.MSG_PEEK)
+                else:
+                    # TODO: remove once a new version is released
+                    # Polyfill for pyOpenSSL <= 0.15.1
+                    # Taken from https://github.com/pyca/pyopenssl/commit/1d95dea7fea03c7c0df345a5ea30c12d8a0378d2
+                    buf = SSL._ffi.new("char[]", length)
+                    result = SSL._lib.SSL_peek(self.o._ssl, buf, length)
+                    self.o._raise_ssl_error(self.o._ssl, result)
+                    return SSL._ffi.buffer(buf, result)[:]
+            except SSL.Error as e:
+                six.reraise(TlsException, TlsException(str(e)), sys.exc_info()[2])
+        else:
+            raise NotImplementedError("Can only peek into (pyOpenSSL) sockets")
+
+
+class Address(utils.Serializable):
+
+    """
+        This class wraps an IPv4/IPv6 tuple to provide named attributes and
+        ipv6 information.
+    """
+
+    def __init__(self, address, use_ipv6=False):
+        self.address = tuple(address)
+        self.use_ipv6 = use_ipv6
+
+    def get_state(self):
+        return {
+            "address": self.address,
+            "use_ipv6": self.use_ipv6
+        }
+
+    def set_state(self, state):
+        self.address = state["address"]
+        self.use_ipv6 = state["use_ipv6"]
+
+    @classmethod
+    def from_state(cls, state):
+        return Address(**state)
+
+    @classmethod
+    def wrap(cls, t):
+        if isinstance(t, cls):
+            return t
+        else:
+            return cls(t)
+
+    def __call__(self):
+        return self.address
+
+    @property
+    def host(self):
+        return self.address[0]
+
+    @property
+    def port(self):
+        return self.address[1]
+
+    @property
+    def use_ipv6(self):
+        return self.family == socket.AF_INET6
+
+    @use_ipv6.setter
+    def use_ipv6(self, b):
+        self.family = socket.AF_INET6 if b else socket.AF_INET
+
+    def __repr__(self):
+        return "{}:{}".format(self.host, self.port)
+
+    def __str__(self):
+        return str(self.address)
+
+    def __eq__(self, other):
+        if not other:
+            return False
+        other = Address.wrap(other)
+        return (self.address, self.family) == (other.address, other.family)
+
+    def __ne__(self, other):
+        return not self.__eq__(other)
+
+    def __hash__(self):
+        return hash(self.address) ^ 42  # different hash than the tuple alone.
+
+
+def ssl_read_select(rlist, timeout):
+    """
+    This is a wrapper around select.select() which also works for SSL.Connections
+    by taking ssl_connection.pending() into account.
+
+    Caveats:
+        If .pending() > 0 for any of the connections in rlist, we avoid the select syscall
+        and **will not include any other connections which may or may not be ready**.
+
+    Args:
+        rlist: wait until ready for reading
+
+    Returns:
+        subset of rlist which is ready for reading.
+    """
+    return [
+        conn for conn in rlist
+        if isinstance(conn, SSL.Connection) and conn.pending() > 0
+    ] or select.select(rlist, (), (), timeout)[0]
+
+
+def close_socket(sock):
+    """
+    Does a hard close of a socket, without emitting a RST.
+    """
+    try:
+        # We already indicate that we close our end.
+        # may raise "Transport endpoint is not connected" on Linux
+        sock.shutdown(socket.SHUT_WR)
+
+        # Section 4.2.2.13 of RFC 1122 tells us that a close() with any pending
+        # readable data could lead to an immediate RST being sent (which is the
+        # case on Windows).
+        # http://ia600609.us.archive.org/22/items/TheUltimateSo_lingerPageOrWhyIsMyTcpNotReliable/the-ultimate-so_linger-page-or-why-is-my-tcp-not-reliable.html
+        #
+        # This in turn results in the following issue: If we send an error page
+        # to the client and then close the socket, the RST may be received by
+        # the client before the error page and the users sees a connection
+        # error rather than the error page. Thus, we try to empty the read
+        # buffer on Windows first. (see
+        # https://github.com/mitmproxy/mitmproxy/issues/527#issuecomment-93782988)
+        #
+
+        if os.name == "nt":  # pragma: no cover
+            # We cannot rely on the shutdown()-followed-by-read()-eof technique
+            # proposed by the page above: Some remote machines just don't send
+            # a TCP FIN, which would leave us in the unfortunate situation that
+            # recv() would block infinitely. As a workaround, we set a timeout
+            # here even if we are in blocking mode.
+            sock.settimeout(sock.gettimeout() or 20)
+
+            # limit at a megabyte so that we don't read infinitely
+            for _ in range(1024 ** 3 // 4096):
+                # may raise a timeout/disconnect exception.
+                if not sock.recv(4096):
+                    break
+
+        # Now we can close the other half as well.
+        sock.shutdown(socket.SHUT_RD)
+
+    except socket.error:
+        pass
+
+    sock.close()
+
+
+class _Connection(object):
+
+    rbufsize = -1
+    wbufsize = -1
+
+    def _makefile(self):
+        """
+        Set up .rfile and .wfile attributes from .connection
+        """
+        # Ideally, we would use the Buffered IO in Python 3 by default.
+        # Unfortunately, the implementation of .peek() is broken for n>1 bytes,
+        # as it may just return what's left in the buffer and not all the bytes we want.
+        # As a workaround, we just use unbuffered sockets directly.
+        # https://mail.python.org/pipermail/python-dev/2009-June/089986.html
+        if six.PY2:
+            self.rfile = Reader(self.connection.makefile('rb', self.rbufsize))
+            self.wfile = Writer(self.connection.makefile('wb', self.wbufsize))
+        else:
+            self.rfile = Reader(socket.SocketIO(self.connection, "rb"))
+            self.wfile = Writer(socket.SocketIO(self.connection, "wb"))
+
+    def __init__(self, connection):
+        if connection:
+            self.connection = connection
+            self._makefile()
+        else:
+            self.connection = None
+            self.rfile = None
+            self.wfile = None
+
+        self.ssl_established = False
+        self.finished = False
+
+    def get_current_cipher(self):
+        if not self.ssl_established:
+            return None
+
+        name = self.connection.get_cipher_name()
+        bits = self.connection.get_cipher_bits()
+        version = self.connection.get_cipher_version()
+        return name, bits, version
+
+    def finish(self):
+        self.finished = True
+        # If we have an SSL connection, wfile.close == connection.close
+        # (We call _FileLike.set_descriptor(conn))
+        # Closing the socket is not our task, therefore we don't call close
+        # then.
+        if not isinstance(self.connection, SSL.Connection):
+            if not getattr(self.wfile, "closed", False):
+                try:
+                    self.wfile.flush()
+                    self.wfile.close()
+                except TcpDisconnect:
+                    pass
+
+            self.rfile.close()
+        else:
+            try:
+                self.connection.shutdown()
+            except SSL.Error:
+                pass
+
+    def _create_ssl_context(self,
+                            method=SSL_DEFAULT_METHOD,
+                            options=SSL_DEFAULT_OPTIONS,
+                            verify_options=SSL.VERIFY_NONE,
+                            ca_path=None,
+                            ca_pemfile=None,
+                            cipher_list=None,
+                            alpn_protos=None,
+                            alpn_select=None,
+                            alpn_select_callback=None,
+                            ):
+        """
+        Creates an SSL Context.
+
+        :param method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD, TLSv1_1_METHOD, or TLSv1_2_METHOD
+        :param options: A bit field consisting of OpenSSL.SSL.OP_* values
+        :param verify_options: A bit field consisting of OpenSSL.SSL.VERIFY_* values
+        :param ca_path: Path to a directory of trusted CA certificates prepared using the c_rehash tool
+        :param ca_pemfile: Path to a PEM formatted trusted CA certificate
+        :param cipher_list: A textual OpenSSL cipher list, see https://www.openssl.org/docs/apps/ciphers.html
+        :rtype : SSL.Context
+        """
+        context = SSL.Context(method)
+        # Options (NO_SSLv2/3)
+        if options is not None:
+            context.set_options(options)
+
+        # Verify Options (NONE/PEER and trusted CAs)
+        if verify_options is not None:
+            def verify_cert(conn, x509, errno, err_depth, is_cert_verified):
+                if not is_cert_verified:
+                    self.ssl_verification_error = dict(errno=errno,
+                                                       depth=err_depth)
+                return is_cert_verified
+
+            context.set_verify(verify_options, verify_cert)
+            if ca_path is None and ca_pemfile is None:
+                ca_pemfile = certifi.where()
+            context.load_verify_locations(ca_pemfile, ca_path)
+
+        # Workaround for
+        # https://github.com/pyca/pyopenssl/issues/190
+        # https://github.com/mitmproxy/mitmproxy/issues/472
+        # Options already set before are not cleared.
+        context.set_mode(SSL._lib.SSL_MODE_AUTO_RETRY)
+
+        # Cipher List
+        if cipher_list:
+            try:
+                context.set_cipher_list(cipher_list)
+
+                # TODO: maybe change this to with newer pyOpenSSL APIs
+                context.set_tmp_ecdh(OpenSSL.crypto.get_elliptic_curve('prime256v1'))
+            except SSL.Error as v:
+                raise TlsException("SSL cipher specification error: %s" % str(v))
+
+        # SSLKEYLOGFILE
+        if log_ssl_key:
+            context.set_info_callback(log_ssl_key)
+
+        if HAS_ALPN:
+            if alpn_protos is not None:
+                # advertise application layer protocols
+                context.set_alpn_protos(alpn_protos)
+            elif alpn_select is not None and alpn_select_callback is None:
+                # select application layer protocol
+                def alpn_select_callback(conn_, options):
+                    if alpn_select in options:
+                        return bytes(alpn_select)
+                    else:  # pragma no cover
+                        return options[0]
+                context.set_alpn_select_callback(alpn_select_callback)
+            elif alpn_select_callback is not None and alpn_select is None:
+                context.set_alpn_select_callback(alpn_select_callback)
+            elif alpn_select_callback is not None and alpn_select is not None:
+                raise TlsException("ALPN error: only define alpn_select (string) OR alpn_select_callback (method).")
+
+        return context
+
+
+class TCPClient(_Connection):
+
+    def __init__(self, address, source_address=None):
+        super(TCPClient, self).__init__(None)
+        self.address = address
+        self.source_address = source_address
+        self.cert = None
+        self.ssl_verification_error = None
+        self.sni = None
+
+    @property
+    def address(self):
+        return self.__address
+
+    @address.setter
+    def address(self, address):
+        if address:
+            self.__address = Address.wrap(address)
+        else:
+            self.__address = None
+
+    @property
+    def source_address(self):
+        return self.__source_address
+
+    @source_address.setter
+    def source_address(self, source_address):
+        if source_address:
+            self.__source_address = Address.wrap(source_address)
+        else:
+            self.__source_address = None
+
+    def close(self):
+        # Make sure to close the real socket, not the SSL proxy.
+        # OpenSSL is really good at screwing up, i.e. when trying to recv from a failed connection,
+        # it tries to renegotiate...
+        if isinstance(self.connection, SSL.Connection):
+            close_socket(self.connection._socket)
+        else:
+            close_socket(self.connection)
+
+    def create_ssl_context(self, cert=None, alpn_protos=None, **sslctx_kwargs):
+        context = self._create_ssl_context(
+            alpn_protos=alpn_protos,
+            **sslctx_kwargs)
+        # Client Certs
+        if cert:
+            try:
+                context.use_privatekey_file(cert)
+                context.use_certificate_file(cert)
+            except SSL.Error as v:
+                raise TlsException("SSL client certificate error: %s" % str(v))
+        return context
+
+    def convert_to_ssl(self, sni=None, alpn_protos=None, **sslctx_kwargs):
+        """
+            cert: Path to a file containing both client cert and private key.
+
+            options: A bit field consisting of OpenSSL.SSL.OP_* values
+            verify_options: A bit field consisting of OpenSSL.SSL.VERIFY_* values
+            ca_path: Path to a directory of trusted CA certificates prepared using the c_rehash tool
+            ca_pemfile: Path to a PEM formatted trusted CA certificate
+        """
+        verification_mode = sslctx_kwargs.get('verify_options', None)
+        if verification_mode == SSL.VERIFY_PEER and not sni:
+            raise TlsException("Cannot validate certificate hostname without SNI")
+
+        context = self.create_ssl_context(
+            alpn_protos=alpn_protos,
+            **sslctx_kwargs
+        )
+        self.connection = SSL.Connection(context, self.connection)
+        if sni:
+            self.sni = sni
+            self.connection.set_tlsext_host_name(sni)
+        self.connection.set_connect_state()
+        try:
+            self.connection.do_handshake()
+        except SSL.Error as v:
+            if self.ssl_verification_error:
+                raise InvalidCertificateException("SSL handshake error: %s" % repr(v))
+            else:
+                raise TlsException("SSL handshake error: %s" % repr(v))
+        else:
+            # Fix for pre v1.0 OpenSSL, which doesn't throw an exception on
+            # certificate validation failure
+            if verification_mode == SSL.VERIFY_PEER and self.ssl_verification_error is not None:
+                raise InvalidCertificateException("SSL handshake error: certificate verify failed")
+
+        self.cert = certutils.SSLCert(self.connection.get_peer_certificate())
+
+        # Validate TLS Hostname
+        try:
+            crt = dict(
+                subjectAltName=[("DNS", x.decode("ascii", "strict")) for x in self.cert.altnames]
+            )
+            if self.cert.cn:
+                crt["subject"] = [[["commonName", self.cert.cn.decode("ascii", "strict")]]]
+            if sni:
+                hostname = sni.decode("ascii", "strict")
+            else:
+                hostname = "no-hostname"
+            ssl_match_hostname.match_hostname(crt, hostname)
+        except (ValueError, ssl_match_hostname.CertificateError) as e:
+            self.ssl_verification_error = dict(depth=0, errno="Invalid Hostname")
+            if verification_mode == SSL.VERIFY_PEER:
+                raise InvalidCertificateException("Presented certificate for {} is not valid: {}".format(sni, str(e)))
+
+        self.ssl_established = True
+        self.rfile.set_descriptor(self.connection)
+        self.wfile.set_descriptor(self.connection)
+
+    def connect(self):
+        try:
+            connection = socket.socket(self.address.family, socket.SOCK_STREAM)
+            if self.source_address:
+                connection.bind(self.source_address())
+            connection.connect(self.address())
+            if not self.source_address:
+                self.source_address = Address(connection.getsockname())
+        except (socket.error, IOError) as err:
+            raise TcpException(
+                'Error connecting to "%s": %s' %
+                (self.address.host, err))
+        self.connection = connection
+        self._makefile()
+
+    def settimeout(self, n):
+        self.connection.settimeout(n)
+
+    def gettimeout(self):
+        return self.connection.gettimeout()
+
+    def get_alpn_proto_negotiated(self):
+        if HAS_ALPN and self.ssl_established:
+            return self.connection.get_alpn_proto_negotiated()
+        else:
+            return b""
+
+
+class BaseHandler(_Connection):
+
+    """
+        The instantiator is expected to call the handle() and finish() methods.
+    """
+
+    def __init__(self, connection, address, server):
+        super(BaseHandler, self).__init__(connection)
+        self.address = Address.wrap(address)
+        self.server = server
+        self.clientcert = None
+
+    def create_ssl_context(self,
+                           cert, key,
+                           handle_sni=None,
+                           request_client_cert=None,
+                           chain_file=None,
+                           dhparams=None,
+                           **sslctx_kwargs):
+        """
+            cert: A certutils.SSLCert object or the path to a certificate
+            chain file.
+
+            handle_sni: SNI handler, should take a connection object. Server
+            name can be retrieved like this:
+
+                    connection.get_servername()
+
+            And you can specify the connection keys as follows:
+
+                    new_context = Context(TLSv1_METHOD)
+                    new_context.use_privatekey(key)
+                    new_context.use_certificate(cert)
+                    connection.set_context(new_context)
+
+            The request_client_cert argument requires some explanation. We're
+            supposed to be able to do this with no negative effects - if the
+            client has no cert to present, we're notified and proceed as usual.
+            Unfortunately, Android seems to have a bug (tested on 4.2.2) - when
+            an Android client is asked to present a certificate it does not
+            have, it hangs up, which is frankly bogus. Some time down the track
+            we may be able to make the proper behaviour the default again, but
+            until then we're conservative.
+        """
+
+        context = self._create_ssl_context(**sslctx_kwargs)
+
+        context.use_privatekey(key)
+        if isinstance(cert, certutils.SSLCert):
+            context.use_certificate(cert.x509)
+        else:
+            context.use_certificate_chain_file(cert)
+
+        if handle_sni:
+            # SNI callback happens during do_handshake()
+            context.set_tlsext_servername_callback(handle_sni)
+
+        if request_client_cert:
+            def save_cert(conn_, cert, errno_, depth_, preverify_ok_):
+                self.clientcert = certutils.SSLCert(cert)
+                # Return true to prevent cert verification error
+                return True
+            context.set_verify(SSL.VERIFY_PEER, save_cert)
+
+        # Cert Verify
+        if chain_file:
+            context.load_verify_locations(chain_file)
+
+        if dhparams:
+            SSL._lib.SSL_CTX_set_tmp_dh(context._context, dhparams)
+
+        return context
+
+    def convert_to_ssl(self, cert, key, **sslctx_kwargs):
+        """
+        Convert connection to SSL.
+        For a list of parameters, see BaseHandler._create_ssl_context(...)
+        """
+
+        context = self.create_ssl_context(
+            cert,
+            key,
+            **sslctx_kwargs)
+        self.connection = SSL.Connection(context, self.connection)
+        self.connection.set_accept_state()
+        try:
+            self.connection.do_handshake()
+        except SSL.Error as v:
+            raise TlsException("SSL handshake error: %s" % repr(v))
+        self.ssl_established = True
+        self.rfile.set_descriptor(self.connection)
+        self.wfile.set_descriptor(self.connection)
+
+    def handle(self):  # pragma: no cover
+        raise NotImplementedError
+
+    def settimeout(self, n):
+        self.connection.settimeout(n)
+
+    def get_alpn_proto_negotiated(self):
+        if HAS_ALPN and self.ssl_established:
+            return self.connection.get_alpn_proto_negotiated()
+        else:
+            return b""
+
+
+class TCPServer(object):
+    request_queue_size = 20
+
+    def __init__(self, address):
+        self.address = Address.wrap(address)
+        self.__is_shut_down = threading.Event()
+        self.__shutdown_request = False
+        self.socket = socket.socket(self.address.family, socket.SOCK_STREAM)
+        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self.socket.bind(self.address())
+        self.address = Address.wrap(self.socket.getsockname())
+        self.socket.listen(self.request_queue_size)
+
+    def connection_thread(self, connection, client_address):
+        client_address = Address(client_address)
+        try:
+            self.handle_client_connection(connection, client_address)
+        except:
+            self.handle_error(connection, client_address)
+        finally:
+            close_socket(connection)
+
+    def serve_forever(self, poll_interval=0.1):
+        self.__is_shut_down.clear()
+        try:
+            while not self.__shutdown_request:
+                try:
+                    r, w_, e_ = select.select(
+                        [self.socket], [], [], poll_interval)
+                except select.error as ex:  # pragma: no cover
+                    if ex[0] == EINTR:
+                        continue
+                    else:
+                        raise
+                if self.socket in r:
+                    connection, client_address = self.socket.accept()
+                    t = threading.Thread(
+                        target=self.connection_thread,
+                        args=(connection, client_address),
+                        name="ConnectionThread (%s:%s -> %s:%s)" %
+                             (client_address[0], client_address[1],
+                              self.address.host, self.address.port)
+                    )
+                    t.setDaemon(1)
+                    try:
+                        t.start()
+                    except threading.ThreadError:
+                        self.handle_error(connection, Address(client_address))
+                        connection.close()
+        finally:
+            self.__shutdown_request = False
+            self.__is_shut_down.set()
+
+    def shutdown(self):
+        self.__shutdown_request = True
+        self.__is_shut_down.wait()
+        self.socket.close()
+        self.handle_shutdown()
+
+    def handle_error(self, connection_, client_address, fp=sys.stderr):
+        """
+            Called when handle_client_connection raises an exception.
+        """
+        # If a thread has persisted after interpreter exit, the module might be
+        # none.
+        if traceback:
+            exc = six.text_type(traceback.format_exc())
+            print(u'-' * 40, file=fp)
+            print(
+                u"Error in processing of request from %s" % repr(client_address), file=fp)
+            print(exc, file=fp)
+            print(u'-' * 40, file=fp)
+
+    def handle_client_connection(self, conn, client_address):  # pragma: no cover
+        """
+            Called after client connection.
+        """
+        raise NotImplementedError
+
+    def handle_shutdown(self):
+        """
+            Called after server shutdown.
+        """
diff --git a/netlib/netlib/tservers.py b/netlib/netlib/tservers.py
new file mode 100644
index 00000000..44ef8063
--- /dev/null
+++ b/netlib/netlib/tservers.py
@@ -0,0 +1,109 @@
+from __future__ import (absolute_import, print_function, division)
+
+import threading
+from six.moves import queue
+from io import StringIO
+import OpenSSL
+
+from netlib import tcp
+from netlib import tutils
+
+
+class ServerThread(threading.Thread):
+
+    def __init__(self, server):
+        self.server = server
+        threading.Thread.__init__(self)
+
+    def run(self):
+        self.server.serve_forever()
+
+    def shutdown(self):
+        self.server.shutdown()
+
+
+class ServerTestBase(object):
+    ssl = None
+    handler = None
+    addr = ("localhost", 0)
+
+    @classmethod
+    def setup_class(cls):
+        cls.q = queue.Queue()
+        s = cls.makeserver()
+        cls.port = s.address.port
+        cls.server = ServerThread(s)
+        cls.server.start()
+
+    @classmethod
+    def makeserver(cls):
+        return TServer(cls.ssl, cls.q, cls.handler, cls.addr)
+
+    @classmethod
+    def teardown_class(cls):
+        cls.server.shutdown()
+
+    @property
+    def last_handler(self):
+        return self.server.server.last_handler
+
+
+class TServer(tcp.TCPServer):
+
+    def __init__(self, ssl, q, handler_klass, addr):
+        """
+            ssl: A dictionary of SSL parameters:
+
+                    cert, key, request_client_cert, cipher_list,
+                    dhparams, v3_only
+        """
+        tcp.TCPServer.__init__(self, addr)
+
+        if ssl is True:
+            self.ssl = dict()
+        elif isinstance(ssl, dict):
+            self.ssl = ssl
+        else:
+            self.ssl = None
+
+        self.q = q
+        self.handler_klass = handler_klass
+        self.last_handler = None
+
+    def handle_client_connection(self, request, client_address):
+        h = self.handler_klass(request, client_address, self)
+        self.last_handler = h
+        if self.ssl is not None:
+            cert = self.ssl.get(
+                "cert",
+                tutils.test_data.path("data/server.crt"))
+            raw_key = self.ssl.get(
+                "key",
+                tutils.test_data.path("data/server.key"))
+            key = OpenSSL.crypto.load_privatekey(
+                OpenSSL.crypto.FILETYPE_PEM,
+                open(raw_key, "rb").read())
+            if self.ssl.get("v3_only", False):
+                method = OpenSSL.SSL.SSLv3_METHOD
+                options = OpenSSL.SSL.OP_NO_SSLv2 | OpenSSL.SSL.OP_NO_TLSv1
+            else:
+                method = OpenSSL.SSL.SSLv23_METHOD
+                options = None
+            h.convert_to_ssl(
+                cert, key,
+                method=method,
+                options=options,
+                handle_sni=getattr(h, "handle_sni", None),
+                request_client_cert=self.ssl.get("request_client_cert", None),
+                cipher_list=self.ssl.get("cipher_list", None),
+                dhparams=self.ssl.get("dhparams", None),
+                chain_file=self.ssl.get("chain_file", None),
+                alpn_select=self.ssl.get("alpn_select", None)
+            )
+        h.handle()
+        h.finish()
+
+    def handle_error(self, connection, client_address, fp=None):
+        s = StringIO()
+        tcp.TCPServer.handle_error(self, connection, client_address, s)
+        self.q.put(s.getvalue())
diff --git a/netlib/netlib/tutils.py b/netlib/netlib/tutils.py
new file mode 100644
index 00000000..f6ce8e0a
--- /dev/null
+++ b/netlib/netlib/tutils.py
@@ -0,0 +1,133 @@
+from io import BytesIO
+import tempfile
+import os
+import time
+import shutil
+from contextlib import contextmanager
+import six
+import sys
+
+from . import utils, tcp
+from .http import Request, Response, Headers
+
+
+def treader(bytes):
+    """
+        Construct a tcp.Read object from bytes.
+    """
+    fp = BytesIO(bytes)
+    return tcp.Reader(fp)
+
+
+@contextmanager
+def tmpdir(*args, **kwargs):
+    orig_workdir = os.getcwd()
+    temp_workdir = tempfile.mkdtemp(*args, **kwargs)
+    os.chdir(temp_workdir)
+
+    yield temp_workdir
+
+    os.chdir(orig_workdir)
+    shutil.rmtree(temp_workdir)
+
+
+def _check_exception(expected, actual, exc_tb):
+    if isinstance(expected, six.string_types):
+        if expected.lower() not in str(actual).lower():
+            six.reraise(AssertionError, AssertionError(
+                "Expected %s, but caught %s" % (
+                    repr(expected), repr(actual)
+                )
+            ), exc_tb)
+    else:
+        if not isinstance(actual, expected):
+            six.reraise(AssertionError, AssertionError(
+                "Expected %s, but caught %s %s" % (
+                    expected.__name__, actual.__class__.__name__, repr(actual)
+                )
+            ), exc_tb)
+
+
+def raises(expected_exception, obj=None, *args, **kwargs):
+    """
+        Assert that a callable raises a specified exception.
+
+        :exc An exception class or a string. If a class, assert that an
+        exception of this type is raised. If a string, assert that the string
+        occurs in the string representation of the exception, based on a
+        case-insenstivie match.
+
+        :obj A callable object.
+
+        :args Arguments to be passsed to the callable.
+
+        :kwargs Arguments to be passed to the callable.
+    """
+    if obj is None:
+        return RaisesContext(expected_exception)
+    else:
+        try:
+            ret = obj(*args, **kwargs)
+        except Exception as actual:
+            _check_exception(expected_exception, actual, sys.exc_info()[2])
+        else:
+            raise AssertionError("No exception raised. Return value: {}".format(ret))
+
+
+class RaisesContext(object):
+    def __init__(self, expected_exception):
+        self.expected_exception = expected_exception
+
+    def __enter__(self):
+        return
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        if not exc_type:
+            raise AssertionError("No exception raised.")
+        else:
+            _check_exception(self.expected_exception, exc_val, exc_tb)
+        return True
+
+
+test_data = utils.Data(__name__)
+# FIXME: Temporary workaround during repo merge.
+import os
+test_data.dirname = os.path.join(test_data.dirname,"..","..","test","netlib")
+
+
+def treq(**kwargs):
+    """
+    Returns:
+        netlib.http.Request
+    """
+    default = dict(
+        first_line_format="relative",
+        method=b"GET",
+        scheme=b"http",
+        host=b"address",
+        port=22,
+        path=b"/path",
+        http_version=b"HTTP/1.1",
+        headers=Headers(header="qvalue", content_length="7"),
+        content=b"content"
+    )
+    default.update(kwargs)
+    return Request(**default)
+
+
+def tresp(**kwargs):
+    """
+    Returns:
+        netlib.http.Response
+    """
+    default = dict(
+        http_version=b"HTTP/1.1",
+        status_code=200,
+        reason=b"OK",
+        headers=Headers(header_response="svalue", content_length="7"),
+        content=b"message",
+        timestamp_start=time.time(),
+        timestamp_end=time.time(),
+    )
+    default.update(kwargs)
+    return Response(**default)
diff --git a/netlib/netlib/utils.py b/netlib/netlib/utils.py
new file mode 100644
index 00000000..f7bb5c4b
--- /dev/null
+++ b/netlib/netlib/utils.py
@@ -0,0 +1,418 @@
+from __future__ import absolute_import, print_function, division
+import os.path
+import re
+import codecs
+import unicodedata
+from abc import ABCMeta, abstractmethod
+import importlib
+import inspect
+
+import six
+
+from six.moves import urllib
+import hyperframe
+
+
+@six.add_metaclass(ABCMeta)
+class Serializable(object):
+    """
+    Abstract Base Class that defines an API to save an object's state and restore it later on.
+    """
+
+    @classmethod
+    @abstractmethod
+    def from_state(cls, state):
+        """
+        Create a new object from the given state.
+        """
+        raise NotImplementedError()
+
+    @abstractmethod
+    def get_state(self):
+        """
+        Retrieve object state.
+        """
+        raise NotImplementedError()
+
+    @abstractmethod
+    def set_state(self, state):
+        """
+        Set object state to the given state.
+        """
+        raise NotImplementedError()
+
+
+def always_bytes(unicode_or_bytes, *encode_args):
+    if isinstance(unicode_or_bytes, six.text_type):
+        return unicode_or_bytes.encode(*encode_args)
+    return unicode_or_bytes
+
+
+def always_byte_args(*encode_args):
+    """Decorator that transparently encodes all arguments passed as unicode"""
+    def decorator(fun):
+        def _fun(*args, **kwargs):
+            args = [always_bytes(arg, *encode_args) for arg in args]
+            kwargs = {k: always_bytes(v, *encode_args) for k, v in six.iteritems(kwargs)}
+            return fun(*args, **kwargs)
+        return _fun
+    return decorator
+
+
+def native(s, *encoding_opts):
+    """
+    Convert :py:class:`bytes` or :py:class:`unicode` to the native
+    :py:class:`str` type, using latin1 encoding if conversion is necessary.
+
+    https://www.python.org/dev/peps/pep-3333/#a-note-on-string-types
+    """
+    if not isinstance(s, (six.binary_type, six.text_type)):
+        raise TypeError("%r is neither bytes nor unicode" % s)
+    if six.PY3:
+        if isinstance(s, six.binary_type):
+            return s.decode(*encoding_opts)
+    else:
+        if isinstance(s, six.text_type):
+            return s.encode(*encoding_opts)
+    return s
+
+
+def isascii(bytes):
+    try:
+        bytes.decode("ascii")
+    except ValueError:
+        return False
+    return True
+
+
+def clean_bin(s, keep_spacing=True):
+    """
+        Cleans binary data to make it safe to display.
+
+        Args:
+            keep_spacing: If False, tabs and newlines will also be replaced.
+    """
+    if isinstance(s, six.text_type):
+        if keep_spacing:
+            keep = u" \n\r\t"
+        else:
+            keep = u" "
+        return u"".join(
+            ch if (unicodedata.category(ch)[0] not in "CZ" or ch in keep) else u"."
+            for ch in s
+        )
+    else:
+        if keep_spacing:
+            keep = (9, 10, 13)  # \t, \n, \r,
+        else:
+            keep = ()
+        return b"".join(
+            six.int2byte(ch) if (31 < ch < 127 or ch in keep) else b"."
+            for ch in six.iterbytes(s)
+        )
+
+
+def hexdump(s):
+    """
+        Returns:
+            A generator of (offset, hex, str) tuples
+    """
+    for i in range(0, len(s), 16):
+        offset = "{:0=10x}".format(i).encode()
+        part = s[i:i + 16]
+        x = b" ".join("{:0=2x}".format(i).encode() for i in six.iterbytes(part))
+        x = x.ljust(47)  # 16*2 + 15
+        yield (offset, x, clean_bin(part, False))
+
+
+def setbit(byte, offset, value):
+    """
+        Set a bit in a byte to 1 if value is truthy, 0 if not.
+    """
+    if value:
+        return byte | (1 << offset)
+    else:
+        return byte & ~(1 << offset)
+
+
+def getbit(byte, offset):
+    mask = 1 << offset
+    return bool(byte & mask)
+
+
+class BiDi(object):
+
+    """
+        A wee utility class for keeping bi-directional mappings, like field
+        constants in protocols. Names are attributes on the object, dict-like
+        access maps values to names:
+
+        CONST = BiDi(a=1, b=2)
+        assert CONST.a == 1
+        assert CONST.get_name(1) == "a"
+    """
+
+    def __init__(self, **kwargs):
+        self.names = kwargs
+        self.values = {}
+        for k, v in kwargs.items():
+            self.values[v] = k
+        if len(self.names) != len(self.values):
+            raise ValueError("Duplicate values not allowed.")
+
+    def __getattr__(self, k):
+        if k in self.names:
+            return self.names[k]
+        raise AttributeError("No such attribute: %s", k)
+
+    def get_name(self, n, default=None):
+        return self.values.get(n, default)
+
+
+def pretty_size(size):
+    suffixes = [
+        ("B", 2 ** 10),
+        ("kB", 2 ** 20),
+        ("MB", 2 ** 30),
+    ]
+    for suf, lim in suffixes:
+        if size >= lim:
+            continue
+        else:
+            x = round(size / float(lim / 2 ** 10), 2)
+            if x == int(x):
+                x = int(x)
+            return str(x) + suf
+
+
+class Data(object):
+
+    def __init__(self, name):
+        m = importlib.import_module(name)
+        dirname = os.path.dirname(inspect.getsourcefile(m))
+        self.dirname = os.path.abspath(dirname)
+
+    def path(self, path):
+        """
+            Returns a path to the package data housed at 'path' under this
+            module.Path can be a path to a file, or to a directory.
+
+            This function will raise ValueError if the path does not exist.
+        """
+        fullpath = os.path.join(self.dirname, path)
+        if not os.path.exists(fullpath):
+            raise ValueError("dataPath: %s does not exist." % fullpath)
+        return fullpath
+
+
+_label_valid = re.compile(b"(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE)
+
+
+def is_valid_host(host):
+    """
+    Checks if a hostname is valid.
+
+    Args:
+      host (bytes): The hostname
+    """
+    try:
+        host.decode("idna")
+    except ValueError:
+        return False
+    if len(host) > 255:
+        return False
+    if host[-1] == b".":
+        host = host[:-1]
+    return all(_label_valid.match(x) for x in host.split(b"."))
+
+
+def is_valid_port(port):
+    return 0 <= port <= 65535
+
+
+# PY2 workaround
+def decode_parse_result(result, enc):
+    if hasattr(result, "decode"):
+        return result.decode(enc)
+    else:
+        return urllib.parse.ParseResult(*[x.decode(enc) for x in result])
+
+
+# PY2 workaround
+def encode_parse_result(result, enc):
+    if hasattr(result, "encode"):
+        return result.encode(enc)
+    else:
+        return urllib.parse.ParseResult(*[x.encode(enc) for x in result])
+
+
+def parse_url(url):
+    """
+        URL-parsing function that checks that
+            - port is an integer 0-65535
+            - host is a valid IDNA-encoded hostname with no null-bytes
+            - path is valid ASCII
+
+        Args:
+            A URL (as bytes or as unicode)
+
+        Returns:
+            A (scheme, host, port, path) tuple
+
+        Raises:
+            ValueError, if the URL is not properly formatted.
+    """
+    parsed = urllib.parse.urlparse(url)
+
+    if not parsed.hostname:
+        raise ValueError("No hostname given")
+
+    if isinstance(url, six.binary_type):
+        host = parsed.hostname
+
+        # this should not raise a ValueError,
+        # but we try to be very forgiving here and accept just everything.
+        # decode_parse_result(parsed, "ascii")
+    else:
+        host = parsed.hostname.encode("idna")
+        parsed = encode_parse_result(parsed, "ascii")
+
+    port = parsed.port
+    if not port:
+        port = 443 if parsed.scheme == b"https" else 80
+
+    full_path = urllib.parse.urlunparse(
+        (b"", b"", parsed.path, parsed.params, parsed.query, parsed.fragment)
+    )
+    if not full_path.startswith(b"/"):
+        full_path = b"/" + full_path
+
+    if not is_valid_host(host):
+        raise ValueError("Invalid Host")
+    if not is_valid_port(port):
+        raise ValueError("Invalid Port")
+
+    return parsed.scheme, host, port, full_path
+
+
+def get_header_tokens(headers, key):
+    """
+        Retrieve all tokens for a header key. A number of different headers
+        follow a pattern where each header line can containe comma-separated
+        tokens, and headers can be set multiple times.
+    """
+    if key not in headers:
+        return []
+    tokens = headers[key].split(",")
+    return [token.strip() for token in tokens]
+
+
+def hostport(scheme, host, port):
+    """
+        Returns the host component, with a port specifcation if needed.
+    """
+    if (port, scheme) in [(80, "http"), (443, "https"), (80, b"http"), (443, b"https")]:
+        return host
+    else:
+        if isinstance(host, six.binary_type):
+            return b"%s:%d" % (host, port)
+        else:
+            return "%s:%d" % (host, port)
+
+
+def unparse_url(scheme, host, port, path=""):
+    """
+    Returns a URL string, constructed from the specified components.
+
+    Args:
+        All args must be str.
+    """
+    return "%s://%s%s" % (scheme, hostport(scheme, host, port), path)
+
+
+def urlencode(s):
+    """
+        Takes a list of (key, value) tuples and returns a urlencoded string.
+    """
+    s = [tuple(i) for i in s]
+    return urllib.parse.urlencode(s, False)
+
+
+def urldecode(s):
+    """
+        Takes a urlencoded string and returns a list of (key, value) tuples.
+    """
+    return urllib.parse.parse_qsl(s, keep_blank_values=True)
+
+
+def parse_content_type(c):
+    """
+        A simple parser for content-type values. Returns a (type, subtype,
+        parameters) tuple, where type and subtype are strings, and parameters
+        is a dict. If the string could not be parsed, return None.
+
+        E.g. the following string:
+
+            text/html; charset=UTF-8
+
+        Returns:
+
+            ("text", "html", {"charset": "UTF-8"})
+    """
+    parts = c.split(";", 1)
+    ts = parts[0].split("/", 1)
+    if len(ts) != 2:
+        return None
+    d = {}
+    if len(parts) == 2:
+        for i in parts[1].split(";"):
+            clause = i.split("=", 1)
+            if len(clause) == 2:
+                d[clause[0].strip()] = clause[1].strip()
+    return ts[0].lower(), ts[1].lower(), d
+
+
+def multipartdecode(headers, content):
+    """
+        Takes a multipart boundary encoded string and returns list of (key, value) tuples.
+    """
+    v = headers.get("content-type")
+    if v:
+        v = parse_content_type(v)
+        if not v:
+            return []
+        try:
+            boundary = v[2]["boundary"].encode("ascii")
+        except (KeyError, UnicodeError):
+            return []
+
+        rx = re.compile(br'\bname="([^"]+)"')
+        r = []
+
+        for i in content.split(b"--" + boundary):
+            parts = i.splitlines()
+            if len(parts) > 1 and parts[0][0:2] != b"--":
+                match = rx.search(parts[1])
+                if match:
+                    key = match.group(1)
+                    value = b"".join(parts[3 + parts[2:].index(b""):])
+                    r.append((key, value))
+        return r
+    return []
+
+
+def http2_read_raw_frame(rfile):
+    header = rfile.safe_read(9)
+    length = int(codecs.encode(header[:3], 'hex_codec'), 16)
+
+    if length == 4740180:
+        raise ValueError("Length field looks more like HTTP/1.1: %s" % rfile.peek(20))
+
+    body = rfile.safe_read(length)
+    return [header, body]
+
+def http2_read_frame(rfile):
+    header, body = http2_read_raw_frame(rfile)
+    frame, length = hyperframe.frame.Frame.parse_frame_header(header)
+    frame.parse_body(memoryview(body))
+    return frame
diff --git a/libmproxy/version.py b/netlib/netlib/version.py
index 664c2b28..bc35c30f 100644
--- a/libmproxy/version.py
+++ b/netlib/netlib/version.py
@@ -3,7 +3,7 @@ from __future__ import (absolute_import, print_function, division)
 IVERSION = (0, 17)
 VERSION = ".".join(str(i) for i in IVERSION)
 MINORVERSION = ".".join(str(i) for i in IVERSION[:2])
-NAME = "mitmproxy"
+NAME = "netlib"
 NAMEVERSION = NAME + " " + VERSION
 
 NEXT_MINORVERSION = list(IVERSION)
diff --git a/netlib/netlib/version_check.py b/netlib/netlib/version_check.py
new file mode 100644
index 00000000..9cf27eea
--- /dev/null
+++ b/netlib/netlib/version_check.py
@@ -0,0 +1,60 @@
+"""
+Having installed a wrong version of pyOpenSSL or netlib is unfortunately a
+very common source of error. Check before every start that both versions
+are somewhat okay.
+"""
+from __future__ import division, absolute_import, print_function
+import sys
+import inspect
+import os.path
+import six
+
+import OpenSSL
+from . import version
+
+PYOPENSSL_MIN_VERSION = (0, 15)
+
+
+def check_mitmproxy_version(mitmproxy_version, fp=sys.stderr):
+    # We don't introduce backward-incompatible changes in patch versions. Only
+    # consider major and minor version.
+    if version.IVERSION[:2] != mitmproxy_version[:2]:
+        print(
+            u"You are using mitmproxy %s with netlib %s. "
+            u"Most likely, that won't work - please upgrade!" % (
+                mitmproxy_version, version.VERSION
+            ),
+            file=fp
+        )
+        sys.exit(1)
+
+
+def check_pyopenssl_version(min_version=PYOPENSSL_MIN_VERSION, fp=sys.stderr):
+    min_version_str = u".".join(six.text_type(x) for x in min_version)
+    try:
+        v = tuple(int(x) for x in OpenSSL.__version__.split(".")[:2])
+    except ValueError:
+        print(
+            u"Cannot parse pyOpenSSL version: {}"
+            u"mitmproxy requires pyOpenSSL {} or greater.".format(
+                OpenSSL.__version__, min_version_str
+            ),
+            file=fp
+        )
+        return
+    if v < min_version:
+        print(
+            u"You are using an outdated version of pyOpenSSL: "
+            u"mitmproxy requires pyOpenSSL {} or greater.".format(min_version_str),
+            file=fp
+        )
+        # Some users apparently have multiple versions of pyOpenSSL installed.
+        # Report which one we got.
+        pyopenssl_path = os.path.dirname(inspect.getfile(OpenSSL))
+        print(
+            u"Your pyOpenSSL {} installation is located at {}".format(
+                OpenSSL.__version__, pyopenssl_path
+            ),
+            file=fp
+        )
+        sys.exit(1)
diff --git a/netlib/netlib/websockets/__init__.py b/netlib/netlib/websockets/__init__.py
new file mode 100644
index 00000000..1c143919
--- /dev/null
+++ b/netlib/netlib/websockets/__init__.py
@@ -0,0 +1,2 @@
+from .frame import *
+from .protocol import *
diff --git a/netlib/netlib/websockets/frame.py b/netlib/netlib/websockets/frame.py
new file mode 100644
index 00000000..fce2c9d3
--- /dev/null
+++ b/netlib/netlib/websockets/frame.py
@@ -0,0 +1,316 @@
+from __future__ import absolute_import
+import os
+import struct
+import io
+import warnings
+
+import six
+
+from .protocol import Masker
+from netlib import tcp
+from netlib import utils
+
+
+MAX_16_BIT_INT = (1 << 16)
+MAX_64_BIT_INT = (1 << 64)
+
+DEFAULT=object()
+
+OPCODE = utils.BiDi(
+    CONTINUE=0x00,
+    TEXT=0x01,
+    BINARY=0x02,
+    CLOSE=0x08,
+    PING=0x09,
+    PONG=0x0a
+)
+
+
+class FrameHeader(object):
+
+    def __init__(
+        self,
+        opcode=OPCODE.TEXT,
+        payload_length=0,
+        fin=False,
+        rsv1=False,
+        rsv2=False,
+        rsv3=False,
+        masking_key=DEFAULT,
+        mask=DEFAULT,
+        length_code=DEFAULT
+    ):
+        if not 0 <= opcode < 2 ** 4:
+            raise ValueError("opcode must be 0-16")
+        self.opcode = opcode
+        self.payload_length = payload_length
+        self.fin = fin
+        self.rsv1 = rsv1
+        self.rsv2 = rsv2
+        self.rsv3 = rsv3
+
+        if length_code is DEFAULT:
+            self.length_code = self._make_length_code(self.payload_length)
+        else:
+            self.length_code = length_code
+
+        if mask is DEFAULT and masking_key is DEFAULT:
+            self.mask = False
+            self.masking_key = b""
+        elif mask is DEFAULT:
+            self.mask = 1
+            self.masking_key = masking_key
+        elif masking_key is DEFAULT:
+            self.mask = mask
+            self.masking_key = os.urandom(4)
+        else:
+            self.mask = mask
+            self.masking_key = masking_key
+
+        if self.masking_key and len(self.masking_key) != 4:
+            raise ValueError("Masking key must be 4 bytes.")
+
+    @classmethod
+    def _make_length_code(self, length):
+        """
+         A websockets frame contains an initial length_code, and an optional
+         extended length code to represent the actual length if length code is
+         larger than 125
+        """
+        if length <= 125:
+            return length
+        elif length >= 126 and length <= 65535:
+            return 126
+        else:
+            return 127
+
+    def __repr__(self):
+        vals = [
+            "ws frame:",
+            OPCODE.get_name(self.opcode, hex(self.opcode)).lower()
+        ]
+        flags = []
+        for i in ["fin", "rsv1", "rsv2", "rsv3", "mask"]:
+            if getattr(self, i):
+                flags.append(i)
+        if flags:
+            vals.extend([":", "|".join(flags)])
+        if self.masking_key:
+            vals.append(":key=%s" % repr(self.masking_key))
+        if self.payload_length:
+            vals.append(" %s" % utils.pretty_size(self.payload_length))
+        return "".join(vals)
+
+    def human_readable(self):
+        warnings.warn("FrameHeader.to_bytes is deprecated, use bytes(frame_header) instead.", DeprecationWarning)
+        return repr(self)
+
+    def __bytes__(self):
+        first_byte = utils.setbit(0, 7, self.fin)
+        first_byte = utils.setbit(first_byte, 6, self.rsv1)
+        first_byte = utils.setbit(first_byte, 5, self.rsv2)
+        first_byte = utils.setbit(first_byte, 4, self.rsv3)
+        first_byte = first_byte | self.opcode
+
+        second_byte = utils.setbit(self.length_code, 7, self.mask)
+
+        b = six.int2byte(first_byte) + six.int2byte(second_byte)
+
+        if self.payload_length < 126:
+            pass
+        elif self.payload_length < MAX_16_BIT_INT:
+            # '!H' pack as 16 bit unsigned short
+            # add 2 byte extended payload length
+            b += struct.pack('!H', self.payload_length)
+        elif self.payload_length < MAX_64_BIT_INT:
+            # '!Q' = pack as 64 bit unsigned long long
+            # add 8 bytes extended payload length
+            b += struct.pack('!Q', self.payload_length)
+        if self.masking_key:
+            b += self.masking_key
+        return b
+
+    if six.PY2:
+        __str__ = __bytes__
+
+    def to_bytes(self):
+        warnings.warn("FrameHeader.to_bytes is deprecated, use bytes(frame_header) instead.", DeprecationWarning)
+        return bytes(self)
+
+    @classmethod
+    def from_file(cls, fp):
+        """
+          read a websockets frame header
+        """
+        first_byte = six.byte2int(fp.safe_read(1))
+        second_byte = six.byte2int(fp.safe_read(1))
+
+        fin = utils.getbit(first_byte, 7)
+        rsv1 = utils.getbit(first_byte, 6)
+        rsv2 = utils.getbit(first_byte, 5)
+        rsv3 = utils.getbit(first_byte, 4)
+        # grab right-most 4 bits
+        opcode = first_byte & 15
+        mask_bit = utils.getbit(second_byte, 7)
+        # grab the next 7 bits
+        length_code = second_byte & 127
+
+        # payload_lengthy > 125 indicates you need to read more bytes
+        # to get the actual payload length
+        if length_code <= 125:
+            payload_length = length_code
+        elif length_code == 126:
+            payload_length, = struct.unpack("!H", fp.safe_read(2))
+        elif length_code == 127:
+            payload_length, = struct.unpack("!Q", fp.safe_read(8))
+
+        # masking key only present if mask bit set
+        if mask_bit == 1:
+            masking_key = fp.safe_read(4)
+        else:
+            masking_key = None
+
+        return cls(
+            fin=fin,
+            rsv1=rsv1,
+            rsv2=rsv2,
+            rsv3=rsv3,
+            opcode=opcode,
+            mask=mask_bit,
+            length_code=length_code,
+            payload_length=payload_length,
+            masking_key=masking_key,
+        )
+
+    def __eq__(self, other):
+        if isinstance(other, FrameHeader):
+            return bytes(self) == bytes(other)
+        return False
+
+
+class Frame(object):
+
+    """
+        Represents one websockets frame.
+        Constructor takes human readable forms of the frame components
+        from_bytes() is also avaliable.
+
+        WebSockets Frame as defined in RFC6455
+
+          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+         +-+-+-+-+-------+-+-------------+-------------------------------+
+         |F|R|R|R| opcode|M| Payload len |    Extended payload length    |
+         |I|S|S|S|  (4)  |A|     (7)     |             (16/64)           |
+         |N|V|V|V|       |S|             |   (if payload len==126/127)   |
+         | |1|2|3|       |K|             |                               |
+         +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
+         |     Extended payload length continued, if payload len == 127  |
+         + - - - - - - - - - - - - - - - +-------------------------------+
+         |                               |Masking-key, if MASK set to 1  |
+         +-------------------------------+-------------------------------+
+         | Masking-key (continued)       |          Payload Data         |
+         +-------------------------------- - - - - - - - - - - - - - - - +
+         :                     Payload Data continued ...                :
+         + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
+         |                     Payload Data continued ...                |
+         +---------------------------------------------------------------+
+    """
+
+    def __init__(self, payload=b"", **kwargs):
+        self.payload = payload
+        kwargs["payload_length"] = kwargs.get("payload_length", len(payload))
+        self.header = FrameHeader(**kwargs)
+
+    @classmethod
+    def default(cls, message, from_client=False):
+        """
+          Construct a basic websocket frame from some default values.
+          Creates a non-fragmented text frame.
+        """
+        if from_client:
+            mask_bit = 1
+            masking_key = os.urandom(4)
+        else:
+            mask_bit = 0
+            masking_key = None
+
+        return cls(
+            message,
+            fin=1,  # final frame
+            opcode=OPCODE.TEXT,  # text
+            mask=mask_bit,
+            masking_key=masking_key,
+        )
+
+    @classmethod
+    def from_bytes(cls, bytestring):
+        """
+          Construct a websocket frame from an in-memory bytestring
+          to construct a frame from a stream of bytes, use from_file() directly
+        """
+        return cls.from_file(tcp.Reader(io.BytesIO(bytestring)))
+
+    def __repr__(self):
+        ret = repr(self.header)
+        if self.payload:
+            ret = ret + "\nPayload:\n" + utils.clean_bin(self.payload).decode("ascii")
+        return ret
+
+    def human_readable(self):
+        warnings.warn("Frame.to_bytes is deprecated, use bytes(frame) instead.", DeprecationWarning)
+        return repr(self)
+
+    def __bytes__(self):
+        """
+            Serialize the frame to wire format. Returns a string.
+        """
+        b = bytes(self.header)
+        if self.header.masking_key:
+            b += Masker(self.header.masking_key)(self.payload)
+        else:
+            b += self.payload
+        return b
+
+    if six.PY2:
+        __str__ = __bytes__
+
+    def to_bytes(self):
+        warnings.warn("FrameHeader.to_bytes is deprecated, use bytes(frame_header) instead.", DeprecationWarning)
+        return bytes(self)
+
+    def to_file(self, writer):
+        warnings.warn("Frame.to_file is deprecated, use wfile.write(bytes(frame)) instead.", DeprecationWarning)
+        writer.write(bytes(self))
+        writer.flush()
+
+    @classmethod
+    def from_file(cls, fp):
+        """
+          read a websockets frame sent by a server or client
+
+          fp is a "file like" object that could be backed by a network
+          stream or a disk or an in memory stream reader
+        """
+        header = FrameHeader.from_file(fp)
+        payload = fp.safe_read(header.payload_length)
+
+        if header.mask == 1 and header.masking_key:
+            payload = Masker(header.masking_key)(payload)
+
+        return cls(
+            payload,
+            fin=header.fin,
+            opcode=header.opcode,
+            mask=header.mask,
+            payload_length=header.payload_length,
+            masking_key=header.masking_key,
+            rsv1=header.rsv1,
+            rsv2=header.rsv2,
+            rsv3=header.rsv3,
+            length_code=header.length_code
+        )
+
+    def __eq__(self, other):
+        if isinstance(other, Frame):
+            return bytes(self) == bytes(other)
+        return False
diff --git a/netlib/netlib/websockets/protocol.py b/netlib/netlib/websockets/protocol.py
new file mode 100644
index 00000000..1e95fa1c
--- /dev/null
+++ b/netlib/netlib/websockets/protocol.py
@@ -0,0 +1,115 @@
+
+
+
+# Colleciton of utility functions that implement small portions of the RFC6455
+# WebSockets Protocol Useful for building WebSocket clients and servers.
+#
+# Emphassis is on readabilty, simplicity and modularity, not performance or
+# completeness
+#
+# This is a work in progress and does not yet contain all the utilites need to
+# create fully complient client/servers #
+# Spec: https://tools.ietf.org/html/rfc6455
+
+# The magic sha that websocket servers must know to prove they understand
+# RFC6455
+from __future__ import absolute_import
+import base64
+import hashlib
+import os
+
+import binascii
+import six
+from ..http import Headers
+
+websockets_magic = b'258EAFA5-E914-47DA-95CA-C5AB0DC85B11'
+VERSION = "13"
+
+
+class Masker(object):
+
+    """
+        Data sent from the server must be masked to prevent malicious clients
+        from sending data over the wire in predictable patterns
+
+        Servers do not have to mask data they send to the client.
+        https://tools.ietf.org/html/rfc6455#section-5.3
+    """
+
+    def __init__(self, key):
+        self.key = key
+        self.offset = 0
+
+    def mask(self, offset, data):
+        result = bytearray(data)
+        if six.PY2:
+            for i in range(len(data)):
+                result[i] ^= ord(self.key[offset % 4])
+                offset += 1
+            result = str(result)
+        else:
+
+            for i in range(len(data)):
+                result[i] ^= self.key[offset % 4]
+                offset += 1
+            result = bytes(result)
+        return result
+
+    def __call__(self, data):
+        ret = self.mask(self.offset, data)
+        self.offset += len(ret)
+        return ret
+
+
+class WebsocketsProtocol(object):
+
+    def __init__(self):
+        pass
+
+    @classmethod
+    def client_handshake_headers(self, key=None, version=VERSION):
+        """
+            Create the headers for a valid HTTP upgrade request. If Key is not
+            specified, it is generated, and can be found in sec-websocket-key in
+            the returned header set.
+
+            Returns an instance of Headers
+        """
+        if not key:
+            key = base64.b64encode(os.urandom(16)).decode('ascii')
+        return Headers(
+            sec_websocket_key=key,
+            sec_websocket_version=version,
+            connection="Upgrade",
+            upgrade="websocket",
+        )
+
+    @classmethod
+    def server_handshake_headers(self, key):
+        """
+          The server response is a valid HTTP 101 response.
+        """
+        return Headers(
+            sec_websocket_accept=self.create_server_nonce(key),
+            connection="Upgrade",
+            upgrade="websocket"
+        )
+
+
+    @classmethod
+    def check_client_handshake(self, headers):
+        if headers.get("upgrade") != "websocket":
+            return
+        return headers.get("sec-websocket-key")
+
+
+    @classmethod
+    def check_server_handshake(self, headers):
+        if headers.get("upgrade") != "websocket":
+            return
+        return headers.get("sec-websocket-accept")
+
+
+    @classmethod
+    def create_server_nonce(self, client_nonce):
+        return base64.b64encode(hashlib.sha1(client_nonce + websockets_magic).digest())
diff --git a/netlib/netlib/wsgi.py b/netlib/netlib/wsgi.py
new file mode 100644
index 00000000..d6dfae5d
--- /dev/null
+++ b/netlib/netlib/wsgi.py
@@ -0,0 +1,164 @@
+from __future__ import (absolute_import, print_function, division)
+from io import BytesIO, StringIO
+import urllib
+import time
+import traceback
+
+import six
+from six.moves import urllib
+
+from netlib.utils import always_bytes, native
+from . import http, tcp
+
+class ClientConn(object):
+
+    def __init__(self, address):
+        self.address = tcp.Address.wrap(address)
+
+
+class Flow(object):
+
+    def __init__(self, address, request):
+        self.client_conn = ClientConn(address)
+        self.request = request
+
+
+class Request(object):
+
+    def __init__(self, scheme, method, path, http_version, headers, content):
+        self.scheme, self.method, self.path = scheme, method, path
+        self.headers, self.content = headers, content
+        self.http_version = http_version
+
+
+def date_time_string():
+    """Return the current date and time formatted for a message header."""
+    WEEKS = ['Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun']
+    MONTHS = [
+        None,
+        'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
+        'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'
+    ]
+    now = time.time()
+    year, month, day, hh, mm, ss, wd, y_, z_ = time.gmtime(now)
+    s = "%s, %02d %3s %4d %02d:%02d:%02d GMT" % (
+        WEEKS[wd],
+        day, MONTHS[month], year,
+        hh, mm, ss
+    )
+    return s
+
+
+class WSGIAdaptor(object):
+
+    def __init__(self, app, domain, port, sversion):
+        self.app, self.domain, self.port, self.sversion = app, domain, port, sversion
+
+    def make_environ(self, flow, errsoc, **extra):
+        path = native(flow.request.path, "latin-1")
+        if '?' in path:
+            path_info, query = native(path, "latin-1").split('?', 1)
+        else:
+            path_info = path
+            query = ''
+        environ = {
+            'wsgi.version': (1, 0),
+            'wsgi.url_scheme': native(flow.request.scheme, "latin-1"),
+            'wsgi.input': BytesIO(flow.request.content or b""),
+            'wsgi.errors': errsoc,
+            'wsgi.multithread': True,
+            'wsgi.multiprocess': False,
+            'wsgi.run_once': False,
+            'SERVER_SOFTWARE': self.sversion,
+            'REQUEST_METHOD': native(flow.request.method, "latin-1"),
+            'SCRIPT_NAME': '',
+            'PATH_INFO': urllib.parse.unquote(path_info),
+            'QUERY_STRING': query,
+            'CONTENT_TYPE': native(flow.request.headers.get('Content-Type', ''), "latin-1"),
+            'CONTENT_LENGTH': native(flow.request.headers.get('Content-Length', ''), "latin-1"),
+            'SERVER_NAME': self.domain,
+            'SERVER_PORT': str(self.port),
+            'SERVER_PROTOCOL': native(flow.request.http_version, "latin-1"),
+        }
+        environ.update(extra)
+        if flow.client_conn.address:
+            environ["REMOTE_ADDR"] = native(flow.client_conn.address.host, "latin-1")
+            environ["REMOTE_PORT"] = flow.client_conn.address.port
+
+        for key, value in flow.request.headers.items():
+            key = 'HTTP_' + native(key, "latin-1").upper().replace('-', '_')
+            if key not in ('HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH'):
+                environ[key] = value
+        return environ
+
+    def error_page(self, soc, headers_sent, s):
+        """
+            Make a best-effort attempt to write an error page. If headers are
+            already sent, we just bung the error into the page.
+        """
+        c = """
+            <html>
+                <h1>Internal Server Error</h1>
+                <pre>{err}"</pre>
+            </html>
+        """.format(err=s).strip().encode()
+
+        if not headers_sent:
+            soc.write(b"HTTP/1.1 500 Internal Server Error\r\n")
+            soc.write(b"Content-Type: text/html\r\n")
+            soc.write("Content-Length: {length}\r\n".format(length=len(c)).encode())
+            soc.write(b"\r\n")
+        soc.write(c)
+
+    def serve(self, request, soc, **env):
+        state = dict(
+            response_started=False,
+            headers_sent=False,
+            status=None,
+            headers=None
+        )
+
+        def write(data):
+            if not state["headers_sent"]:
+                soc.write("HTTP/1.1 {status}\r\n".format(status=state["status"]).encode())
+                headers = state["headers"]
+                if 'server' not in headers:
+                    headers["Server"] = self.sversion
+                if 'date' not in headers:
+                    headers["Date"] = date_time_string()
+                soc.write(bytes(headers))
+                soc.write(b"\r\n")
+                state["headers_sent"] = True
+            if data:
+                soc.write(data)
+            soc.flush()
+
+        def start_response(status, headers, exc_info=None):
+            if exc_info:
+                if state["headers_sent"]:
+                    six.reraise(*exc_info)
+            elif state["status"]:
+                raise AssertionError('Response already started')
+            state["status"] = status
+            state["headers"] = http.Headers([[always_bytes(k), always_bytes(v)] for k,v in headers])
+            if exc_info:
+                self.error_page(soc, state["headers_sent"], traceback.format_tb(exc_info[2]))
+                state["headers_sent"] = True
+
+        errs = six.BytesIO()
+        try:
+            dataiter = self.app(
+                self.make_environ(request, errs, **env), start_response
+            )
+            for i in dataiter:
+                write(i)
+            if not state["headers_sent"]:
+                write(b"")
+        except Exception as e:
+            try:
+                s = traceback.format_exc()
+                errs.write(s.encode("utf-8", "replace"))
+                self.error_page(soc, state["headers_sent"], s)
+            except Exception:    # pragma: no cover
+                pass
+        return errs.getvalue()
diff --git a/netlib/setup.cfg b/netlib/setup.cfg
new file mode 100644
index 00000000..3480374b
--- /dev/null
+++ b/netlib/setup.cfg
@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal=1
\ No newline at end of file
diff --git a/netlib/setup.py b/netlib/setup.py
new file mode 100644
index 00000000..bcaecad4
--- /dev/null
+++ b/netlib/setup.py
@@ -0,0 +1,72 @@
+from setuptools import setup, find_packages
+from codecs import open
+import os
+import sys
+
+from netlib import version
+
+# Based on https://github.com/pypa/sampleproject/blob/master/setup.py
+# and https://python-packaging-user-guide.readthedocs.org/
+# and https://caremad.io/2014/11/distributing-a-cffi-project/
+
+here = os.path.abspath(os.path.dirname(__file__))
+
+with open(os.path.join(here, 'README.rst'), encoding='utf-8') as f:
+    long_description = f.read()
+
+setup(
+    name="netlib",
+    version=version.VERSION,
+    description="A collection of network utilities used by pathod and mitmproxy.",
+    long_description=long_description,
+    url="http://github.com/mitmproxy/netlib",
+    author="Aldo Cortesi",
+    author_email="aldo@corte.si",
+    license="MIT",
+    classifiers=[
+        "License :: OSI Approved :: MIT License",
+        "Development Status :: 3 - Alpha",
+        "Operating System :: POSIX",
+        "Programming Language :: Python",
+        "Programming Language :: Python :: 2",
+        "Programming Language :: Python :: 2.7",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.5",
+        "Programming Language :: Python :: Implementation :: CPython",
+        "Programming Language :: Python :: Implementation :: PyPy",
+        "Topic :: Internet",
+        "Topic :: Internet :: WWW/HTTP",
+        "Topic :: Internet :: WWW/HTTP :: HTTP Servers",
+        "Topic :: Software Development :: Testing",
+        "Topic :: Software Development :: Testing :: Traffic Generation",
+    ],
+    packages=find_packages(exclude=["test", "test.*"]),
+    include_package_data=True,
+    zip_safe=False,
+    install_requires=[
+        "pyasn1>=0.1.9, <0.2",
+        "pyOpenSSL>=0.15.1, <0.16",
+        "cryptography>=1.2.2, <1.3",
+        "passlib>=1.6.5, <1.7",
+        "hpack>=2.1.0, <3.0",
+        "hyperframe>=3.2.0, <4.0",
+        "six>=1.10.0, <1.11",
+        "certifi>=2015.11.20.1",  # no semver here - this should always be on the last release!
+        "backports.ssl_match_hostname>=3.5.0.1, <3.6",
+    ],
+    extras_require={
+        # Do not use a range operator here: https://bitbucket.org/pypa/setuptools/issues/380
+        # Ubuntu Trusty and other still ship with setuptools < 17.1
+        ':python_version == "2.7"': [
+            "ipaddress>=1.0.15, <1.1",
+        ],
+        'dev': [
+            "mock>=1.3.0, <1.4",
+            "pytest>=2.8.7, <2.9",
+            "pytest-xdist>=1.14, <1.15",
+            "pytest-cov>=2.2.1, <2.3",
+            "pytest-timeout>=1.0.0, <1.1",
+            "coveralls>=1.1, <1.2"
+        ]
+    },
+)
diff --git a/pathod/.jsbeautifyrc b/pathod/.jsbeautifyrc
new file mode 100644
index 00000000..725c15ad
--- /dev/null
+++ b/pathod/.jsbeautifyrc
@@ -0,0 +1,22 @@
+{
+    "indent_size": 4,
+    "indent_char": " ",
+    "eol": "\n",
+    "indent_level": 0,
+    "indent_with_tabs": false,
+    "preserve_newlines": true,
+    "max_preserve_newlines": 10,
+    "jslint_happy": false,
+    "space_after_anon_function": false,
+    "brace_style": "collapse",
+    "keep_array_indentation": false,
+    "keep_function_indentation": false,
+    "space_before_conditional": true,
+    "break_chained_methods": false,
+    "eval_code": false,
+    "unescape_strings": false,
+    "wrap_line_length": 80,
+    "wrap_attributes": "auto",
+    "wrap_attributes_indent_size": 4,
+    "end_with_newline": true
+}
diff --git a/pathod/.sources/bootswatch.less b/pathod/.sources/bootswatch.less
new file mode 100644
index 00000000..f9e4b827
--- /dev/null
+++ b/pathod/.sources/bootswatch.less
@@ -0,0 +1,171 @@
+// Bootswatch.less
+// Swatch: Journal
+// Version: 2.0.4
+// -----------------------------------------------------
+
+// TYPOGRAPHY
+// -----------------------------------------------------
+
+@import url('https://fonts.googleapis.com/css?family=Open+Sans:400,700');
+
+h1, h2, h3, h4, h5, h6, .navbar .brand {
+	font-weight: 700;
+}
+
+// SCAFFOLDING
+// -----------------------------------------------------
+
+a {
+	text-decoration: none;
+}
+
+.nav a, .navbar .brand, .subnav a, a.btn, .dropdown-menu a {
+	text-decoration: none;
+}
+
+// NAVBAR
+// -----------------------------------------------------
+
+.navbar {
+
+	.navbar-inner {
+		@shadow: 0 2px 4px rgba(0,0,0,.25), inset 0 -1px 0 rgba(0,0,0,.1);
+		.box-shadow(@shadow);
+		border-top: 1px solid #E5E5E5;
+		.border-radius(0);
+	}
+
+	.brand {
+		text-shadow: none;
+
+		&:hover {
+			background-color: #EEEEEE;
+		}
+	}
+
+	.navbar-text {
+		line-height: 68px;
+	}
+
+	.nav > li > a {
+		text-shadow: none;
+	}
+
+	.dropdown-menu {
+		.border-radius(0);
+	}
+
+	.nav li.dropdown.active > .dropdown-toggle,
+	.nav li.dropdown.active > .dropdown-toggle:hover,
+	.nav li.dropdown.open > .dropdown-toggle,
+	.nav li.dropdown.active.open > .dropdown-toggle,
+	.nav li.dropdown.active.open > .dropdown-toggle:hover {
+		background-color: @grayLighter;
+		color: @linkColor;
+	}
+
+	.nav li.dropdown .dropdown-toggle .caret,
+	.nav .open .caret,
+	.nav .open .dropdown-toggle:hover .caret {
+		border-top-color: @black;
+		opacity: 1;
+	}
+
+	.nav-collapse.in .nav li > a:hover {
+		background-color: @grayLighter;
+	}
+
+	.nav-collapse .nav li > a {
+		color: @textColor;
+		text-decoration: none;
+		font-weight: normal;
+	}
+
+	.nav-collapse .navbar-form,
+	.nav-collapse .navbar-search {
+		border-color: transparent;
+	}
+
+	.navbar-search .search-query,
+	.navbar-search .search-query:hover {
+		border: 1px solid @grayLighter;
+		color: @textColor;
+		.placeholder(@gray);
+	}
+}
+
+div.subnav {
+	background-color: @bodyBackground;
+	background-image: none;
+	@shadow: 0 1px 2px rgba(0,0,0,.25);
+	.box-shadow(@shadow);
+	.border-radius(0);
+
+	&.subnav-fixed {
+		top: @navbarHeight;
+	}
+
+	.nav > li > a:hover,
+	.nav > .active > a,
+	.nav > .active > a:hover {
+		color: @textColor;
+		text-decoration: none;
+		font-weight: normal;
+	}
+
+	.nav > li:first-child > a,
+	.nav > li:first-child > a:hover {
+		.border-radius(0);
+	}
+}
+
+// BUTTONS
+// -----------------------------------------------------
+
+.btn-primary {
+  .buttonBackground(lighten(@linkColor, 5%), @linkColor);
+}
+
+[class^="icon-"], [class*=" icon-"] {
+	vertical-align: -2px;
+}
+
+// MODALS
+// -----------------------------------------------------
+
+.modal {
+ 	.border-radius(0px);
+	background: @bodyBackground;
+}
+
+.modal-header {
+	border-bottom: none;
+}
+
+.modal-header .close {
+	text-decoration: none;
+}
+
+.modal-footer {
+	background: transparent;
+	.box-shadow(none);
+	border-top: none;
+}
+
+
+// MISC
+// -----------------------------------------------------
+
+code, pre, pre.prettyprint, .well {
+	background-color: @grayLighter;
+}
+
+.hero-unit {
+    .box-shadow(inset 0 1px 1px rgba(0,0,0,.05));
+	border: 1px solid rgba(0,0,0,.05);
+	.border-radius(0);
+}
+
+.table-bordered, .well, .prettyprint {
+	.border-radius(0);
+}
diff --git a/pathod/.sources/make b/pathod/.sources/make
new file mode 100755
index 00000000..1c8b1d69
--- /dev/null
+++ b/pathod/.sources/make
@@ -0,0 +1,5 @@
+#!/bin/sh
+pygmentize -f html ../examples/test_context.py > ../libpathod/templates/examples_context.html
+pygmentize -f html ../examples/test_setup.py > ../libpathod/templates/examples_setup.html
+pygmentize -f html ../examples/test_setupall.py > ../libpathod/templates/examples_setupall.html
+pygmentize -f html ../examples/libpathod_pathoc.py > ../libpathod/templates/libpathod_pathoc.html
diff --git a/pathod/.sources/variables.less b/pathod/.sources/variables.less
new file mode 100644
index 00000000..75ff5be6
--- /dev/null
+++ b/pathod/.sources/variables.less
@@ -0,0 +1,208 @@
+// Variables.less
+// Variables to customize the look and feel of Bootstrap
+// Swatch: Journal
+// Version: 2.0.4
+// -----------------------------------------------------
+
+// GLOBAL VALUES
+// --------------------------------------------------
+
+
+// Grays
+// -------------------------
+@black:                 #000;
+@grayDarker:            #222;
+@grayDark:              #333;
+@gray:                  #888;
+@grayLight:             #999;
+@grayLighter:           #eee;
+@white:                 #fff;
+
+
+// Accent colors
+// -------------------------
+@blue:                  #4380D3;
+@blueDark:              darken(@blue, 15%);
+@green:                 #22B24C;
+@red:                   #C00;
+@yellow:                #FCFADB;
+@orange:                #FF7F00;
+@pink:                  #CC99CC;
+@purple:                #7a43b6;
+@tan:                   #FFCA73;
+
+
+
+// Scaffolding
+// -------------------------
+@bodyBackground:        #FCFBFD;
+@textColor:             @grayDarker;
+
+
+// Links
+// -------------------------
+@linkColor:             @blue;
+@linkColorHover:        @red;
+
+
+// Typography
+// -------------------------
+@sansFontFamily:        'Open Sans', "Helvetica Neue", Helvetica, Arial, sans-serif;
+@serifFontFamily:       Georgia, "Times New Roman", Times, serif;
+@monoFontFamily:        Menlo, Monaco, Consolas, "Courier New", monospace;
+
+@baseFontSize:          14px;
+@baseFontFamily:        @sansFontFamily;
+@baseLineHeight:        18px;
+@altFontFamily:         @serifFontFamily;
+
+@headingsFontFamily:    inherit; // empty to use BS default, @baseFontFamily
+@headingsFontWeight:    bold;    // instead of browser default, bold
+@headingsColor:         inherit; // empty to use BS default, @textColor
+
+
+// Tables
+// -------------------------
+@tableBackground:                   transparent; // overall background-color
+@tableBackgroundAccent:             @grayLighter; // for striping
+@tableBackgroundHover:              #f5f5f5; // for hover
+@tableBorder:                       #ddd; // table and cell border
+
+
+// Buttons
+// -------------------------
+@btnBackground:                     @white;
+@btnBackgroundHighlight:            darken(@white, 10%);
+@btnBorder:                         darken(@white, 20%);
+
+@btnPrimaryBackground:              @linkColor;
+@btnPrimaryBackgroundHighlight:     spin(@btnPrimaryBackground, 15%);
+
+@btnInfoBackground:                 #5bc0de;
+@btnInfoBackgroundHighlight:        #2f96b4;
+
+@btnSuccessBackground:              #62c462;
+@btnSuccessBackgroundHighlight:     #51a351;
+
+@btnWarningBackground:              lighten(@orange, 10%);
+@btnWarningBackgroundHighlight:     @orange;
+
+@btnDangerBackground:               #ee5f5b;
+@btnDangerBackgroundHighlight:      #bd362f;
+
+@btnInverseBackground:              @linkColor;
+@btnInverseBackgroundHighlight:     darken(@linkColor, 5%);
+
+
+// Forms
+// -------------------------
+@inputBackground:               @white;
+@inputBorder:                   #ccc;
+@inputBorderRadius:             3px;
+@inputDisabledBackground:       @grayLighter;
+@formActionsBackground:         @grayLighter;
+
+// Dropdowns
+// -------------------------
+@dropdownBackground:            @bodyBackground;
+@dropdownBorder:                rgba(0,0,0,.2);
+@dropdownLinkColor:             @textColor;
+@dropdownLinkColorHover:        @textColor;
+@dropdownLinkBackgroundHover:   #eee;
+@dropdownDividerTop:            #e5e5e5;
+@dropdownDividerBottom:         @white;
+
+
+
+// COMPONENT VARIABLES
+// --------------------------------------------------
+
+// Z-index master list
+// -------------------------
+// Used for a bird's eye view of components dependent on the z-axis
+// Try to avoid customizing these :)
+@zindexDropdown:          1000;
+@zindexPopover:           1010;
+@zindexTooltip:           1020;
+@zindexFixedNavbar:       1030;
+@zindexModalBackdrop:     1040;
+@zindexModal:             1050;
+
+
+// Sprite icons path
+// -------------------------
+@iconSpritePath:          "../img/glyphicons-halflings.png";
+@iconWhiteSpritePath:     "../img/glyphicons-halflings-white.png";
+
+
+// Input placeholder text color
+// -------------------------
+@placeholderText:         @grayLight;
+
+
+// Hr border color
+// -------------------------
+@hrBorder:                @grayLighter;
+
+
+// Navbar
+// -------------------------
+@navbarHeight:                    50px;
+@navbarBackground:                @bodyBackground;
+@navbarBackgroundHighlight:       @bodyBackground;
+
+@navbarText:                      @textColor;
+@navbarLinkColor:                 @linkColor;
+@navbarLinkColorHover:            @linkColor;
+@navbarLinkColorActive:           @navbarLinkColorHover;
+@navbarLinkBackgroundHover:       @grayLighter;
+@navbarLinkBackgroundActive:      @grayLighter;
+
+@navbarSearchBackground:          lighten(@navbarBackground, 25%);
+@navbarSearchBackgroundFocus:     @white;
+@navbarSearchBorder:              darken(@navbarSearchBackground, 30%);
+@navbarSearchPlaceholderColor:    #ccc;
+@navbarBrandColor:                @blue;
+
+
+// Hero unit
+// -------------------------
+@heroUnitBackground:              @grayLighter;
+@heroUnitHeadingColor:            inherit;
+@heroUnitLeadColor:               inherit;
+
+
+// Form states and alerts
+// -------------------------
+@warningText:             #c09853;
+@warningBackground:       #fcf8e3;
+@warningBorder:           darken(spin(@warningBackground, -10), 3%);
+
+@errorText:               #b94a48;
+@errorBackground:         #f2dede;
+@errorBorder:             darken(spin(@errorBackground, -10), 3%);
+
+@successText:             #468847;
+@successBackground:       #dff0d8;
+@successBorder:           darken(spin(@successBackground, -10), 5%);
+
+@infoText:                #3a87ad;
+@infoBackground:          #d9edf7;
+@infoBorder:              darken(spin(@infoBackground, -10), 7%);
+
+
+
+// GRID
+// --------------------------------------------------
+
+// Default 940px grid
+// -------------------------
+@gridColumns:             12;
+@gridColumnWidth:         60px;
+@gridGutterWidth:         20px;
+@gridRowWidth:            (@gridColumns * @gridColumnWidth) + (@gridGutterWidth * (@gridColumns - 1));
+
+// Fluid grid
+// -------------------------
+@fluidGridColumnWidth:    6.382978723%;
+@fluidGridGutterWidth:    2.127659574%;
diff --git a/pathod/CHANGELOG b/pathod/CHANGELOG
new file mode 100644
index 00000000..2de445b4
--- /dev/null
+++ b/pathod/CHANGELOG
@@ -0,0 +1,83 @@
+7 November 2014: pathod 0.11:
+
+  * Hugely improved SSL support, including dynamic generation of certificates
+    using the mitproxy cacert
+  * pathoc -S dumps information on the remote SSL certificate chain
+  * Big improvements to fuzzing, including random spec selection and memoization to avoid repeating randomly generated patterns 
+  * Reflected patterns, allowing you to embed a pathod server response specification in a pathoc request, resolving both on client side. This makes fuzzing proxies and other intermediate systems much better.
+
+
+25 August 2013: pathod 0.9.2:
+
+    * Adapt to interface changes in netlib
+    
+
+15 May 2013: pathod 0.9 (version synced with mitmproxy):
+
+    * Pathod proxy mode. You can now configure clients to use pathod as an
+      HTTP/S proxy.
+
+    * Pathoc proxy support, including using CONNECT to tunnel directly to
+      targets. 
+
+    * Pathoc client certificate support.
+    
+    * API improvements, bugfixes.
+
+
+16 November 2012: pathod 0.3:
+
+    A release focusing on shoring up our fuzzing capabilities, especially with
+    pathoc.
+
+    * pathoc -q and -r options, output full request and response text.
+
+    * pathod -q and -r options, add full request and response text to pathod's
+      log buffer.
+    
+    * pathoc and pathod -x option, makes -q and -r options log in hex dump
+      format.
+
+    * pathoc -C option, specify response codes to ignore.
+    
+    * pathoc -T option, instructs pathoc to ignore timeouts.
+    
+    * pathoc -o option, a one-shot mode that exits after the first non-ignored
+      response. 
+    
+    * pathoc and pathod -e option, which explains the resulting message by
+      expanding random and generated portions, and logging a reproducible
+      specification.
+
+    * Streamline the specification langauge. HTTP response message is now
+      specified using the "r" mnemonic.
+
+    * Add a "u" mnemonic for specifying User-Agent strings. Add a set of
+      standard user-agent strings accessible through shortcuts.
+
+    * Major internal refactoring and cleanup.
+    
+    * Many bugfixes.
+    
+
+22 August 2012: pathod 0.2:
+
+    * Add pathoc, a pathological HTTP client.
+    
+    * Add libpathod.test, a truss for using pathod in unit tests.
+    
+    * Add an injection operator to the specification language.
+    
+    * Allow Python escape sequences in value literals.
+    
+    * Allow execution of requests and responses from file, using the new + operator.
+    
+    * Add daemonization to Pathod, and make it more robust for public-facing use. 
+   
+    * Let pathod pick an arbitrary open port if -p 0 is specified.
+    
+    * Move from Tornado to netlib, the network library written for mitmproxy.
+    
+    * Move the web application to Flask.
+    
+    * Massively expand the documentation.
diff --git a/pathod/MANIFEST.in b/pathod/MANIFEST.in
new file mode 100644
index 00000000..f492b0ef
--- /dev/null
+++ b/pathod/MANIFEST.in
@@ -0,0 +1,6 @@
+include LICENSE CHANGELOG README.txt
+exclude README.mkd
+recursive-include test *
+recursive-include libpathod *
+recursive-include examples *
+recursive-exclude * *.pyc *.pyo *.swo *.swp
\ No newline at end of file
diff --git a/pathod/README.rst b/pathod/README.rst
new file mode 100644
index 00000000..5593e053
--- /dev/null
+++ b/pathod/README.rst
@@ -0,0 +1,60 @@
+pathod
+^^^^^^
+
+|travis| |coveralls| |downloads| |latest_release| |python_versions|
+
+**pathod** is a collection of pathological tools for testing and torturing HTTP
+clients and servers. The project has three components:
+
+- ``pathod``, an pathological HTTP daemon.
+- ``pathoc``, a perverse HTTP client.
+- ``libpathod.test``, an API for easily using pathod and pathoc in unit tests.
+
+Installing
+----------
+
+If you already have **pip** on your system, installing **pathod** and its
+dependencies is dead simple:
+
+.. code-block:: text
+
+    pip install pathod
+
+Documentation
+-------------
+
+The pathod documentation is self-hosted. Just fire up pathod, like so:
+
+.. code-block:: text
+
+    ./pathod
+
+And then browse to:
+
+`<http://localhost:9999>`_
+
+You can always view the documentation for the latest release at the pathod
+website:
+
+`<http://pathod.net>`_
+
+
+.. |travis| image:: https://shields.mitmproxy.org/travis/mitmproxy/pathod/master.svg
+    :target: https://travis-ci.org/mitmproxy/pathod
+    :alt: Build Status
+
+.. |coveralls| image:: https://shields.mitmproxy.org/coveralls/mitmproxy/pathod/master.svg
+    :target: https://coveralls.io/r/mitmproxy/pathod
+    :alt: Coverage Status
+
+.. |downloads| image:: https://shields.mitmproxy.org/pypi/dm/pathod.svg?color=orange
+    :target: https://pypi.python.org/pypi/pathod
+    :alt: Downloads
+
+.. |latest_release| image:: https://shields.mitmproxy.org/pypi/v/pathod.svg
+    :target: https://pypi.python.org/pypi/pathod
+    :alt: Latest Version
+
+.. |python_versions| image:: https://shields.mitmproxy.org/pypi/pyversions/pathod.svg
+    :target: https://pypi.python.org/pypi/pathod
+    :alt: Supported Python versions
\ No newline at end of file
diff --git a/pathod/examples/libpathod_pathoc.py b/pathod/examples/libpathod_pathoc.py
new file mode 100644
index 00000000..cf94151b
--- /dev/null
+++ b/pathod/examples/libpathod_pathoc.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+from libpathod import pathoc
+
+p = pathoc.Pathoc(("google.com", 80))
+p.connect()
+print p.request("get:/")
+print p.request("get:/foo")
diff --git a/pathod/examples/test_context.py b/pathod/examples/test_context.py
new file mode 100644
index 00000000..7c0386c1
--- /dev/null
+++ b/pathod/examples/test_context.py
@@ -0,0 +1,23 @@
+import requests
+from libpathod import test
+
+
+def test_simple():
+    """
+        Testing the requests module with
+        a pathod context manager.
+    """
+    # Start pathod in a separate thread
+    with test.Daemon() as d:
+        # Get a URL for a pathod spec
+        url = d.p("200:b@100")
+        # ... and request it
+        r = requests.put(url)
+
+        # Check the returned data
+        assert r.status_code == 200
+        assert len(r.content) == 100
+
+        # Check pathod's internal log
+        log = d.last_log()["request"]
+        assert log["method"] == "PUT"
diff --git a/pathod/examples/test_setup.py b/pathod/examples/test_setup.py
new file mode 100644
index 00000000..6085c98a
--- /dev/null
+++ b/pathod/examples/test_setup.py
@@ -0,0 +1,31 @@
+import requests
+from libpathod import test
+
+
+class Test:
+
+    """
+        Testing the requests module with
+        a pathod instance started for
+        each test.
+    """
+
+    def setup(self):
+        self.d = test.Daemon()
+
+    def teardown(self):
+        self.d.shutdown()
+
+    def test_simple(self):
+        # Get a URL for a pathod spec
+        url = self.d.p("200:b@100")
+        # ... and request it
+        r = requests.put(url)
+
+        # Check the returned data
+        assert r.status_code == 200
+        assert len(r.content) == 100
+
+        # Check pathod's internal log
+        log = self.d.last_log()["request"]
+        assert log["method"] == "PUT"
diff --git a/pathod/examples/test_setupall.py b/pathod/examples/test_setupall.py
new file mode 100644
index 00000000..f0ba5844
--- /dev/null
+++ b/pathod/examples/test_setupall.py
@@ -0,0 +1,39 @@
+import requests
+from libpathod import test
+
+
+class Test:
+
+    """
+        Testing the requests module with
+        a single pathod instance started
+        for the test suite.
+    """
+    @classmethod
+    def setup_class(cls):
+        cls.d = test.Daemon()
+
+    @classmethod
+    def teardown_class(cls):
+        cls.d.shutdown()
+
+    def setup(self):
+        # Clear the pathod logs between tests
+        self.d.clear_log()
+
+    def test_simple(self):
+        # Get a URL for a pathod spec
+        url = self.d.p("200:b@100")
+        # ... and request it
+        r = requests.put(url)
+
+        # Check the returned data
+        assert r.status_code == 200
+        assert len(r.content) == 100
+
+        # Check pathod's internal log
+        log = self.d.last_log()["request"]
+        assert log["method"] == "PUT"
+
+    def test_two(self):
+        assert not self.d.log()
diff --git a/test/completion/aaa b/pathod/libpathod/__init__.py
index e69de29b..e69de29b 100644
--- a/test/completion/aaa
+++ b/pathod/libpathod/__init__.py
diff --git a/pathod/libpathod/app.py b/pathod/libpathod/app.py
new file mode 100644
index 00000000..debebaf2
--- /dev/null
+++ b/pathod/libpathod/app.py
@@ -0,0 +1,179 @@
+import logging
+import pprint
+import cStringIO
+import copy
+from flask import Flask, jsonify, render_template, request, abort, make_response
+from . import version, language, utils
+from netlib.http import user_agents
+
+logging.basicConfig(level="DEBUG")
+EXAMPLE_HOST = "example.com"
+EXAMPLE_WEBSOCKET_KEY = "examplekey"
+
+# pylint: disable=unused-variable
+
+
+def make_app(noapi, debug):
+    app = Flask(__name__)
+    app.debug = debug
+
+    if not noapi:
+        @app.route('/api/info')
+        def api_info():
+            return jsonify(
+                version=version.IVERSION
+            )
+
+    @app.route('/api/log')
+    def api_log():
+        return jsonify(
+            log=app.config["pathod"].get_log()
+        )
+
+    @app.route('/api/clear_log')
+    def api_clear_log():
+        app.config["pathod"].clear_log()
+        return "OK"
+
+    def render(s, cacheable, **kwargs):
+        kwargs["noapi"] = app.config["pathod"].noapi
+        kwargs["nocraft"] = app.config["pathod"].nocraft
+        kwargs["craftanchor"] = app.config["pathod"].craftanchor
+        resp = make_response(render_template(s, **kwargs), 200)
+        if cacheable:
+            resp.headers["Cache-control"] = "public, max-age=4320"
+        return resp
+
+    @app.route('/')
+    @app.route('/index.html')
+    def index():
+        return render(
+            "index.html",
+            True,
+            section="main",
+            version=version.VERSION
+        )
+
+    @app.route('/download')
+    @app.route('/download.html')
+    def download():
+        return render(
+            "download.html", True, section="download", version=version.VERSION
+        )
+
+    @app.route('/about')
+    @app.route('/about.html')
+    def about():
+        return render("about.html", True, section="about")
+
+    @app.route('/docs/pathod')
+    def docs_pathod():
+        return render(
+            "docs_pathod.html", True, section="docs", subsection="pathod"
+        )
+
+    @app.route('/docs/language')
+    def docs_language():
+        return render(
+            "docs_lang.html", True,
+            section="docs", uastrings=user_agents.UASTRINGS,
+            subsection="lang"
+        )
+
+    @app.route('/docs/pathoc')
+    def docs_pathoc():
+        return render(
+            "docs_pathoc.html", True, section="docs", subsection="pathoc"
+        )
+
+    @app.route('/docs/libpathod')
+    def docs_libpathod():
+        return render(
+            "docs_libpathod.html", True, section="docs", subsection="libpathod"
+        )
+
+    @app.route('/docs/test')
+    def docs_test():
+        return render(
+            "docs_test.html", True, section="docs", subsection="test"
+        )
+
+    @app.route('/log')
+    def log():
+        if app.config["pathod"].noapi:
+            abort(404)
+        return render(
+            "log.html",
+            False,
+            section="log",
+            log=app.config["pathod"].get_log()
+        )
+
+    @app.route('/log/<int:lid>')
+    def onelog(lid):
+        item = app.config["pathod"].log_by_id(int(lid))
+        if not item:
+            abort(404)
+        l = pprint.pformat(item)
+        return render("onelog.html", False, section="log", alog=l, lid=lid)
+
+    def _preview(is_request):
+        if is_request:
+            template = "request_preview.html"
+        else:
+            template = "response_preview.html"
+
+        spec = request.args["spec"]
+
+        args = dict(
+            spec=spec,
+            section="main",
+            syntaxerror=None,
+            error=None,
+        )
+        if not spec.strip():
+            args["error"] = "Can't parse an empty spec."
+            return render(template, False, **args)
+
+        try:
+            if is_request:
+                r = language.parse_pathoc(spec).next()
+            else:
+                r = language.parse_pathod(spec).next()
+        except language.ParseException as v:
+            args["syntaxerror"] = str(v)
+            args["marked"] = v.marked()
+            return render(template, False, **args)
+
+        s = cStringIO.StringIO()
+
+        settings = copy.copy(app.config["pathod"].settings)
+        settings.request_host = EXAMPLE_HOST
+        settings.websocket_key = EXAMPLE_WEBSOCKET_KEY
+
+        safe = r.preview_safe()
+        err, safe = app.config["pathod"].check_policy(
+            safe,
+            settings
+        )
+        if err:
+            args["error"] = err
+            return render(template, False, **args)
+        if is_request:
+            settings.request_host = EXAMPLE_HOST
+            language.serve(safe, s, settings)
+        else:
+            settings.websocket_key = EXAMPLE_WEBSOCKET_KEY
+            language.serve(safe, s, settings)
+
+        args["output"] = utils.escape_unprintables(s.getvalue())
+        return render(template, False, **args)
+
+    @app.route('/response_preview')
+    def response_preview():
+        return _preview(False)
+
+    @app.route('/request_preview')
+    def request_preview():
+        return _preview(True)
+    return app
diff --git a/pathod/libpathod/language/__init__.py b/pathod/libpathod/language/__init__.py
new file mode 100644
index 00000000..32199e08
--- /dev/null
+++ b/pathod/libpathod/language/__init__.py
@@ -0,0 +1,113 @@
+import itertools
+import time
+
+import pyparsing as pp
+
+from . import http, http2, websockets, writer, exceptions
+
+from exceptions import *
+from base import Settings
+assert Settings  # prevent pyflakes from messing with this
+
+
+def expand(msg):
+    times = getattr(msg, "times", None)
+    if times:
+        for j_ in xrange(int(times.value)):
+            yield msg.strike_token("times")
+    else:
+        yield msg
+
+
+def parse_pathod(s, use_http2=False):
+    """
+        May raise ParseException
+    """
+    try:
+        s = s.decode("ascii")
+    except UnicodeError:
+        raise exceptions.ParseException("Spec must be valid ASCII.", 0, 0)
+    try:
+        if use_http2:
+            expressions = [
+                # http2.Frame.expr(),
+                http2.Response.expr(),
+            ]
+        else:
+            expressions = [
+                websockets.WebsocketFrame.expr(),
+                http.Response.expr(),
+            ]
+        reqs = pp.Or(expressions).parseString(s, parseAll=True)
+    except pp.ParseException as v:
+        raise exceptions.ParseException(v.msg, v.line, v.col)
+    return itertools.chain(*[expand(i) for i in reqs])
+
+
+def parse_pathoc(s, use_http2=False):
+    try:
+        s = s.decode("ascii")
+    except UnicodeError:
+        raise exceptions.ParseException("Spec must be valid ASCII.", 0, 0)
+    try:
+        if use_http2:
+            expressions = [
+                # http2.Frame.expr(),
+                http2.Request.expr(),
+            ]
+        else:
+            expressions = [
+                websockets.WebsocketClientFrame.expr(),
+                http.Request.expr(),
+            ]
+        reqs = pp.OneOrMore(pp.Or(expressions)).parseString(s, parseAll=True)
+    except pp.ParseException as v:
+        raise exceptions.ParseException(v.msg, v.line, v.col)
+    return itertools.chain(*[expand(i) for i in reqs])
+
+
+def parse_websocket_frame(s):
+    """
+        May raise ParseException
+    """
+    try:
+        reqs = pp.OneOrMore(
+            websockets.WebsocketFrame.expr()
+        ).parseString(
+            s,
+            parseAll=True
+        )
+    except pp.ParseException as v:
+        raise exceptions.ParseException(v.msg, v.line, v.col)
+    return itertools.chain(*[expand(i) for i in reqs])
+
+
+def serve(msg, fp, settings):
+    """
+        fp: The file pointer to write to.
+
+        request_host: If this a request, this is the connecting host. If
+        None, we assume it's a response. Used to decide what standard
+        modifications to make if raw is not set.
+
+        Calling this function may modify the object.
+    """
+    msg = msg.resolve(settings)
+    started = time.time()
+
+    vals = msg.values(settings)
+    vals.reverse()
+
+    actions = sorted(msg.actions[:])
+    actions.reverse()
+    actions = [i.intermediate(settings) for i in actions]
+
+    disconnect = writer.write_values(fp, vals, actions[:])
+    duration = time.time() - started
+    ret = dict(
+        disconnect=disconnect,
+        started=started,
+        duration=duration,
+    )
+    ret.update(msg.log(settings))
+    return ret
diff --git a/pathod/libpathod/language/actions.py b/pathod/libpathod/language/actions.py
new file mode 100644
index 00000000..34a9bafb
--- /dev/null
+++ b/pathod/libpathod/language/actions.py
@@ -0,0 +1,126 @@
+import abc
+import copy
+import random
+
+import pyparsing as pp
+
+from . import base
+
+
+class _Action(base.Token):
+
+    """
+        An action that operates on the raw data stream of the message. All
+        actions have one thing in common: an offset that specifies where the
+        action should take place.
+    """
+
+    def __init__(self, offset):
+        self.offset = offset
+
+    def resolve(self, settings, msg):
+        """
+            Resolves offset specifications to a numeric offset. Returns a copy
+            of the action object.
+        """
+        c = copy.copy(self)
+        l = msg.length(settings)
+        if c.offset == "r":
+            c.offset = random.randrange(l)
+        elif c.offset == "a":
+            c.offset = l + 1
+        return c
+
+    def __cmp__(self, other):
+        return cmp(self.offset, other.offset)
+
+    def __repr__(self):
+        return self.spec()
+
+    @abc.abstractmethod
+    def spec(self):  # pragma: no cover
+        pass
+
+    @abc.abstractmethod
+    def intermediate(self, settings):  # pragma: no cover
+        pass
+
+
+class PauseAt(_Action):
+    unique_name = None
+
+    def __init__(self, offset, seconds):
+        _Action.__init__(self, offset)
+        self.seconds = seconds
+
+    @classmethod
+    def expr(cls):
+        e = pp.Literal("p").suppress()
+        e += base.TokOffset
+        e += pp.Literal(",").suppress()
+        e += pp.MatchFirst(
+            [
+                base.v_integer,
+                pp.Literal("f")
+            ]
+        )
+        return e.setParseAction(lambda x: cls(*x))
+
+    def spec(self):
+        return "p%s,%s" % (self.offset, self.seconds)
+
+    def intermediate(self, settings):
+        return (self.offset, "pause", self.seconds)
+
+    def freeze(self, settings_):
+        return self
+
+
+class DisconnectAt(_Action):
+
+    def __init__(self, offset):
+        _Action.__init__(self, offset)
+
+    @classmethod
+    def expr(cls):
+        e = pp.Literal("d").suppress()
+        e += base.TokOffset
+        return e.setParseAction(lambda x: cls(*x))
+
+    def spec(self):
+        return "d%s" % self.offset
+
+    def intermediate(self, settings):
+        return (self.offset, "disconnect")
+
+    def freeze(self, settings_):
+        return self
+
+
+class InjectAt(_Action):
+    unique_name = None
+
+    def __init__(self, offset, value):
+        _Action.__init__(self, offset)
+        self.value = value
+
+    @classmethod
+    def expr(cls):
+        e = pp.Literal("i").suppress()
+        e += base.TokOffset
+        e += pp.Literal(",").suppress()
+        e += base.TokValue
+        return e.setParseAction(lambda x: cls(*x))
+
+    def spec(self):
+        return "i%s,%s" % (self.offset, self.value.spec())
+
+    def intermediate(self, settings):
+        return (
+            self.offset,
+            "inject",
+            self.value.get_generator(settings)
+        )
+
+    def freeze(self, settings):
+        return InjectAt(self.offset, self.value.freeze(settings))
diff --git a/pathod/libpathod/language/base.py b/pathod/libpathod/language/base.py
new file mode 100644
index 00000000..a4302998
--- /dev/null
+++ b/pathod/libpathod/language/base.py
@@ -0,0 +1,576 @@
+import operator
+import os
+import abc
+import pyparsing as pp
+
+from .. import utils
+from . import generators, exceptions
+
+class Settings(object):
+
+    def __init__(
+        self,
+        is_client=False,
+        staticdir=None,
+        unconstrained_file_access=False,
+        request_host=None,
+        websocket_key=None,
+        protocol=None,
+    ):
+        self.is_client = is_client
+        self.staticdir = staticdir
+        self.unconstrained_file_access = unconstrained_file_access
+        self.request_host = request_host
+        self.websocket_key = websocket_key  # TODO: refactor this into the protocol
+        self.protocol = protocol
+
+
+Sep = pp.Optional(pp.Literal(":")).suppress()
+
+
+v_integer = pp.Word(pp.nums)\
+    .setName("integer")\
+    .setParseAction(lambda toks: int(toks[0]))
+
+
+v_literal = pp.MatchFirst(
+    [
+        pp.QuotedString(
+            "\"",
+            unquoteResults=True,
+            multiline=True
+        ),
+        pp.QuotedString(
+            "'",
+            unquoteResults=True,
+            multiline=True
+        ),
+    ]
+)
+
+v_naked_literal = pp.MatchFirst(
+    [
+        v_literal,
+        pp.Word("".join(i for i in pp.printables if i not in ",:\n@\'\""))
+    ]
+)
+
+
+class Token(object):
+
+    """
+        A token in the specification language. Tokens are immutable. The token
+        classes have no meaning in and of themselves, and are combined into
+        Components and Actions to build the language.
+    """
+    __metaclass__ = abc.ABCMeta
+
+    @classmethod
+    def expr(cls):  # pragma: no cover
+        """
+            A parse expression.
+        """
+        return None
+
+    @abc.abstractmethod
+    def spec(self):  # pragma: no cover
+        """
+            A parseable specification for this token.
+        """
+        return None
+
+    @property
+    def unique_name(self):
+        """
+            Controls uniqueness constraints for tokens. No two tokens with the
+            same name will be allowed. If no uniquness should be applied, this
+            should be None.
+        """
+        return self.__class__.__name__.lower()
+
+    def resolve(self, settings_, msg_):
+        """
+            Resolves this token to ready it for transmission. This means that
+            the calculated offsets of actions are fixed.
+
+            settings: a language.Settings instance
+            msg: The containing message
+        """
+        return self
+
+    def __repr__(self):
+        return self.spec()
+
+
+class _TokValueLiteral(Token):
+
+    def __init__(self, val):
+        self.val = val.decode("string_escape")
+
+    def get_generator(self, settings_):
+        return self.val
+
+    def freeze(self, settings_):
+        return self
+
+
+class TokValueLiteral(_TokValueLiteral):
+
+    """
+        A literal with Python-style string escaping
+    """
+    @classmethod
+    def expr(cls):
+        e = v_literal.copy()
+        return e.setParseAction(cls.parseAction)
+
+    @classmethod
+    def parseAction(cls, x):
+        v = cls(*x)
+        return v
+
+    def spec(self):
+        inner = self.val.encode("string_escape")
+        inner = inner.replace(r"\'", r"\x27")
+        return "'" + inner + "'"
+
+
+class TokValueNakedLiteral(_TokValueLiteral):
+
+    @classmethod
+    def expr(cls):
+        e = v_naked_literal.copy()
+        return e.setParseAction(lambda x: cls(*x))
+
+    def spec(self):
+        return self.val.encode("string_escape")
+
+
+class TokValueGenerate(Token):
+
+    def __init__(self, usize, unit, datatype):
+        if not unit:
+            unit = "b"
+        self.usize, self.unit, self.datatype = usize, unit, datatype
+
+    def bytes(self):
+        return self.usize * utils.SIZE_UNITS[self.unit]
+
+    def get_generator(self, settings_):
+        return generators.RandomGenerator(self.datatype, self.bytes())
+
+    def freeze(self, settings):
+        g = self.get_generator(settings)
+        return TokValueLiteral(g[:].encode("string_escape"))
+
+    @classmethod
+    def expr(cls):
+        e = pp.Literal("@").suppress() + v_integer
+
+        u = reduce(
+            operator.or_,
+            [pp.Literal(i) for i in utils.SIZE_UNITS.keys()]
+        ).leaveWhitespace()
+        e = e + pp.Optional(u, default=None)
+
+        s = pp.Literal(",").suppress()
+        s += reduce(
+            operator.or_,
+            [pp.Literal(i) for i in generators.DATATYPES.keys()]
+        )
+        e += pp.Optional(s, default="bytes")
+        return e.setParseAction(lambda x: cls(*x))
+
+    def spec(self):
+        s = "@%s" % self.usize
+        if self.unit != "b":
+            s += self.unit
+        if self.datatype != "bytes":
+            s += ",%s" % self.datatype
+        return s
+
+
+class TokValueFile(Token):
+
+    def __init__(self, path):
+        self.path = str(path)
+
+    @classmethod
+    def expr(cls):
+        e = pp.Literal("<").suppress()
+        e = e + v_naked_literal
+        return e.setParseAction(lambda x: cls(*x))
+
+    def freeze(self, settings_):
+        return self
+
+    def get_generator(self, settings):
+        if not settings.staticdir:
+            raise exceptions.FileAccessDenied("File access disabled.")
+        s = os.path.expanduser(self.path)
+        s = os.path.normpath(
+            os.path.abspath(os.path.join(settings.staticdir, s))
+        )
+        uf = settings.unconstrained_file_access
+        if not uf and not s.startswith(settings.staticdir):
+            raise exceptions.FileAccessDenied(
+                "File access outside of configured directory"
+            )
+        if not os.path.isfile(s):
+            raise exceptions.FileAccessDenied("File not readable")
+        return generators.FileGenerator(s)
+
+    def spec(self):
+        return "<'%s'" % self.path.encode("string_escape")
+
+
+TokValue = pp.MatchFirst(
+    [
+        TokValueGenerate.expr(),
+        TokValueFile.expr(),
+        TokValueLiteral.expr()
+    ]
+)
+
+
+TokNakedValue = pp.MatchFirst(
+    [
+        TokValueGenerate.expr(),
+        TokValueFile.expr(),
+        TokValueLiteral.expr(),
+        TokValueNakedLiteral.expr(),
+    ]
+)
+
+
+TokOffset = pp.MatchFirst(
+    [
+        v_integer,
+        pp.Literal("r"),
+        pp.Literal("a")
+    ]
+)
+
+
+class _Component(Token):
+
+    """
+        A value component of the primary specification of an message.
+        Components produce byte values desribe the bytes of the message.
+    """
+
+    def values(self, settings):  # pragma: no cover
+        """
+           A sequence of values, which can either be strings or generators.
+        """
+        pass
+
+    def string(self, settings=None):
+        """
+            A string representation of the object.
+        """
+        return "".join(i[:] for i in self.values(settings or {}))
+
+
+class KeyValue(_Component):
+
+    """
+        A key/value pair.
+        cls.preamble: leader
+    """
+
+    def __init__(self, key, value):
+        self.key, self.value = key, value
+
+    @classmethod
+    def expr(cls):
+        e = pp.Literal(cls.preamble).suppress()
+        e += TokValue
+        e += pp.Literal("=").suppress()
+        e += TokValue
+        return e.setParseAction(lambda x: cls(*x))
+
+    def spec(self):
+        return "%s%s=%s" % (self.preamble, self.key.spec(), self.value.spec())
+
+    def freeze(self, settings):
+        return self.__class__(
+            self.key.freeze(settings), self.value.freeze(settings)
+        )
+
+
+class CaselessLiteral(_Component):
+
+    """
+        A caseless token that can take only one value.
+    """
+
+    def __init__(self, value):
+        self.value = value
+
+    @classmethod
+    def expr(cls):
+        spec = pp.CaselessLiteral(cls.TOK)
+        spec = spec.setParseAction(lambda x: cls(*x))
+        return spec
+
+    def values(self, settings):
+        return self.TOK
+
+    def spec(self):
+        return self.TOK
+
+    def freeze(self, settings_):
+        return self
+
+
+class OptionsOrValue(_Component):
+
+    """
+        Can be any of a specified set of options, or a value specifier.
+    """
+    preamble = ""
+    options = []
+
+    def __init__(self, value):
+        # If it's a string, we were passed one of the options, so we lower-case
+        # it to be canonical. The user can specify a different case by using a
+        # string value literal.
+        self.option_used = False
+        if isinstance(value, basestring):
+            for i in self.options:
+                # Find the exact option value in a case-insensitive way
+                if i.lower() == value.lower():
+                    self.option_used = True
+                    value = TokValueLiteral(i)
+                    break
+        self.value = value
+
+    @classmethod
+    def expr(cls):
+        parts = [pp.CaselessLiteral(i) for i in cls.options]
+        m = pp.MatchFirst(parts)
+        spec = m | TokValue.copy()
+        spec = spec.setParseAction(lambda x: cls(*x))
+        if cls.preamble:
+            spec = pp.Literal(cls.preamble).suppress() + spec
+        return spec
+
+    def values(self, settings):
+        return [
+            self.value.get_generator(settings)
+        ]
+
+    def spec(self):
+        s = self.value.spec()
+        if s[1:-1].lower() in self.options:
+            s = s[1:-1].lower()
+        return "%s%s" % (self.preamble, s)
+
+    def freeze(self, settings):
+        return self.__class__(self.value.freeze(settings))
+
+
+class Integer(_Component):
+    bounds = (None, None)
+    preamble = ""
+
+    def __init__(self, value):
+        v = int(value)
+        outofbounds = any([
+            self.bounds[0] is not None and v < self.bounds[0],
+            self.bounds[1] is not None and v > self.bounds[1]
+        ])
+        if outofbounds:
+            raise exceptions.ParseException(
+                "Integer value must be between %s and %s." % self.bounds,
+                0, 0
+            )
+        self.value = str(value)
+
+    @classmethod
+    def expr(cls):
+        e = v_integer.copy()
+        if cls.preamble:
+            e = pp.Literal(cls.preamble).suppress() + e
+        return e.setParseAction(lambda x: cls(*x))
+
+    def values(self, settings):
+        return self.value
+
+    def spec(self):
+        return "%s%s" % (self.preamble, self.value)
+
+    def freeze(self, settings_):
+        return self
+
+
+class Value(_Component):
+
+    """
+        A value component lead by an optional preamble.
+    """
+    preamble = ""
+
+    def __init__(self, value):
+        self.value = value
+
+    @classmethod
+    def expr(cls):
+        e = (TokValue | TokNakedValue)
+        if cls.preamble:
+            e = pp.Literal(cls.preamble).suppress() + e
+        return e.setParseAction(lambda x: cls(*x))
+
+    def values(self, settings):
+        return [self.value.get_generator(settings)]
+
+    def spec(self):
+        return "%s%s" % (self.preamble, self.value.spec())
+
+    def freeze(self, settings):
+        return self.__class__(self.value.freeze(settings))
+
+
+class FixedLengthValue(Value):
+
+    """
+        A value component lead by an optional preamble.
+    """
+    preamble = ""
+    length = None
+
+    def __init__(self, value):
+        Value.__init__(self, value)
+        lenguess = None
+        try:
+            lenguess = len(value.get_generator(Settings()))
+        except exceptions.RenderError:
+            pass
+        # This check will fail if we know the length upfront
+        if lenguess is not None and lenguess != self.length:
+            raise exceptions.RenderError(
+                "Invalid value length: '%s' is %s bytes, should be %s." % (
+                    self.spec(),
+                    lenguess,
+                    self.length
+                )
+            )
+
+    def values(self, settings):
+        ret = Value.values(self, settings)
+        l = sum(len(i) for i in ret)
+        # This check will fail if we don't know the length upfront - i.e. for
+        # file inputs
+        if l != self.length:
+            raise exceptions.RenderError(
+                "Invalid value length: '%s' is %s bytes, should be %s." % (
+                    self.spec(),
+                    l,
+                    self.length
+                )
+            )
+        return ret
+
+
+class Boolean(_Component):
+
+    """
+        A boolean flag.
+            name  = true
+            -name = false
+    """
+    name = ""
+
+    def __init__(self, value):
+        self.value = value
+
+    @classmethod
+    def expr(cls):
+        e = pp.Optional(pp.Literal("-"), default=True)
+        e += pp.Literal(cls.name).suppress()
+
+        def parse(s_, loc_, toks):
+            val = True
+            if toks[0] == "-":
+                val = False
+            return cls(val)
+
+        return e.setParseAction(parse)
+
+    def spec(self):
+        return "%s%s" % ("-" if not self.value else "", self.name)
+
+
+class IntField(_Component):
+
+    """
+        An integer field, where values can optionally specified by name.
+    """
+    names = {}
+    max = 16
+    preamble = ""
+
+    def __init__(self, value):
+        self.origvalue = value
+        self.value = self.names.get(value, value)
+        if self.value > self.max:
+            raise exceptions.ParseException(
+                "Value can't exceed %s" % self.max, 0, 0
+            )
+
+    @classmethod
+    def expr(cls):
+        parts = [pp.CaselessLiteral(i) for i in cls.names.keys()]
+        m = pp.MatchFirst(parts)
+        spec = m | v_integer.copy()
+        spec = spec.setParseAction(lambda x: cls(*x))
+        if cls.preamble:
+            spec = pp.Literal(cls.preamble).suppress() + spec
+        return spec
+
+    def values(self, settings):
+        return [str(self.value)]
+
+    def spec(self):
+        return "%s%s" % (self.preamble, self.origvalue)
+
+
+class NestedMessage(Token):
+
+    """
+        A nested message, as an escaped string with a preamble.
+    """
+    preamble = ""
+    nest_type = None
+
+    def __init__(self, value):
+        Token.__init__(self)
+        self.value = value
+        try:
+            self.parsed = self.nest_type(
+                self.nest_type.expr().parseString(
+                    value.val,
+                    parseAll=True
+                )
+            )
+        except pp.ParseException as v:
+            raise exceptions.ParseException(v.msg, v.line, v.col)
+
+    @classmethod
+    def expr(cls):
+        e = pp.Literal(cls.preamble).suppress()
+        e = e + TokValueLiteral.expr()
+        return e.setParseAction(lambda x: cls(*x))
+
+    def values(self, settings):
+        return [
+            self.value.get_generator(settings),
+        ]
+
+    def spec(self):
+        return "%s%s" % (self.preamble, self.value.spec())
+
+    def freeze(self, settings):
+        f = self.parsed.freeze(settings).spec()
+        return self.__class__(TokValueLiteral(f.encode("string_escape")))
diff --git a/pathod/libpathod/language/exceptions.py b/pathod/libpathod/language/exceptions.py
new file mode 100644
index 00000000..84ad3c02
--- /dev/null
+++ b/pathod/libpathod/language/exceptions.py
@@ -0,0 +1,22 @@
+
+class RenderError(Exception):
+    pass
+
+
+class FileAccessDenied(RenderError):
+    pass
+
+
+class ParseException(Exception):
+
+    def __init__(self, msg, s, col):
+        Exception.__init__(self)
+        self.msg = msg
+        self.s = s
+        self.col = col
+
+    def marked(self):
+        return "%s\n%s" % (self.s, " " * (self.col - 1) + "^")
+
+    def __str__(self):
+        return "%s at char %s" % (self.msg, self.col)
diff --git a/pathod/libpathod/language/generators.py b/pathod/libpathod/language/generators.py
new file mode 100644
index 00000000..a17e7052
--- /dev/null
+++ b/pathod/libpathod/language/generators.py
@@ -0,0 +1,86 @@
+import string
+import random
+import mmap
+
+DATATYPES = dict(
+    ascii_letters=string.ascii_letters,
+    ascii_lowercase=string.ascii_lowercase,
+    ascii_uppercase=string.ascii_uppercase,
+    digits=string.digits,
+    hexdigits=string.hexdigits,
+    octdigits=string.octdigits,
+    punctuation=string.punctuation,
+    whitespace=string.whitespace,
+    ascii=string.printable,
+    bytes="".join(chr(i) for i in range(256))
+)
+
+
+class TransformGenerator(object):
+
+    """
+        Perform a byte-by-byte transform another generator - that is, for each
+        input byte, the transformation must produce one output byte.
+
+        gen: A generator to wrap
+        transform: A function (offset, data) -> transformed
+    """
+
+    def __init__(self, gen, transform):
+        self.gen = gen
+        self.transform = transform
+
+    def __len__(self):
+        return len(self.gen)
+
+    def __getitem__(self, x):
+        d = self.gen.__getitem__(x)
+        return self.transform(x, d)
+
+    def __getslice__(self, a, b):
+        d = self.gen.__getslice__(a, b)
+        return self.transform(a, d)
+
+    def __repr__(self):
+        return "'transform(%s)'" % self.gen
+
+
+class RandomGenerator(object):
+
+    def __init__(self, dtype, length):
+        self.dtype = dtype
+        self.length = length
+
+    def __len__(self):
+        return self.length
+
+    def __getitem__(self, x):
+        return random.choice(DATATYPES[self.dtype])
+
+    def __getslice__(self, a, b):
+        b = min(b, self.length)
+        chars = DATATYPES[self.dtype]
+        return "".join(random.choice(chars) for x in range(a, b))
+
+    def __repr__(self):
+        return "%s random from %s" % (self.length, self.dtype)
+
+
+class FileGenerator(object):
+
+    def __init__(self, path):
+        self.path = path
+        self.fp = file(path, "rb")
+        self.map = mmap.mmap(self.fp.fileno(), 0, access=mmap.ACCESS_READ)
+
+    def __len__(self):
+        return len(self.map)
+
+    def __getitem__(self, x):
+        return self.map.__getitem__(x)
+
+    def __getslice__(self, a, b):
+        return self.map.__getslice__(a, b)
+
+    def __repr__(self):
+        return "<%s" % self.path
diff --git a/pathod/libpathod/language/http.py b/pathod/libpathod/language/http.py
new file mode 100644
index 00000000..a82f12fe
--- /dev/null
+++ b/pathod/libpathod/language/http.py
@@ -0,0 +1,381 @@
+
+import abc
+
+import pyparsing as pp
+
+import netlib.websockets
+from netlib.http import status_codes, user_agents
+from . import base, exceptions, actions, message
+
+# TODO: use netlib.semantics.protocol assemble method,
+# instead of duplicating the HTTP on-the-wire representation here.
+# see http2 language for an example
+
+class WS(base.CaselessLiteral):
+    TOK = "ws"
+
+
+class Raw(base.CaselessLiteral):
+    TOK = "r"
+
+
+class Path(base.Value):
+    pass
+
+
+class StatusCode(base.Integer):
+    pass
+
+
+class Reason(base.Value):
+    preamble = "m"
+
+
+class Body(base.Value):
+    preamble = "b"
+
+
+class Times(base.Integer):
+    preamble = "x"
+
+
+class Method(base.OptionsOrValue):
+    options = [
+        "GET",
+        "HEAD",
+        "POST",
+        "PUT",
+        "DELETE",
+        "OPTIONS",
+        "TRACE",
+        "CONNECT",
+    ]
+
+
+class _HeaderMixin(object):
+    unique_name = None
+
+    def format_header(self, key, value):
+        return [key, ": ", value, "\r\n"]
+
+    def values(self, settings):
+        return self.format_header(
+            self.key.get_generator(settings),
+            self.value.get_generator(settings),
+        )
+
+
+class Header(_HeaderMixin, base.KeyValue):
+    preamble = "h"
+
+
+class ShortcutContentType(_HeaderMixin, base.Value):
+    preamble = "c"
+    key = base.TokValueLiteral("Content-Type")
+
+
+class ShortcutLocation(_HeaderMixin, base.Value):
+    preamble = "l"
+    key = base.TokValueLiteral("Location")
+
+
+class ShortcutUserAgent(_HeaderMixin, base.OptionsOrValue):
+    preamble = "u"
+    options = [i[1] for i in user_agents.UASTRINGS]
+    key = base.TokValueLiteral("User-Agent")
+
+    def values(self, settings):
+        value = self.value.val
+        if self.option_used:
+            value = user_agents.get_by_shortcut(value.lower())[2]
+
+        return self.format_header(
+            self.key.get_generator(settings),
+            value
+        )
+
+
+def get_header(val, headers):
+    """
+        Header keys may be Values, so we have to "generate" them as we try the
+        match.
+    """
+    for h in headers:
+        k = h.key.get_generator({})
+        if len(k) == len(val) and k[:].lower() == val.lower():
+            return h
+    return None
+
+
+class _HTTPMessage(message.Message):
+    version = "HTTP/1.1"
+
+    @property
+    def actions(self):
+        return self.toks(actions._Action)
+
+    @property
+    def raw(self):
+        return bool(self.tok(Raw))
+
+    @property
+    def body(self):
+        return self.tok(Body)
+
+    @abc.abstractmethod
+    def preamble(self, settings):  # pragma: no cover
+        pass
+
+    @property
+    def headers(self):
+        return self.toks(_HeaderMixin)
+
+    def values(self, settings):
+        vals = self.preamble(settings)
+        vals.append("\r\n")
+        for h in self.headers:
+            vals.extend(h.values(settings))
+        vals.append("\r\n")
+        if self.body:
+            vals.extend(self.body.values(settings))
+        return vals
+
+
+class Response(_HTTPMessage):
+    unique_name = None
+    comps = (
+        Header,
+        ShortcutContentType,
+        ShortcutLocation,
+        Raw,
+        Reason,
+        Body,
+
+        actions.PauseAt,
+        actions.DisconnectAt,
+        actions.InjectAt,
+    )
+    logattrs = ["status_code", "reason", "version", "body"]
+
+    @property
+    def ws(self):
+        return self.tok(WS)
+
+    @property
+    def status_code(self):
+        return self.tok(StatusCode)
+
+    @property
+    def reason(self):
+        return self.tok(Reason)
+
+    def preamble(self, settings):
+        l = [self.version, " "]
+        l.extend(self.status_code.values(settings))
+        status_code = int(self.status_code.value)
+        l.append(" ")
+        if self.reason:
+            l.extend(self.reason.values(settings))
+        else:
+            l.append(
+                status_codes.RESPONSES.get(
+                    status_code,
+                    "Unknown code"
+                )
+            )
+        return l
+
+    def resolve(self, settings, msg=None):
+        tokens = self.tokens[:]
+        if self.ws:
+            if not settings.websocket_key:
+                raise exceptions.RenderError(
+                    "No websocket key - have we seen a client handshake?"
+                )
+            if not self.status_code:
+                tokens.insert(
+                    1,
+                    StatusCode(101)
+                )
+            headers = netlib.websockets.WebsocketsProtocol.server_handshake_headers(
+                settings.websocket_key
+            )
+            for i in headers.fields:
+                if not get_header(i[0], self.headers):
+                    tokens.append(
+                        Header(
+                            base.TokValueLiteral(i[0]),
+                            base.TokValueLiteral(i[1]))
+                    )
+        if not self.raw:
+            if not get_header("Content-Length", self.headers):
+                if not self.body:
+                    length = 0
+                else:
+                    length = sum(
+                        len(i) for i in self.body.values(settings)
+                    )
+                tokens.append(
+                    Header(
+                        base.TokValueLiteral("Content-Length"),
+                        base.TokValueLiteral(str(length)),
+                    )
+                )
+        intermediate = self.__class__(tokens)
+        return self.__class__(
+            [i.resolve(settings, intermediate) for i in tokens]
+        )
+
+    @classmethod
+    def expr(cls):
+        parts = [i.expr() for i in cls.comps]
+        atom = pp.MatchFirst(parts)
+        resp = pp.And(
+            [
+                pp.MatchFirst(
+                    [
+                        WS.expr() + pp.Optional(
+                            base.Sep + StatusCode.expr()
+                        ),
+                        StatusCode.expr(),
+                    ]
+                ),
+                pp.ZeroOrMore(base.Sep + atom)
+            ]
+        )
+        resp = resp.setParseAction(cls)
+        return resp
+
+    def spec(self):
+        return ":".join([i.spec() for i in self.tokens])
+
+
+class NestedResponse(base.NestedMessage):
+    preamble = "s"
+    nest_type = Response
+
+
+class Request(_HTTPMessage):
+    comps = (
+        Header,
+        ShortcutContentType,
+        ShortcutUserAgent,
+        Raw,
+        NestedResponse,
+        Body,
+        Times,
+
+        actions.PauseAt,
+        actions.DisconnectAt,
+        actions.InjectAt,
+    )
+    logattrs = ["method", "path", "body"]
+
+    @property
+    def ws(self):
+        return self.tok(WS)
+
+    @property
+    def method(self):
+        return self.tok(Method)
+
+    @property
+    def path(self):
+        return self.tok(Path)
+
+    @property
+    def times(self):
+        return self.tok(Times)
+
+    @property
+    def nested_response(self):
+        return self.tok(NestedResponse)
+
+    def preamble(self, settings):
+        v = self.method.values(settings)
+        v.append(" ")
+        v.extend(self.path.values(settings))
+        if self.nested_response:
+            v.append(self.nested_response.parsed.spec())
+        v.append(" ")
+        v.append(self.version)
+        return v
+
+    def resolve(self, settings, msg=None):
+        tokens = self.tokens[:]
+        if self.ws:
+            if not self.method:
+                tokens.insert(
+                    1,
+                    Method("get")
+                )
+            for i in netlib.websockets.WebsocketsProtocol.client_handshake_headers().fields:
+                if not get_header(i[0], self.headers):
+                    tokens.append(
+                        Header(
+                            base.TokValueLiteral(i[0]),
+                            base.TokValueLiteral(i[1])
+                        )
+                    )
+        if not self.raw:
+            if not get_header("Content-Length", self.headers):
+                if self.body:
+                    length = sum(
+                        len(i) for i in self.body.values(settings)
+                    )
+                    tokens.append(
+                        Header(
+                            base.TokValueLiteral("Content-Length"),
+                            base.TokValueLiteral(str(length)),
+                        )
+                    )
+            if settings.request_host:
+                if not get_header("Host", self.headers):
+                    tokens.append(
+                        Header(
+                            base.TokValueLiteral("Host"),
+                            base.TokValueLiteral(settings.request_host)
+                        )
+                    )
+        intermediate = self.__class__(tokens)
+        return self.__class__(
+            [i.resolve(settings, intermediate) for i in tokens]
+        )
+
+    @classmethod
+    def expr(cls):
+        parts = [i.expr() for i in cls.comps]
+        atom = pp.MatchFirst(parts)
+        resp = pp.And(
+            [
+                pp.MatchFirst(
+                    [
+                        WS.expr() + pp.Optional(
+                            base.Sep + Method.expr()
+                        ),
+                        Method.expr(),
+                    ]
+                ),
+                base.Sep,
+                Path.expr(),
+                pp.ZeroOrMore(base.Sep + atom)
+            ]
+        )
+        resp = resp.setParseAction(cls)
+        return resp
+
+    def spec(self):
+        return ":".join([i.spec() for i in self.tokens])
+
+
+def make_error_response(reason, body=None):
+    tokens = [
+        StatusCode("800"),
+        Header(
+            base.TokValueLiteral("Content-Type"),
+            base.TokValueLiteral("text/plain")
+        ),
+        Reason(base.TokValueLiteral(reason)),
+        Body(base.TokValueLiteral("pathod error: " + (body or reason))),
+    ]
+    return Response(tokens)
diff --git a/pathod/libpathod/language/http2.py b/pathod/libpathod/language/http2.py
new file mode 100644
index 00000000..d5e3ca31
--- /dev/null
+++ b/pathod/libpathod/language/http2.py
@@ -0,0 +1,299 @@
+import pyparsing as pp
+
+from netlib import http
+from netlib.http import user_agents, Headers
+from . import base, message
+
+"""
+    Normal HTTP requests:
+        <method>:<path>:<header>:<body>
+    e.g.:
+        GET:/
+        GET:/:h"foo"="bar"
+        POST:/:h"foo"="bar":b'content body payload'
+
+    Normal HTTP responses:
+        <code>:<header>:<body>
+    e.g.:
+        200
+        302:h"foo"="bar"
+        404:h"foo"="bar":b'content body payload'
+
+    Individual HTTP/2 frames:
+        h2f:<payload_length>:<type>:<flags>:<stream_id>:<payload>
+    e.g.:
+        h2f:0:PING
+        h2f:42:HEADERS:END_HEADERS:0x1234567:foo=bar,host=example.com
+        h2f:42:DATA:END_STREAM,PADDED:0x1234567:'content body payload'
+"""
+
+def get_header(val, headers):
+    """
+        Header keys may be Values, so we have to "generate" them as we try the
+        match.
+    """
+    for h in headers:
+        k = h.key.get_generator({})
+        if len(k) == len(val) and k[:].lower() == val.lower():
+            return h
+    return None
+
+
+class _HeaderMixin(object):
+    unique_name = None
+
+    def values(self, settings):
+        return (
+            self.key.get_generator(settings),
+            self.value.get_generator(settings),
+        )
+
+class _HTTP2Message(message.Message):
+    @property
+    def actions(self):
+        return []  # self.toks(actions._Action)
+
+    @property
+    def headers(self):
+        headers = self.toks(_HeaderMixin)
+
+        if not self.raw:
+            if not get_header("content-length", headers):
+                if not self.body:
+                    length = 0
+                else:
+                    length = len(self.body.string())
+                headers.append(
+                    Header(
+                        base.TokValueLiteral("content-length"),
+                        base.TokValueLiteral(str(length)),
+                    )
+                )
+        return headers
+
+    @property
+    def raw(self):
+        return bool(self.tok(Raw))
+
+    @property
+    def body(self):
+        return self.tok(Body)
+
+    def resolve(self, settings):
+        return self
+
+
+class StatusCode(base.Integer):
+    pass
+
+
+class Method(base.OptionsOrValue):
+    options = [
+        "GET",
+        "HEAD",
+        "POST",
+        "PUT",
+        "DELETE",
+    ]
+
+
+class Path(base.Value):
+    pass
+
+
+class Header(_HeaderMixin, base.KeyValue):
+    preamble = "h"
+
+
+class ShortcutContentType(_HeaderMixin, base.Value):
+    preamble = "c"
+    key = base.TokValueLiteral("content-type")
+
+
+class ShortcutLocation(_HeaderMixin, base.Value):
+    preamble = "l"
+    key = base.TokValueLiteral("location")
+
+
+class ShortcutUserAgent(_HeaderMixin, base.OptionsOrValue):
+    preamble = "u"
+    options = [i[1] for i in user_agents.UASTRINGS]
+    key = base.TokValueLiteral("user-agent")
+
+    def values(self, settings):
+        value = self.value.val
+        if self.option_used:
+            value = user_agents.get_by_shortcut(value.lower())[2]
+
+        return (
+            self.key.get_generator(settings),
+            value
+        )
+
+
+class Raw(base.CaselessLiteral):
+    TOK = "r"
+
+
+class Body(base.Value):
+    preamble = "b"
+
+
+class Times(base.Integer):
+    preamble = "x"
+
+
+class Response(_HTTP2Message):
+    unique_name = None
+    comps = (
+        Header,
+        Body,
+        ShortcutContentType,
+        ShortcutLocation,
+        Raw,
+    )
+
+    def __init__(self, tokens):
+        super(Response, self).__init__(tokens)
+        self.rendered_values = None
+        self.stream_id = 2
+
+    @property
+    def status_code(self):
+        return self.tok(StatusCode)
+
+    @classmethod
+    def expr(cls):
+        parts = [i.expr() for i in cls.comps]
+        atom = pp.MatchFirst(parts)
+        resp = pp.And(
+            [
+                StatusCode.expr(),
+                pp.ZeroOrMore(base.Sep + atom)
+            ]
+        )
+        resp = resp.setParseAction(cls)
+        return resp
+
+    def values(self, settings):
+        if self.rendered_values:
+            return self.rendered_values
+        else:
+            headers = Headers([header.values(settings) for header in self.headers])
+
+            body = self.body
+            if body:
+                body = body.string()
+
+            resp = http.Response(
+                (2, 0),
+                self.status_code.string(),
+                '',
+                headers,
+                body,
+            )
+            resp.stream_id = self.stream_id
+
+            self.rendered_values = settings.protocol.assemble(resp)
+            return self.rendered_values
+
+    def spec(self):
+        return ":".join([i.spec() for i in self.tokens])
+
+
+class NestedResponse(base.NestedMessage):
+    preamble = "s"
+    nest_type = Response
+
+
+class Request(_HTTP2Message):
+    comps = (
+        Header,
+        ShortcutContentType,
+        ShortcutUserAgent,
+        Raw,
+        NestedResponse,
+        Body,
+        Times,
+    )
+    logattrs = ["method", "path"]
+
+    def __init__(self, tokens):
+        super(Request, self).__init__(tokens)
+        self.rendered_values = None
+        self.stream_id = 1
+
+    @property
+    def method(self):
+        return self.tok(Method)
+
+    @property
+    def path(self):
+        return self.tok(Path)
+
+    @property
+    def nested_response(self):
+        return self.tok(NestedResponse)
+
+    @property
+    def times(self):
+        return self.tok(Times)
+
+    @classmethod
+    def expr(cls):
+        parts = [i.expr() for i in cls.comps]
+        atom = pp.MatchFirst(parts)
+        resp = pp.And(
+            [
+                Method.expr(),
+                base.Sep,
+                Path.expr(),
+                pp.ZeroOrMore(base.Sep + atom)
+            ]
+        )
+        resp = resp.setParseAction(cls)
+        return resp
+
+    def values(self, settings):
+        if self.rendered_values:
+            return self.rendered_values
+        else:
+            path = self.path.string()
+            if self.nested_response:
+                path += self.nested_response.parsed.spec()
+
+            headers = Headers([header.values(settings) for header in self.headers])
+
+            body = self.body
+            if body:
+                body = body.string()
+
+            req = http.Request(
+                '',
+                self.method.string(),
+                '',
+                '',
+                '',
+                path,
+                (2, 0),
+                headers,
+                body,
+            )
+            req.stream_id = self.stream_id
+
+            self.rendered_values = settings.protocol.assemble(req)
+            return self.rendered_values
+
+    def spec(self):
+        return ":".join([i.spec() for i in self.tokens])
+
+def make_error_response(reason, body=None):
+    tokens = [
+        StatusCode("800"),
+        Body(base.TokValueLiteral("pathod error: " + (body or reason))),
+    ]
+    return Response(tokens)
+
+
+# class Frame(message.Message):
+#     pass
diff --git a/pathod/libpathod/language/message.py b/pathod/libpathod/language/message.py
new file mode 100644
index 00000000..33124856
--- /dev/null
+++ b/pathod/libpathod/language/message.py
@@ -0,0 +1,96 @@
+import abc
+from . import actions, exceptions
+
+LOG_TRUNCATE = 1024
+
+
+class Message(object):
+    __metaclass__ = abc.ABCMeta
+    logattrs = []
+
+    def __init__(self, tokens):
+        track = set([])
+        for i in tokens:
+            if i.unique_name:
+                if i.unique_name in track:
+                    raise exceptions.ParseException(
+                        "Message has multiple %s clauses, "
+                        "but should only have one." % i.unique_name,
+                        0, 0
+                    )
+                else:
+                    track.add(i.unique_name)
+        self.tokens = tokens
+
+    def strike_token(self, name):
+        toks = [i for i in self.tokens if i.unique_name != name]
+        return self.__class__(toks)
+
+    def toks(self, klass):
+        """
+            Fetch all tokens that are instances of klass
+        """
+        return [i for i in self.tokens if isinstance(i, klass)]
+
+    def tok(self, klass):
+        """
+            Fetch first token that is an instance of klass
+        """
+        l = self.toks(klass)
+        if l:
+            return l[0]
+
+    def length(self, settings):
+        """
+            Calculate the length of the base message without any applied
+            actions.
+        """
+        return sum(len(x) for x in self.values(settings))
+
+    def preview_safe(self):
+        """
+            Return a copy of this message that issafe for previews.
+        """
+        tokens = [i for i in self.tokens if not isinstance(i, actions.PauseAt)]
+        return self.__class__(tokens)
+
+    def maximum_length(self, settings):
+        """
+            Calculate the maximum length of the base message with all applied
+            actions.
+        """
+        l = self.length(settings)
+        for i in self.actions:
+            if isinstance(i, actions.InjectAt):
+                l += len(i.value.get_generator(settings))
+        return l
+
+    @classmethod
+    def expr(cls):  # pragma: no cover
+        pass
+
+    def log(self, settings):
+        """
+            A dictionary that should be logged if this message is served.
+        """
+        ret = {}
+        for i in self.logattrs:
+            v = getattr(self, i)
+            # Careful not to log any VALUE specs without sanitizing them first.
+            # We truncate at 1k.
+            if hasattr(v, "values"):
+                v = [x[:LOG_TRUNCATE] for x in v.values(settings)]
+                v = "".join(v).encode("string_escape")
+            elif hasattr(v, "__len__"):
+                v = v[:LOG_TRUNCATE]
+                v = v.encode("string_escape")
+            ret[i] = v
+        ret["spec"] = self.spec()
+        return ret
+
+    def freeze(self, settings):
+        r = self.resolve(settings)
+        return self.__class__([i.freeze(settings) for i in r.tokens])
+
+    def __repr__(self):
+        return self.spec()
diff --git a/pathod/libpathod/language/websockets.py b/pathod/libpathod/language/websockets.py
new file mode 100644
index 00000000..ea7c870e
--- /dev/null
+++ b/pathod/libpathod/language/websockets.py
@@ -0,0 +1,241 @@
+import os
+import netlib.websockets
+import pyparsing as pp
+from . import base, generators, actions, message
+
+NESTED_LEADER = "pathod!"
+
+
+class WF(base.CaselessLiteral):
+    TOK = "wf"
+
+
+class OpCode(base.IntField):
+    names = {
+        "continue": netlib.websockets.OPCODE.CONTINUE,
+        "text": netlib.websockets.OPCODE.TEXT,
+        "binary": netlib.websockets.OPCODE.BINARY,
+        "close": netlib.websockets.OPCODE.CLOSE,
+        "ping": netlib.websockets.OPCODE.PING,
+        "pong": netlib.websockets.OPCODE.PONG,
+    }
+    max = 15
+    preamble = "c"
+
+
+class Body(base.Value):
+    preamble = "b"
+
+
+class RawBody(base.Value):
+    unique_name = "body"
+    preamble = "r"
+
+
+class Fin(base.Boolean):
+    name = "fin"
+
+
+class RSV1(base.Boolean):
+    name = "rsv1"
+
+
+class RSV2(base.Boolean):
+    name = "rsv2"
+
+
+class RSV3(base.Boolean):
+    name = "rsv3"
+
+
+class Mask(base.Boolean):
+    name = "mask"
+
+
+class Key(base.FixedLengthValue):
+    preamble = "k"
+    length = 4
+
+
+class KeyNone(base.CaselessLiteral):
+    unique_name = "key"
+    TOK = "knone"
+
+
+class Length(base.Integer):
+    bounds = (0, 1 << 64)
+    preamble = "l"
+
+
+class Times(base.Integer):
+    preamble = "x"
+
+
+COMPONENTS = (
+    OpCode,
+    Length,
+    # Bit flags
+    Fin,
+    RSV1,
+    RSV2,
+    RSV3,
+    Mask,
+    actions.PauseAt,
+    actions.DisconnectAt,
+    actions.InjectAt,
+    KeyNone,
+    Key,
+    Times,
+
+    Body,
+    RawBody,
+)
+
+
+class WebsocketFrame(message.Message):
+    components = COMPONENTS
+    logattrs = ["body"]
+    # Used for nested frames
+    unique_name = "body"
+
+    @property
+    def actions(self):
+        return self.toks(actions._Action)
+
+    @property
+    def body(self):
+        return self.tok(Body)
+
+    @property
+    def rawbody(self):
+        return self.tok(RawBody)
+
+    @property
+    def opcode(self):
+        return self.tok(OpCode)
+
+    @property
+    def fin(self):
+        return self.tok(Fin)
+
+    @property
+    def rsv1(self):
+        return self.tok(RSV1)
+
+    @property
+    def rsv2(self):
+        return self.tok(RSV2)
+
+    @property
+    def rsv3(self):
+        return self.tok(RSV3)
+
+    @property
+    def mask(self):
+        return self.tok(Mask)
+
+    @property
+    def key(self):
+        return self.tok(Key)
+
+    @property
+    def knone(self):
+        return self.tok(KeyNone)
+
+    @property
+    def times(self):
+        return self.tok(Times)
+
+    @property
+    def toklength(self):
+        return self.tok(Length)
+
+    @classmethod
+    def expr(cls):
+        parts = [i.expr() for i in cls.components]
+        atom = pp.MatchFirst(parts)
+        resp = pp.And(
+            [
+                WF.expr(),
+                base.Sep,
+                pp.ZeroOrMore(base.Sep + atom)
+            ]
+        )
+        resp = resp.setParseAction(cls)
+        return resp
+
+    @property
+    def nested_frame(self):
+        return self.tok(NestedFrame)
+
+    def resolve(self, settings, msg=None):
+        tokens = self.tokens[:]
+        if not self.mask and settings.is_client:
+            tokens.append(
+                Mask(True)
+            )
+        if not self.knone and self.mask and self.mask.value and not self.key:
+            tokens.append(
+                Key(base.TokValueLiteral(os.urandom(4)))
+            )
+        return self.__class__(
+            [i.resolve(settings, self) for i in tokens]
+        )
+
+    def values(self, settings):
+        if self.body:
+            bodygen = self.body.value.get_generator(settings)
+            length = len(self.body.value.get_generator(settings))
+        elif self.rawbody:
+            bodygen = self.rawbody.value.get_generator(settings)
+            length = len(self.rawbody.value.get_generator(settings))
+        elif self.nested_frame:
+            bodygen = NESTED_LEADER + self.nested_frame.parsed.spec()
+            length = len(bodygen)
+        else:
+            bodygen = None
+            length = 0
+        if self.toklength:
+            length = int(self.toklength.value)
+        frameparts = dict(
+            payload_length=length
+        )
+        if self.mask and self.mask.value:
+            frameparts["mask"] = True
+        if self.knone:
+            frameparts["masking_key"] = None
+        elif self.key:
+            key = self.key.values(settings)[0][:]
+            frameparts["masking_key"] = key
+        for i in ["opcode", "fin", "rsv1", "rsv2", "rsv3", "mask"]:
+            v = getattr(self, i, None)
+            if v is not None:
+                frameparts[i] = v.value
+        frame = netlib.websockets.FrameHeader(**frameparts)
+        vals = [bytes(frame)]
+        if bodygen:
+            if frame.masking_key and not self.rawbody:
+                masker = netlib.websockets.Masker(frame.masking_key)
+                vals.append(
+                    generators.TransformGenerator(
+                        bodygen,
+                        masker.mask
+                    )
+                )
+            else:
+                vals.append(bodygen)
+        return vals
+
+    def spec(self):
+        return ":".join([i.spec() for i in self.tokens])
+
+
+class NestedFrame(base.NestedMessage):
+    preamble = "f"
+    nest_type = WebsocketFrame
+
+
+class WebsocketClientFrame(WebsocketFrame):
+    components = COMPONENTS + (
+        NestedFrame,
+    )
diff --git a/pathod/libpathod/language/writer.py b/pathod/libpathod/language/writer.py
new file mode 100644
index 00000000..1a27e1ef
--- /dev/null
+++ b/pathod/libpathod/language/writer.py
@@ -0,0 +1,67 @@
+import time
+from netlib.exceptions import TcpDisconnect
+import netlib.tcp
+
+BLOCKSIZE = 1024
+# It's not clear what the upper limit for time.sleep is. It's lower than the
+# maximum int or float. 1 year should do.
+FOREVER = 60 * 60 * 24 * 365
+
+
+def send_chunk(fp, val, blocksize, start, end):
+    """
+        (start, end): Inclusive lower bound, exclusive upper bound.
+    """
+    for i in range(start, end, blocksize):
+        fp.write(
+            val[i:min(i + blocksize, end)]
+        )
+    return end - start
+
+
+def write_values(fp, vals, actions, sofar=0, blocksize=BLOCKSIZE):
+    """
+        vals: A list of values, which may be strings or Value objects.
+
+        actions: A list of (offset, action, arg) tuples. Action may be "pause"
+        or "disconnect".
+
+        Both vals and actions are in reverse order, with the first items last.
+
+        Return True if connection should disconnect.
+    """
+    sofar = 0
+    try:
+        while vals:
+            v = vals.pop()
+            offset = 0
+            while actions and actions[-1][0] < (sofar + len(v)):
+                a = actions.pop()
+                offset += send_chunk(
+                    fp,
+                    v,
+                    blocksize,
+                    offset,
+                    a[0] - sofar - offset
+                )
+                if a[1] == "pause":
+                    time.sleep(
+                        FOREVER if a[2] == "f" else a[2]
+                    )
+                elif a[1] == "disconnect":
+                    return True
+                elif a[1] == "inject":
+                    send_chunk(fp, a[2], blocksize, 0, len(a[2]))
+            send_chunk(fp, v, blocksize, offset, len(v))
+            sofar += len(v)
+        # Remainders
+        while actions:
+            a = actions.pop()
+            if a[1] == "pause":
+                time.sleep(a[2])
+            elif a[1] == "disconnect":
+                return True
+            elif a[1] == "inject":
+                send_chunk(fp, a[2], blocksize, 0, len(a[2]))
+    except TcpDisconnect:  # pragma: no cover
+        return True
diff --git a/pathod/libpathod/log.py b/pathod/libpathod/log.py
new file mode 100644
index 00000000..f203542f
--- /dev/null
+++ b/pathod/libpathod/log.py
@@ -0,0 +1,83 @@
+import datetime
+
+import netlib.utils
+import netlib.tcp
+import netlib.http
+
+TIMEFMT = '%d-%m-%y %H:%M:%S'
+
+
+def write_raw(fp, lines):
+    if fp:
+        fp.write(
+            "%s: " % datetime.datetime.now().strftime(TIMEFMT)
+        )
+        for i in lines:
+            fp.write(i)
+        fp.write("\n")
+        fp.flush()
+
+
+class LogCtx(object):
+
+    def __init__(self, fp, hex, rfile, wfile):
+        self.lines = []
+        self.fp = fp
+        self.suppressed = False
+        self.hex = hex
+        self.rfile, self.wfile = rfile, wfile
+
+    def __enter__(self):
+        if self.wfile:
+            self.wfile.start_log()
+        if self.rfile:
+            self.rfile.start_log()
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        wlog = self.wfile.get_log() if self.wfile else None
+        rlog = self.rfile.get_log() if self.rfile else None
+        if self.suppressed or not self.fp:
+            return
+        if wlog:
+            self("Bytes written:")
+            self.dump(wlog, self.hex)
+        if rlog:
+            self("Bytes read:")
+            self.dump(rlog, self.hex)
+        if self.lines:
+            write_raw(
+                self.fp,
+                [
+                    "\n".join(self.lines),
+                ]
+            )
+        if exc_value:
+            raise exc_type, exc_value, traceback
+
+    def suppress(self):
+        self.suppressed = True
+
+    def dump(self, data, hexdump):
+        if hexdump:
+            for line in netlib.utils.hexdump(data):
+                self("\t%s %s %s" % line)
+        else:
+            for i in netlib.utils.clean_bin(data).split("\n"):
+                self("\t%s" % i)
+
+    def __call__(self, line):
+        self.lines.append(line)
+
+
+class ConnectionLogger:
+    def __init__(self, fp, hex, rfile, wfile):
+        self.fp = fp
+        self.hex = hex
+        self.rfile, self.wfile = rfile, wfile
+
+    def ctx(self):
+        return LogCtx(self.fp, self.hex, self.rfile, self.wfile)
+
+    def write(self, lines):
+        write_raw(self.fp, lines)
diff --git a/pathod/libpathod/pathoc.py b/pathod/libpathod/pathoc.py
new file mode 100644
index 00000000..c0a33b62
--- /dev/null
+++ b/pathod/libpathod/pathoc.py
@@ -0,0 +1,534 @@
+import contextlib
+import sys
+import os
+import itertools
+import hashlib
+import Queue
+import random
+import select
+import time
+import threading
+
+import OpenSSL.crypto
+import six
+
+from netlib import tcp, http, certutils, websockets, socks
+from netlib.exceptions import HttpException, TcpDisconnect, TcpTimeout, TlsException, TcpException, \
+    NetlibException
+from netlib.http import http1, http2
+
+import language.http
+import language.websockets
+from . import utils, log
+
+import logging
+from netlib.tutils import treq
+
+logging.getLogger("hpack").setLevel(logging.WARNING)
+
+
+class PathocError(Exception):
+    pass
+
+
+class SSLInfo(object):
+
+    def __init__(self, certchain, cipher, alp):
+        self.certchain, self.cipher, self.alp = certchain, cipher, alp
+
+    def __str__(self):
+        parts = [
+            "Application Layer Protocol: %s" % self.alp,
+            "Cipher: %s, %s bit, %s" % self.cipher,
+            "SSL certificate chain:"
+        ]
+        for i in self.certchain:
+            parts.append("\tSubject: ")
+            for cn in i.get_subject().get_components():
+                parts.append("\t\t%s=%s" % cn)
+            parts.append("\tIssuer: ")
+            for cn in i.get_issuer().get_components():
+                parts.append("\t\t%s=%s" % cn)
+            parts.extend(
+                [
+                    "\tVersion: %s" % i.get_version(),
+                    "\tValidity: %s - %s" % (
+                        i.get_notBefore(), i.get_notAfter()
+                    ),
+                    "\tSerial: %s" % i.get_serial_number(),
+                    "\tAlgorithm: %s" % i.get_signature_algorithm()
+                ]
+            )
+            pk = i.get_pubkey()
+            types = {
+                OpenSSL.crypto.TYPE_RSA: "RSA",
+                OpenSSL.crypto.TYPE_DSA: "DSA"
+            }
+            t = types.get(pk.type(), "Uknown")
+            parts.append("\tPubkey: %s bit %s" % (pk.bits(), t))
+            s = certutils.SSLCert(i)
+            if s.altnames:
+                parts.append("\tSANs: %s" % " ".join(s.altnames))
+            return "\n".join(parts)
+
+
+
+class WebsocketFrameReader(threading.Thread):
+
+    def __init__(
+            self,
+            rfile,
+            logfp,
+            showresp,
+            hexdump,
+            ws_read_limit,
+            timeout
+    ):
+        threading.Thread.__init__(self)
+        self.timeout = timeout
+        self.ws_read_limit = ws_read_limit
+        self.logfp = logfp
+        self.showresp = showresp
+        self.hexdump = hexdump
+        self.rfile = rfile
+        self.terminate = Queue.Queue()
+        self.frames_queue = Queue.Queue()
+        self.logger = log.ConnectionLogger(
+            self.logfp,
+            self.hexdump,
+            rfile if showresp else None,
+            None
+        )
+
+    @contextlib.contextmanager
+    def terminator(self):
+        yield
+        self.frames_queue.put(None)
+
+    def run(self):
+        starttime = time.time()
+        with self.terminator():
+            while True:
+                if self.ws_read_limit == 0:
+                    return
+                r, _, _ = select.select([self.rfile], [], [], 0.05)
+                delta = time.time() - starttime
+                if not r and self.timeout and delta > self.timeout:
+                    return
+                try:
+                    self.terminate.get_nowait()
+                    return
+                except Queue.Empty:
+                    pass
+                for rfile in r:
+                    with self.logger.ctx() as log:
+                        try:
+                            frm = websockets.Frame.from_file(self.rfile)
+                        except TcpDisconnect:
+                            return
+                        self.frames_queue.put(frm)
+                        log("<< %s" % frm.header.human_readable())
+                        if self.ws_read_limit is not None:
+                            self.ws_read_limit -= 1
+                        starttime = time.time()
+
+
+class Pathoc(tcp.TCPClient):
+
+    def __init__(
+            self,
+            address,
+
+            # SSL
+            ssl=None,
+            sni=None,
+            ssl_version=tcp.SSL_DEFAULT_METHOD,
+            ssl_options=tcp.SSL_DEFAULT_OPTIONS,
+            clientcert=None,
+            ciphers=None,
+
+            # HTTP/2
+            use_http2=False,
+            http2_skip_connection_preface=False,
+            http2_framedump=False,
+
+            # Websockets
+            ws_read_limit=None,
+
+            # Network
+            timeout=None,
+
+            # Output control
+            showreq=False,
+            showresp=False,
+            explain=False,
+            hexdump=False,
+            ignorecodes=(),
+            ignoretimeout=False,
+            showsummary=False,
+            fp=sys.stdout
+    ):
+        """
+            spec: A request specification
+            showreq: Print requests
+            showresp: Print responses
+            explain: Print request explanation
+            showssl: Print info on SSL connection
+            hexdump: When printing requests or responses, use hex dump output
+            showsummary: Show a summary of requests
+            ignorecodes: Sequence of return codes to ignore
+        """
+        tcp.TCPClient.__init__(self, address)
+
+        self.ssl, self.sni = ssl, sni
+        self.clientcert = clientcert
+        self.ssl_version = ssl_version
+        self.ssl_options = ssl_options
+        self.ciphers = ciphers
+        self.sslinfo = None
+
+        self.use_http2 = use_http2
+        self.http2_skip_connection_preface = http2_skip_connection_preface
+        self.http2_framedump = http2_framedump
+
+        self.ws_read_limit = ws_read_limit
+
+        self.timeout = timeout
+
+        self.showreq = showreq
+        self.showresp = showresp
+        self.explain = explain
+        self.hexdump = hexdump
+        self.ignorecodes = ignorecodes
+        self.ignoretimeout = ignoretimeout
+        self.showsummary = showsummary
+        self.fp = fp
+
+        self.ws_framereader = None
+
+        if self.use_http2:
+            if not tcp.HAS_ALPN:  # pragma: nocover
+                log.write_raw(
+                    self.fp,
+                    "HTTP/2 requires ALPN support. "
+                    "Please use OpenSSL >= 1.0.2. "
+                    "Pathoc might not be working as expected without ALPN."
+                )
+            self.protocol = http2.HTTP2Protocol(self, dump_frames=self.http2_framedump)
+        else:
+            self.protocol = http1
+
+        self.settings = language.Settings(
+            is_client=True,
+            staticdir=os.getcwd(),
+            unconstrained_file_access=True,
+            request_host=self.address.host,
+            protocol=self.protocol,
+        )
+
+    def http_connect(self, connect_to):
+        self.wfile.write(
+            'CONNECT %s:%s HTTP/1.1\r\n' % tuple(connect_to) +
+            '\r\n'
+        )
+        self.wfile.flush()
+        try:
+            resp = self.protocol.read_response(self.rfile, treq(method="CONNECT"))
+            if resp.status_code != 200:
+                raise HttpException("Unexpected status code: %s" % resp.status_code)
+        except HttpException as e:
+            six.reraise(PathocError, PathocError(
+                "Proxy CONNECT failed: %s" % repr(e)
+            ))
+
+    def socks_connect(self, connect_to):
+        try:
+            client_greet = socks.ClientGreeting(socks.VERSION.SOCKS5, [socks.METHOD.NO_AUTHENTICATION_REQUIRED])
+            client_greet.to_file(self.wfile)
+            self.wfile.flush()
+
+            server_greet = socks.ServerGreeting.from_file(self.rfile)
+            server_greet.assert_socks5()
+            if server_greet.method != socks.METHOD.NO_AUTHENTICATION_REQUIRED:
+                raise socks.SocksError(
+                    socks.METHOD.NO_ACCEPTABLE_METHODS,
+                    "pathoc only supports SOCKS without authentication"
+                )
+
+            connect_request = socks.Message(
+                socks.VERSION.SOCKS5,
+                socks.CMD.CONNECT,
+                socks.ATYP.DOMAINNAME,
+                tcp.Address.wrap(connect_to)
+            )
+            connect_request.to_file(self.wfile)
+            self.wfile.flush()
+
+            connect_reply = socks.Message.from_file(self.rfile)
+            connect_reply.assert_socks5()
+            if connect_reply.msg != socks.REP.SUCCEEDED:
+                raise socks.SocksError(
+                    connect_reply.msg,
+                    "SOCKS server error"
+                )
+        except (socks.SocksError, TcpDisconnect) as e:
+            raise PathocError(str(e))
+
+    def connect(self, connect_to=None, showssl=False, fp=sys.stdout):
+        """
+            connect_to: A (host, port) tuple, which will be connected to with
+            an HTTP CONNECT request.
+        """
+        if self.use_http2 and not self.ssl:
+            raise NotImplementedError("HTTP2 without SSL is not supported.")
+
+        tcp.TCPClient.connect(self)
+
+        if connect_to:
+            self.http_connect(connect_to)
+
+        self.sslinfo = None
+        if self.ssl:
+            try:
+                alpn_protos = [b'http/1.1']
+                if self.use_http2:
+                    alpn_protos.append(b'h2')
+
+                self.convert_to_ssl(
+                    sni=self.sni,
+                    cert=self.clientcert,
+                    method=self.ssl_version,
+                    options=self.ssl_options,
+                    cipher_list=self.ciphers,
+                    alpn_protos=alpn_protos
+                )
+            except TlsException as v:
+                raise PathocError(str(v))
+
+            self.sslinfo = SSLInfo(
+                self.connection.get_peer_cert_chain(),
+                self.get_current_cipher(),
+                self.get_alpn_proto_negotiated()
+            )
+            if showssl:
+                print >> fp, str(self.sslinfo)
+
+            if self.use_http2:
+                self.protocol.check_alpn()
+                if not self.http2_skip_connection_preface:
+                    self.protocol.perform_client_connection_preface()
+
+        if self.timeout:
+            self.settimeout(self.timeout)
+
+    def stop(self):
+        if self.ws_framereader:
+            self.ws_framereader.terminate.put(None)
+
+    def wait(self, timeout=0.01, finish=True):
+        """
+            A generator that yields frames until Pathoc terminates.
+
+            timeout: If specified None may be yielded instead if timeout is
+            reached. If timeout is None, wait forever. If timeout is 0, return
+            immedately if nothing is on the queue.
+
+            finish: If true, consume messages until the reader shuts down.
+            Otherwise, return None on timeout.
+        """
+        if self.ws_framereader:
+            while True:
+                try:
+                    frm = self.ws_framereader.frames_queue.get(
+                        timeout=timeout,
+                        block=True if timeout != 0 else False
+                    )
+                except Queue.Empty:
+                    if finish:
+                        continue
+                    else:
+                        return
+                if frm is None:
+                    self.ws_framereader.join()
+                    return
+                yield frm
+
+    def websocket_send_frame(self, r):
+        """
+            Sends a single websocket frame.
+        """
+        logger = log.ConnectionLogger(
+            self.fp,
+            self.hexdump,
+            None,
+            self.wfile if self.showreq else None,
+        )
+        with logger.ctx() as lg:
+            lg(">> %s" % r)
+            language.serve(r, self.wfile, self.settings)
+            self.wfile.flush()
+
+    def websocket_start(self, r):
+        """
+            Performs an HTTP request, and attempts to drop into websocket
+            connection.
+        """
+        resp = self.http(r)
+        if resp.status_code == 101:
+            self.ws_framereader = WebsocketFrameReader(
+                self.rfile,
+                self.fp,
+                self.showresp,
+                self.hexdump,
+                self.ws_read_limit,
+                self.timeout
+            )
+            self.ws_framereader.start()
+        return resp
+
+    def http(self, r):
+        """
+            Performs a single request.
+
+            r: A language.http.Request object, or a string representing one
+            request.
+
+            Returns Response if we have a non-ignored response.
+
+            May raise a NetlibException
+        """
+        logger = log.ConnectionLogger(
+            self.fp,
+            self.hexdump,
+            self.rfile if self.showresp else None,
+            self.wfile if self.showreq else None,
+        )
+        with logger.ctx() as lg:
+            lg(">> %s" % r)
+            resp, req = None, None
+            try:
+                req = language.serve(r, self.wfile, self.settings)
+                self.wfile.flush()
+
+                resp = self.protocol.read_response(self.rfile, treq(method=req["method"].encode()))
+                resp.sslinfo = self.sslinfo
+            except HttpException as v:
+                lg("Invalid server response: %s" % v)
+                raise
+            except TcpTimeout:
+                if self.ignoretimeout:
+                    lg("Timeout (ignored)")
+                    return None
+                lg("Timeout")
+                raise
+            finally:
+                if resp:
+                    lg("<< %s %s: %s bytes" % (
+                        resp.status_code, utils.xrepr(resp.msg), len(resp.content)
+                    ))
+                    if resp.status_code in self.ignorecodes:
+                        lg.suppress()
+            return resp
+
+    def request(self, r):
+        """
+            Performs a single request.
+
+            r: A language.message.Messsage object, or a string representing
+            one.
+
+            Returns Response if we have a non-ignored response.
+
+            May raise a NetlibException
+        """
+        if isinstance(r, basestring):
+            r = language.parse_pathoc(r, self.use_http2).next()
+
+        if isinstance(r, language.http.Request):
+            if r.ws:
+                return self.websocket_start(r)
+            else:
+                return self.http(r)
+        elif isinstance(r, language.websockets.WebsocketFrame):
+            self.websocket_send_frame(r)
+        elif isinstance(r, language.http2.Request):
+            return self.http(r)
+        # elif isinstance(r, language.http2.Frame):
+            # TODO: do something
+
+
+def main(args):  # pragma: nocover
+    memo = set([])
+    trycount = 0
+    p = None
+    try:
+        cnt = 0
+        while True:
+            if cnt == args.repeat and args.repeat != 0:
+                break
+            if args.wait and cnt != 0:
+                time.sleep(args.wait)
+
+            cnt += 1
+            playlist = itertools.chain(*args.requests)
+            if args.random:
+                playlist = random.choice(args.requests)
+            p = Pathoc(
+                (args.host, args.port),
+                ssl=args.ssl,
+                sni=args.sni,
+                ssl_version=args.ssl_version,
+                ssl_options=args.ssl_options,
+                clientcert=args.clientcert,
+                ciphers=args.ciphers,
+                use_http2=args.use_http2,
+                http2_skip_connection_preface=args.http2_skip_connection_preface,
+                http2_framedump=args.http2_framedump,
+                showreq=args.showreq,
+                showresp=args.showresp,
+                explain=args.explain,
+                hexdump=args.hexdump,
+                ignorecodes=args.ignorecodes,
+                timeout=args.timeout,
+                ignoretimeout=args.ignoretimeout,
+                showsummary=True
+            )
+            trycount = 0
+            try:
+                p.connect(args.connect_to, args.showssl)
+            except TcpException as v:
+                print >> sys.stderr, str(v)
+                continue
+            except PathocError as v:
+                print >> sys.stderr, str(v)
+                sys.exit(1)
+            for spec in playlist:
+                if args.explain or args.memo:
+                    spec = spec.freeze(p.settings)
+                if args.memo:
+                    h = hashlib.sha256(spec.spec()).digest()
+                    if h not in memo:
+                        trycount = 0
+                        memo.add(h)
+                    else:
+                        trycount += 1
+                        if trycount > args.memolimit:
+                            print >> sys.stderr, "Memo limit exceeded..."
+                            return
+                        else:
+                            continue
+                try:
+                    ret = p.request(spec)
+                    if ret and args.oneshot:
+                        return
+                    # We consume the queue when we can, so it doesn't build up.
+                    for i_ in p.wait(timeout=0, finish=False):
+                        pass
+                except NetlibException:
+                    break
+            for i_ in p.wait(timeout=0.01, finish=True):
+                pass
+    except KeyboardInterrupt:
+        pass
+    if p:
+        p.stop()
diff --git a/pathod/libpathod/pathoc_cmdline.py b/pathod/libpathod/pathoc_cmdline.py
new file mode 100644
index 00000000..bf827a9a
--- /dev/null
+++ b/pathod/libpathod/pathoc_cmdline.py
@@ -0,0 +1,226 @@
+import sys
+import argparse
+import os
+import os.path
+
+from netlib import tcp
+from netlib.http import user_agents
+from . import pathoc, version, language
+
+
+def args_pathoc(argv, stdout=sys.stdout, stderr=sys.stderr):
+    preparser = argparse.ArgumentParser(add_help=False)
+    preparser.add_argument(
+        "--show-uas", dest="showua", action="store_true", default=False,
+        help="Print user agent shortcuts and exit."
+    )
+    pa = preparser.parse_known_args(argv)[0]
+    if pa.showua:
+        print >> stdout, "User agent strings:"
+        for i in user_agents.UASTRINGS:
+            print >> stdout, "  ", i[1], i[0]
+        sys.exit(0)
+
+    parser = argparse.ArgumentParser(
+        description='A perverse HTTP client.', parents=[preparser]
+    )
+    parser.add_argument(
+        '--version',
+        action='version',
+        version="pathoc " + version.VERSION
+    )
+    parser.add_argument(
+        "-c", dest="connect_to", type=str, default=False,
+        metavar="HOST:PORT",
+        help="Issue an HTTP CONNECT to connect to the specified host."
+    )
+    parser.add_argument(
+        "--memo-limit", dest='memolimit', default=5000, type=int, metavar="N",
+        help='Stop if we do not find a valid request after N attempts.'
+    )
+    parser.add_argument(
+        "-m", dest='memo', action="store_true", default=False,
+        help="""
+            Remember specs, and never play the same one twice. Note that this
+            means requests have to be rendered in memory, which means that
+            large generated data can cause issues.
+        """
+    )
+    parser.add_argument(
+        "-n", dest='repeat', default=1, type=int, metavar="N",
+        help='Repeat N times. If 0 repeat for ever.'
+    )
+    parser.add_argument(
+        "-w", dest='wait', default=0, type=float, metavar="N",
+        help='Wait N seconds between each request.'
+    )
+    parser.add_argument(
+        "-r", dest="random", action="store_true", default=False,
+        help="""
+        Select a random request from those specified. If this is not specified,
+        requests are all played in sequence.
+        """
+    )
+    parser.add_argument(
+        "-t", dest="timeout", type=int, default=None,
+        help="Connection timeout"
+    )
+    parser.add_argument(
+        "--http2", dest="use_http2", action="store_true", default=False,
+        help='Perform all requests over a single HTTP/2 connection.'
+    )
+    parser.add_argument(
+        "--http2-skip-connection-preface",
+        dest="http2_skip_connection_preface",
+        action="store_true",
+        default=False,
+        help='Skips the HTTP/2 connection preface before sending requests.')
+
+    parser.add_argument(
+        'host', type=str,
+        metavar="host[:port]",
+        help='Host and port to connect to'
+    )
+    parser.add_argument(
+        'requests', type=str, nargs="+",
+        help="""
+        Request specification, or path to a file containing request
+        specifcations
+        """
+    )
+
+    group = parser.add_argument_group(
+        'SSL',
+    )
+    group.add_argument(
+        "-s", dest="ssl", action="store_true", default=False,
+        help="Connect with SSL"
+    )
+    group.add_argument(
+        "-C", dest="clientcert", type=str, default=False,
+        help="Path to a file containing client certificate and private key"
+    )
+    group.add_argument(
+        "-i", dest="sni", type=str, default=False,
+        help="SSL Server Name Indication"
+    )
+    group.add_argument(
+        "--ciphers", dest="ciphers", type=str, default=False,
+        help="SSL cipher specification"
+    )
+    group.add_argument(
+        "--ssl-version", dest="ssl_version", type=str, default="secure",
+        choices=tcp.sslversion_choices.keys(),
+        help="Set supported SSL/TLS versions. "
+             "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
+    )
+
+    group = parser.add_argument_group(
+        'Controlling Output',
+        """
+            Some of these options expand generated values for logging - if
+            you're generating large data, use them with caution.
+        """
+    )
+    group.add_argument(
+        "-I", dest="ignorecodes", type=str, default="",
+        help="Comma-separated list of response codes to ignore"
+    )
+    group.add_argument(
+        "-S", dest="showssl", action="store_true", default=False,
+        help="Show info on SSL connection"
+    )
+    group.add_argument(
+        "-e", dest="explain", action="store_true", default=False,
+        help="Explain requests"
+    )
+    group.add_argument(
+        "-o", dest="oneshot", action="store_true", default=False,
+        help="Oneshot - exit after first non-ignored response"
+    )
+    group.add_argument(
+        "-q", dest="showreq", action="store_true", default=False,
+        help="Print full request"
+    )
+    group.add_argument(
+        "-p", dest="showresp", action="store_true", default=False,
+        help="Print full response"
+    )
+    group.add_argument(
+        "-T", dest="ignoretimeout", action="store_true", default=False,
+        help="Ignore timeouts"
+    )
+    group.add_argument(
+        "-x", dest="hexdump", action="store_true", default=False,
+        help="Output in hexdump format"
+    )
+    group.add_argument(
+        "--http2-framedump", dest="http2_framedump", action="store_true", default=False,
+        help="Output all received & sent HTTP/2 frames"
+    )
+
+    args = parser.parse_args(argv[1:])
+
+    args.ssl_version, args.ssl_options = tcp.sslversion_choices[args.ssl_version]
+
+    args.port = None
+    if ":" in args.host:
+        h, p = args.host.rsplit(":", 1)
+        try:
+            p = int(p)
+        except ValueError:
+            return parser.error("Invalid port in host spec: %s" % args.host)
+        args.host = h
+        args.port = p
+
+    if args.port is None:
+        args.port = 443 if args.ssl else 80
+
+    try:
+        args.ignorecodes = [int(i) for i in args.ignorecodes.split(",") if i]
+    except ValueError:
+        return parser.error(
+            "Invalid return code specification: %s" %
+            args.ignorecodes)
+
+    if args.connect_to:
+        parts = args.connect_to.split(":")
+        if len(parts) != 2:
+            return parser.error(
+                "Invalid CONNECT specification: %s" %
+                args.connect_to)
+        try:
+            parts[1] = int(parts[1])
+        except ValueError:
+            return parser.error(
+                "Invalid CONNECT specification: %s" %
+                args.connect_to)
+        args.connect_to = parts
+    else:
+        args.connect_to = None
+
+    if args.http2_skip_connection_preface:
+        args.use_http2 = True
+
+    if args.use_http2:
+        args.ssl = True
+
+    reqs = []
+    for r in args.requests:
+        if os.path.isfile(r):
+            data = open(r).read()
+            r = data
+        try:
+            reqs.append(language.parse_pathoc(r, args.use_http2))
+        except language.ParseException as v:
+            print >> stderr, "Error parsing request spec: %s" % v.msg
+            print >> stderr, v.marked()
+            sys.exit(1)
+    args.requests = reqs
+
+    return args
+
+
+def go_pathoc():  # pragma: nocover
+    args = args_pathoc(sys.argv)
+    pathoc.main(args)
diff --git a/pathod/libpathod/pathod.py b/pathod/libpathod/pathod.py
new file mode 100644
index 00000000..55e75074
--- /dev/null
+++ b/pathod/libpathod/pathod.py
@@ -0,0 +1,503 @@
+import copy
+import logging
+import os
+import sys
+import threading
+import urllib
+
+from netlib import tcp, http, certutils, websockets
+from netlib.exceptions import HttpException, HttpReadDisconnect, TcpTimeout, TcpDisconnect, \
+    TlsException
+
+from . import version, app, language, utils, log, protocols
+import language.http
+import language.actions
+import language.exceptions
+import language.websockets
+
+
+DEFAULT_CERT_DOMAIN = "pathod.net"
+CONFDIR = "~/.mitmproxy"
+CERTSTORE_BASENAME = "mitmproxy"
+CA_CERT_NAME = "mitmproxy-ca.pem"
+DEFAULT_CRAFT_ANCHOR = "/p/"
+
+logger = logging.getLogger('pathod')
+
+
+class PathodError(Exception):
+    pass
+
+
+class SSLOptions(object):
+    def __init__(
+        self,
+        confdir=CONFDIR,
+        cn=None,
+        sans=(),
+        not_after_connect=None,
+        request_client_cert=False,
+        ssl_version=tcp.SSL_DEFAULT_METHOD,
+        ssl_options=tcp.SSL_DEFAULT_OPTIONS,
+        ciphers=None,
+        certs=None,
+        alpn_select=b'h2',
+    ):
+        self.confdir = confdir
+        self.cn = cn
+        self.sans = sans
+        self.not_after_connect = not_after_connect
+        self.request_client_cert = request_client_cert
+        self.ssl_version = ssl_version
+        self.ssl_options = ssl_options
+        self.ciphers = ciphers
+        self.alpn_select = alpn_select
+        self.certstore = certutils.CertStore.from_store(
+            os.path.expanduser(confdir),
+            CERTSTORE_BASENAME
+        )
+        for i in certs or []:
+            self.certstore.add_cert_file(*i)
+
+    def get_cert(self, name):
+        if self.cn:
+            name = self.cn
+        elif not name:
+            name = DEFAULT_CERT_DOMAIN
+        return self.certstore.get_cert(name, self.sans)
+
+
+class PathodHandler(tcp.BaseHandler):
+    wbufsize = 0
+    sni = None
+
+    def __init__(
+        self,
+        connection,
+        address,
+        server,
+        logfp,
+        settings,
+        http2_framedump=False
+    ):
+        tcp.BaseHandler.__init__(self, connection, address, server)
+        self.logfp = logfp
+        self.settings = copy.copy(settings)
+        self.protocol = None
+        self.use_http2 = False
+        self.http2_framedump = http2_framedump
+
+    def handle_sni(self, connection):
+        self.sni = connection.get_servername()
+
+    def http_serve_crafted(self, crafted, logctx):
+        error, crafted = self.server.check_policy(
+            crafted, self.settings
+        )
+        if error:
+            err = self.make_http_error_response(error)
+            language.serve(err, self.wfile, self.settings)
+            return None, dict(
+                type="error",
+                msg=error
+            )
+
+        if self.server.explain and not hasattr(crafted, 'is_error_response'):
+            crafted = crafted.freeze(self.settings)
+            logctx(">> Spec: %s" % crafted.spec())
+
+        response_log = language.serve(
+            crafted,
+            self.wfile,
+            self.settings
+        )
+        if response_log["disconnect"]:
+            return None, response_log
+        return self.handle_http_request, response_log
+
+
+    def handle_http_request(self, logger):
+        """
+            Returns a (handler, log) tuple.
+
+            handler: Handler for the next request, or None to disconnect
+            log: A dictionary, or None
+        """
+        with logger.ctx() as lg:
+            try:
+                req = self.protocol.read_request(self.rfile)
+            except HttpReadDisconnect:
+                return None, None
+            except HttpException as s:
+                s = str(s)
+                lg(s)
+                return None, dict(type="error", msg=s)
+
+            if req.method == 'CONNECT':
+                return self.protocol.handle_http_connect([req.host, req.port, req.http_version], lg)
+
+            method = req.method
+            path = req.path
+            http_version = req.http_version
+            headers = req.headers
+            body = req.content
+
+            clientcert = None
+            if self.clientcert:
+                clientcert = dict(
+                    cn=self.clientcert.cn,
+                    subject=self.clientcert.subject,
+                    serial=self.clientcert.serial,
+                    notbefore=self.clientcert.notbefore.isoformat(),
+                    notafter=self.clientcert.notafter.isoformat(),
+                    keyinfo=self.clientcert.keyinfo,
+                )
+
+            retlog = dict(
+                type="crafted",
+                protocol="http",
+                request=dict(
+                    path=path,
+                    method=method,
+                    headers=headers.fields,
+                    http_version=http_version,
+                    sni=self.sni,
+                    remote_address=self.address(),
+                    clientcert=clientcert,
+                ),
+                cipher=None,
+            )
+            if self.ssl_established:
+                retlog["cipher"] = self.get_current_cipher()
+
+            m = utils.MemBool()
+            websocket_key = websockets.WebsocketsProtocol.check_client_handshake(headers)
+            self.settings.websocket_key = websocket_key
+
+            # If this is a websocket initiation, we respond with a proper
+            # server response, unless over-ridden.
+            if websocket_key:
+                anchor_gen = language.parse_pathod("ws")
+            else:
+                anchor_gen = None
+
+            for regex, spec in self.server.anchors:
+                if regex.match(path):
+                    anchor_gen = language.parse_pathod(spec, self.use_http2)
+                    break
+            else:
+                if m(path.startswith(self.server.craftanchor)):
+                    spec = urllib.unquote(path)[len(self.server.craftanchor):]
+                    if spec:
+                        try:
+                            anchor_gen = language.parse_pathod(spec, self.use_http2)
+                        except language.ParseException as v:
+                            lg("Parse error: %s" % v.msg)
+                            anchor_gen = iter([self.make_http_error_response(
+                                "Parse Error",
+                                "Error parsing response spec: %s\n" % (
+                                    v.msg + v.marked()
+                                )
+                            )])
+                else:
+                    if self.use_http2:
+                        anchor_gen = iter([self.make_http_error_response(
+                            "Spec Error",
+                            "HTTP/2 only supports request/response with the craft anchor point: %s" %
+                            self.server.craftanchor
+                        )])
+
+            if anchor_gen:
+                spec = anchor_gen.next()
+
+                if self.use_http2 and isinstance(spec, language.http2.Response):
+                    spec.stream_id = req.stream_id
+
+                lg("crafting spec: %s" % spec)
+                nexthandler, retlog["response"] = self.http_serve_crafted(
+                    spec,
+                    lg
+                )
+                if nexthandler and websocket_key:
+                    self.protocol = protocols.websockets.WebsocketsProtocol(self)
+                    return self.protocol.handle_websocket, retlog
+                else:
+                    return nexthandler, retlog
+            else:
+                return self.protocol.handle_http_app(method, path, headers, body, lg)
+
+    def make_http_error_response(self, reason, body=None):
+        resp = self.protocol.make_error_response(reason, body)
+        resp.is_error_response = True
+        return resp
+
+    def handle(self):
+        self.settimeout(self.server.timeout)
+
+        if self.server.ssl:
+            try:
+                cert, key, _ = self.server.ssloptions.get_cert(None)
+                self.convert_to_ssl(
+                    cert,
+                    key,
+                    handle_sni=self.handle_sni,
+                    request_client_cert=self.server.ssloptions.request_client_cert,
+                    cipher_list=self.server.ssloptions.ciphers,
+                    method=self.server.ssloptions.ssl_version,
+                    options=self.server.ssloptions.ssl_options,
+                    alpn_select=self.server.ssloptions.alpn_select,
+                )
+            except TlsException as v:
+                s = str(v)
+                self.server.add_log(
+                    dict(
+                        type="error",
+                        msg=s
+                    )
+                )
+                log.write_raw(self.logfp, s)
+                return
+
+            alp = self.get_alpn_proto_negotiated()
+            if alp == b'h2':
+                self.protocol = protocols.http2.HTTP2Protocol(self)
+                self.use_http2 = True
+
+        if not self.protocol:
+            self.protocol = protocols.http.HTTPProtocol(self)
+
+        lr = self.rfile if self.server.logreq else None
+        lw = self.wfile if self.server.logresp else None
+        logger = log.ConnectionLogger(self.logfp, self.server.hexdump, lr, lw)
+
+        self.settings.protocol = self.protocol
+
+        handler = self.handle_http_request
+
+        while not self.finished:
+            handler, l = handler(logger)
+            if l:
+                self.addlog(l)
+            if not handler:
+                return
+
+    def addlog(self, log):
+        # FIXME: The bytes in the log should not be escaped. We do this at the
+        # moment because JSON encoding can't handle binary data, and I don't
+        # want to base64 everything.
+        if self.server.logreq:
+            encoded_bytes = self.rfile.get_log().encode("string_escape")
+            log["request_bytes"] = encoded_bytes
+        if self.server.logresp:
+            encoded_bytes = self.wfile.get_log().encode("string_escape")
+            log["response_bytes"] = encoded_bytes
+        self.server.add_log(log)
+
+
+class Pathod(tcp.TCPServer):
+    LOGBUF = 500
+
+    def __init__(
+        self,
+        addr,
+        ssl=False,
+        ssloptions=None,
+        craftanchor=DEFAULT_CRAFT_ANCHOR,
+        staticdir=None,
+        anchors=(),
+        sizelimit=None,
+        noweb=False,
+        nocraft=False,
+        noapi=False,
+        nohang=False,
+        timeout=None,
+        logreq=False,
+        logresp=False,
+        explain=False,
+        hexdump=False,
+        http2_framedump=False,
+        webdebug=False,
+        logfp=sys.stdout,
+    ):
+        """
+            addr: (address, port) tuple. If port is 0, a free port will be
+            automatically chosen.
+            ssloptions: an SSLOptions object.
+            craftanchor: URL prefix specifying the path under which to anchor
+            response generation.
+            staticdir: path to a directory of static resources, or None.
+            anchors: List of (regex object, language.Request object) tuples, or
+            None.
+            sizelimit: Limit size of served data.
+            nocraft: Disable response crafting.
+            noapi: Disable the API.
+            nohang: Disable pauses.
+        """
+        tcp.TCPServer.__init__(self, addr)
+        self.ssl = ssl
+        self.ssloptions = ssloptions or SSLOptions()
+        self.staticdir = staticdir
+        self.craftanchor = craftanchor
+        self.sizelimit = sizelimit
+        self.noweb, self.nocraft = noweb, nocraft
+        self.noapi, self.nohang = noapi, nohang
+        self.timeout, self.logreq = timeout, logreq
+        self.logresp, self.hexdump = logresp, hexdump
+        self.http2_framedump = http2_framedump
+        self.explain = explain
+        self.logfp = logfp
+
+        self.app = app.make_app(noapi, webdebug)
+        self.app.config["pathod"] = self
+        self.log = []
+        self.logid = 0
+        self.anchors = anchors
+
+        self.settings = language.Settings(
+            staticdir=self.staticdir
+        )
+
+    def check_policy(self, req, settings):
+        """
+            A policy check that verifies the request size is within limits.
+        """
+        if self.nocraft:
+            return "Crafting disabled.", None
+        try:
+            req = req.resolve(settings)
+            l = req.maximum_length(settings)
+        except language.FileAccessDenied:
+            return "File access denied.", None
+        if self.sizelimit and l > self.sizelimit:
+            return "Response too large.", None
+        pauses = [isinstance(i, language.actions.PauseAt) for i in req.actions]
+        if self.nohang and any(pauses):
+            return "Pauses have been disabled.", None
+        return None, req
+
+    def handle_client_connection(self, request, client_address):
+        h = PathodHandler(
+            request,
+            client_address,
+            self,
+            self.logfp,
+            self.settings,
+            self.http2_framedump,
+        )
+        try:
+            h.handle()
+            h.finish()
+        except TcpDisconnect:  # pragma: no cover
+            log.write_raw(self.logfp, "Disconnect")
+            self.add_log(
+                dict(
+                    type="error",
+                    msg="Disconnect"
+                )
+            )
+            return
+        except TcpTimeout:
+            log.write_raw(self.logfp, "Timeout")
+            self.add_log(
+                dict(
+                    type="timeout",
+                )
+            )
+            return
+
+    def add_log(self, d):
+        if not self.noapi:
+            lock = threading.Lock()
+            with lock:
+                d["id"] = self.logid
+                self.log.insert(0, d)
+                if len(self.log) > self.LOGBUF:
+                    self.log.pop()
+                self.logid += 1
+            return d["id"]
+
+    def clear_log(self):
+        lock = threading.Lock()
+        with lock:
+            self.log = []
+
+    def log_by_id(self, identifier):
+        for i in self.log:
+            if i["id"] == identifier:
+                return i
+
+    def get_log(self):
+        return self.log
+
+
+def main(args):  # pragma: nocover
+    ssloptions = SSLOptions(
+        cn=args.cn,
+        confdir=args.confdir,
+        not_after_connect=args.ssl_not_after_connect,
+        ciphers=args.ciphers,
+        ssl_version=args.ssl_version,
+        ssl_options=args.ssl_options,
+        certs=args.ssl_certs,
+        sans=args.sans,
+    )
+
+    root = logging.getLogger()
+    if root.handlers:
+        for handler in root.handlers:
+            root.removeHandler(handler)
+
+    log = logging.getLogger('pathod')
+    log.setLevel(logging.DEBUG)
+    fmt = logging.Formatter(
+        '%(asctime)s: %(message)s',
+        datefmt='%d-%m-%y %H:%M:%S',
+    )
+    if args.logfile:
+        fh = logging.handlers.WatchedFileHandler(args.logfile)
+        fh.setFormatter(fmt)
+        log.addHandler(fh)
+    if not args.daemonize:
+        sh = logging.StreamHandler()
+        sh.setFormatter(fmt)
+        log.addHandler(sh)
+
+    try:
+        pd = Pathod(
+            (args.address, args.port),
+            craftanchor=args.craftanchor,
+            ssl=args.ssl,
+            ssloptions=ssloptions,
+            staticdir=args.staticdir,
+            anchors=args.anchors,
+            sizelimit=args.sizelimit,
+            noweb=args.noweb,
+            nocraft=args.nocraft,
+            noapi=args.noapi,
+            nohang=args.nohang,
+            timeout=args.timeout,
+            logreq=args.logreq,
+            logresp=args.logresp,
+            hexdump=args.hexdump,
+            http2_framedump=args.http2_framedump,
+            explain=args.explain,
+            webdebug=args.webdebug
+        )
+    except PathodError as v:
+        print >> sys.stderr, "Error: %s" % v
+        sys.exit(1)
+    except language.FileAccessDenied as v:
+        print >> sys.stderr, "Error: %s" % v
+
+    if args.daemonize:
+        utils.daemonize()
+
+    try:
+        print "%s listening on %s:%s" % (
+            version.NAMEVERSION,
+            pd.address.host,
+            pd.address.port
+        )
+        pd.serve_forever()
+    except KeyboardInterrupt:
+        pass
diff --git a/pathod/libpathod/pathod_cmdline.py b/pathod/libpathod/pathod_cmdline.py
new file mode 100644
index 00000000..c9272249
--- /dev/null
+++ b/pathod/libpathod/pathod_cmdline.py
@@ -0,0 +1,231 @@
+import sys
+import argparse
+import os
+import os.path
+import re
+
+from netlib import tcp
+from . import pathod, version, utils
+
+
+def args_pathod(argv, stdout_=sys.stdout, stderr_=sys.stderr):
+    parser = argparse.ArgumentParser(
+        description='A pathological HTTP/S daemon.'
+    )
+    parser.add_argument(
+        '--version',
+        action='version',
+        version="pathod " + version.VERSION
+    )
+    parser.add_argument(
+        "-p",
+        dest='port',
+        default=9999,
+        type=int,
+        help='Port. Specify 0 to pick an arbitrary empty port. (9999)'
+    )
+    parser.add_argument(
+        "-l",
+        dest='address',
+        default="127.0.0.1",
+        type=str,
+        help='Listening address. (127.0.0.1)'
+    )
+    parser.add_argument(
+        "-a",
+        dest='anchors',
+        default=[],
+        type=str,
+        action="append",
+        metavar="ANCHOR",
+        help="""
+            Add an anchor. Specified as a string with the form
+            pattern=spec or pattern=filepath, where pattern is a regular
+            expression.
+        """
+    )
+    parser.add_argument(
+        "-c", dest='craftanchor', default=pathod.DEFAULT_CRAFT_ANCHOR, type=str,
+        help="""
+            URL path specifying prefix for URL crafting
+            commands. (%s)
+        """%pathod.DEFAULT_CRAFT_ANCHOR
+    )
+    parser.add_argument(
+        "--confdir",
+        action="store", type = str, dest="confdir", default='~/.mitmproxy',
+        help = "Configuration directory. (~/.mitmproxy)"
+    )
+    parser.add_argument(
+        "-d", dest='staticdir', default=None, type=str,
+        help='Directory for static files.'
+    )
+    parser.add_argument(
+        "-D", dest='daemonize', default=False, action="store_true",
+        help='Daemonize.'
+    )
+    parser.add_argument(
+        "-t", dest="timeout", type=int, default=None,
+        help="Connection timeout"
+    )
+    parser.add_argument(
+        "--limit-size",
+        dest='sizelimit',
+        default=None,
+        type=str,
+        help='Size limit of served responses. Understands size suffixes, i.e. 100k.')
+    parser.add_argument(
+        "--noapi", dest='noapi', default=False, action="store_true",
+        help='Disable API.'
+    )
+    parser.add_argument(
+        "--nohang", dest='nohang', default=False, action="store_true",
+        help='Disable pauses during crafted response generation.'
+    )
+    parser.add_argument(
+        "--noweb", dest='noweb', default=False, action="store_true",
+        help='Disable both web interface and API.'
+    )
+    parser.add_argument(
+        "--nocraft",
+        dest='nocraft',
+        default=False,
+        action="store_true",
+        help='Disable response crafting. If anchors are specified, they still work.')
+    parser.add_argument(
+        "--webdebug", dest='webdebug', default=False, action="store_true",
+        help='Debugging mode for the web app (dev only).'
+    )
+
+    group = parser.add_argument_group(
+        'SSL',
+    )
+    group.add_argument(
+        "-s", dest='ssl', default=False, action="store_true",
+        help='Run in HTTPS mode.'
+    )
+    group.add_argument(
+        "--cn",
+        dest="cn",
+        type=str,
+        default=None,
+        help="CN for generated SSL certs. Default: %s" %
+        pathod.DEFAULT_CERT_DOMAIN)
+    group.add_argument(
+        "-C", dest='ssl_not_after_connect', default=False, action="store_true",
+        help="Don't expect SSL after a CONNECT request."
+    )
+    group.add_argument(
+        "--cert", dest='ssl_certs', default=[], type=str,
+        metavar = "SPEC", action="append",
+        help = """
+        Add an SSL certificate. SPEC is of the form "[domain=]path". The domain
+        may include a wildcard, and is equal to "*" if not specified. The file
+        at path is a certificate in PEM format. If a private key is included in
+        the PEM, it is used, else the default key in the conf dir is used. Can
+        be passed multiple times.
+        """
+    )
+    group.add_argument(
+        "--ciphers", dest="ciphers", type=str, default=False,
+        help="SSL cipher specification"
+    )
+    group.add_argument(
+        "--san", dest="sans", type=str, default=[], action="append",
+        metavar="SAN",
+        help="""
+            Subject Altnernate Name to add to the server certificate.
+            May be passed multiple times.
+        """
+    )
+    group.add_argument(
+        "--ssl-version", dest="ssl_version", type=str, default="secure",
+        choices=tcp.sslversion_choices.keys(),
+        help="Set supported SSL/TLS versions. "
+             "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
+    )
+
+    group = parser.add_argument_group(
+        'Controlling Logging',
+        """
+            Some of these options expand generated values for logging - if
+            you're generating large data, use them with caution.
+        """
+    )
+    group.add_argument(
+        "-e", dest="explain", action="store_true", default=False,
+        help="Explain responses"
+    )
+    group.add_argument(
+        "-f", dest='logfile', default=None, type=str,
+        help='Log to file.'
+    )
+    group.add_argument(
+        "-q", dest="logreq", action="store_true", default=False,
+        help="Log full request"
+    )
+    group.add_argument(
+        "-r", dest="logresp", action="store_true", default=False,
+        help="Log full response"
+    )
+    group.add_argument(
+        "-x", dest="hexdump", action="store_true", default=False,
+        help="Log request/response in hexdump format"
+    )
+    group.add_argument(
+        "--http2-framedump", dest="http2_framedump", action="store_true", default=False,
+        help="Output all received & sent HTTP/2 frames"
+    )
+
+
+    args = parser.parse_args(argv[1:])
+
+    args.ssl_version, args.ssl_options = tcp.sslversion_choices[args.ssl_version]
+
+    certs = []
+    for i in args.ssl_certs:
+        parts = i.split("=", 1)
+        if len(parts) == 1:
+            parts = ["*", parts[0]]
+        parts[1] = os.path.expanduser(parts[1])
+        if not os.path.isfile(parts[1]):
+            return parser.error(
+                "Certificate file does not exist: %s" %
+                parts[1])
+        certs.append(parts)
+    args.ssl_certs = certs
+
+    alst = []
+    for i in args.anchors:
+        parts = utils.parse_anchor_spec(i)
+        if not parts:
+            return parser.error("Invalid anchor specification: %s" % i)
+        alst.append(parts)
+    args.anchors = alst
+
+    sizelimit = None
+    if args.sizelimit:
+        try:
+            sizelimit = utils.parse_size(args.sizelimit)
+        except ValueError as v:
+            return parser.error(v)
+    args.sizelimit = sizelimit
+
+    anchors = []
+    for patt, spec in args.anchors:
+        if os.path.isfile(spec):
+            data = open(spec).read()
+            spec = data
+        try:
+            arex = re.compile(patt)
+        except re.error:
+            return parser.error("Invalid regex in anchor: %s" % patt)
+        anchors.append((arex, spec))
+    args.anchors = anchors
+
+    return args
+
+
+def go_pathod():  # pragma: nocover
+    args = args_pathod(sys.argv)
+    pathod.main(args)
diff --git a/pathod/libpathod/protocols/__init__.py b/pathod/libpathod/protocols/__init__.py
new file mode 100644
index 00000000..1a8c7dab
--- /dev/null
+++ b/pathod/libpathod/protocols/__init__.py
@@ -0,0 +1 @@
+from . import http, http2, websockets
diff --git a/pathod/libpathod/protocols/http.py b/pathod/libpathod/protocols/http.py
new file mode 100644
index 00000000..1f1765cb
--- /dev/null
+++ b/pathod/libpathod/protocols/http.py
@@ -0,0 +1,71 @@
+from netlib import tcp, wsgi
+from netlib.exceptions import HttpReadDisconnect, TlsException
+from netlib.http import http1, Request
+from .. import version, language
+
+
+class HTTPProtocol(object):
+    def __init__(self, pathod_handler):
+        self.pathod_handler = pathod_handler
+
+    def make_error_response(self, reason, body):
+        return language.http.make_error_response(reason, body)
+
+    def handle_http_app(self, method, path, headers, body, lg):
+        """
+            Handle a request to the built-in app.
+        """
+        if self.pathod_handler.server.noweb:
+            crafted = self.pathod_handler.make_http_error_response("Access Denied")
+            language.serve(crafted, self.pathod_handler.wfile, self.pathod_handler.settings)
+            return None, dict(
+                type="error",
+                msg="Access denied: web interface disabled"
+            )
+        lg("app: %s %s" % (method, path))
+        req = wsgi.Request("http", method, path, b"HTTP/1.1", headers, body)
+        flow = wsgi.Flow(self.pathod_handler.address, req)
+        sn = self.pathod_handler.connection.getsockname()
+        a = wsgi.WSGIAdaptor(
+            self.pathod_handler.server.app,
+            sn[0],
+            self.pathod_handler.server.address.port,
+            version.NAMEVERSION
+        )
+        a.serve(flow, self.pathod_handler.wfile)
+        return self.pathod_handler.handle_http_request, None
+
+    def handle_http_connect(self, connect, lg):
+        """
+            Handle a CONNECT request.
+        """
+
+        self.pathod_handler.wfile.write(
+            'HTTP/1.1 200 Connection established\r\n' +
+            ('Proxy-agent: %s\r\n' % version.NAMEVERSION) +
+            '\r\n'
+        )
+        self.pathod_handler.wfile.flush()
+        if not self.pathod_handler.server.ssloptions.not_after_connect:
+            try:
+                cert, key, chain_file_ = self.pathod_handler.server.ssloptions.get_cert(
+                    connect[0]
+                )
+                self.pathod_handler.convert_to_ssl(
+                    cert,
+                    key,
+                    handle_sni=self.pathod_handler.handle_sni,
+                    request_client_cert=self.pathod_handler.server.ssloptions.request_client_cert,
+                    cipher_list=self.pathod_handler.server.ssloptions.ciphers,
+                    method=self.pathod_handler.server.ssloptions.ssl_version,
+                    options=self.pathod_handler.server.ssloptions.ssl_options,
+                    alpn_select=self.pathod_handler.server.ssloptions.alpn_select,
+                )
+            except TlsException as v:
+                s = str(v)
+                lg(s)
+                return None, dict(type="error", msg=s)
+        return self.pathod_handler.handle_http_request, None
+
+    def read_request(self, lg=None):
+        return http1.read_request(self.pathod_handler.rfile)
diff --git a/pathod/libpathod/protocols/http2.py b/pathod/libpathod/protocols/http2.py
new file mode 100644
index 00000000..a098a14e
--- /dev/null
+++ b/pathod/libpathod/protocols/http2.py
@@ -0,0 +1,20 @@
+from netlib.http import http2
+from .. import version, app, language, utils, log
+
+class HTTP2Protocol:
+
+    def __init__(self, pathod_handler):
+        self.pathod_handler = pathod_handler
+        self.wire_protocol = http2.HTTP2Protocol(
+            self.pathod_handler, is_server=True, dump_frames=self.pathod_handler.http2_framedump
+        )
+
+    def make_error_response(self, reason, body):
+        return language.http2.make_error_response(reason, body)
+
+    def read_request(self, lg=None):
+        self.wire_protocol.perform_server_connection_preface()
+        return self.wire_protocol.read_request(self.pathod_handler.rfile)
+
+    def assemble(self, message):
+        return self.wire_protocol.assemble(message)
diff --git a/pathod/libpathod/protocols/websockets.py b/pathod/libpathod/protocols/websockets.py
new file mode 100644
index 00000000..134d27bc
--- /dev/null
+++ b/pathod/libpathod/protocols/websockets.py
@@ -0,0 +1,56 @@
+import time
+
+from netlib import websockets
+from .. import language
+from netlib.exceptions import NetlibException
+
+
+class WebsocketsProtocol:
+
+    def __init__(self, pathod_handler):
+        self.pathod_handler = pathod_handler
+
+    def handle_websocket(self, logger):
+        while True:
+            with logger.ctx() as lg:
+                started = time.time()
+                try:
+                    frm = websockets.Frame.from_file(self.pathod_handler.rfile)
+                except NetlibException as e:
+                    lg("Error reading websocket frame: %s" % e)
+                    break
+                ended = time.time()
+                lg(frm.human_readable())
+            retlog = dict(
+                type="inbound",
+                protocol="websockets",
+                started=started,
+                duration=ended - started,
+                frame=dict(
+                ),
+                cipher=None,
+            )
+            if self.pathod_handler.ssl_established:
+                retlog["cipher"] = self.pathod_handler.get_current_cipher()
+            self.pathod_handler.addlog(retlog)
+            ld = language.websockets.NESTED_LEADER
+            if frm.payload.startswith(ld):
+                nest = frm.payload[len(ld):]
+                try:
+                    wf_gen = language.parse_websocket_frame(nest)
+                except language.exceptions.ParseException as v:
+                    logger.write(
+                        "Parse error in reflected frame specifcation:"
+                        " %s" % v.msg
+                    )
+                    return None, None
+                for frm in wf_gen:
+                    with logger.ctx() as lg:
+                        frame_log = language.serve(
+                            frm,
+                            self.pathod_handler.wfile,
+                            self.pathod_handler.settings
+                        )
+                        lg("crafting websocket spec: %s" % frame_log["spec"])
+                        self.pathod_handler.addlog(frame_log)
+        return self.handle_websocket, None
diff --git a/pathod/libpathod/static/bootstrap.min.css b/pathod/libpathod/static/bootstrap.min.css
new file mode 100644
index 00000000..2e79d91a
--- /dev/null
+++ b/pathod/libpathod/static/bootstrap.min.css
@@ -0,0 +1,9 @@
+/*!
+ * Bootstrap v2.3.1
+ *
+ * Copyright 2012 Twitter, Inc
+ * Licensed under the Apache License v2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Designed and built with all the love in the world @twitter by @mdo and @fat.
+ */.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:32px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{width:auto\9;height:auto;max-width:100%;vertical-align:middle;border:0;-ms-interpolation-mode:bicubic}#map_canvas img,.google-maps img{max-width:none}button,input,select,textarea{margin:0;font-size:100%;vertical-align:middle}button,input{*overflow:visible;line-height:normal}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}label,select,button,input[type="button"],input[type="reset"],input[type="submit"],input[type="radio"],input[type="checkbox"]{cursor:pointer}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}textarea{overflow:auto;vertical-align:top}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:16px;line-height:22px;color:#555;background-color:#fff}a{color:#007fff;text-decoration:none}a:hover,a:focus{color:#06c;text-decoration:underline}.img-rounded{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.img-polaroid{padding:4px;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.1);box-shadow:0 1px 3px rgba(0,0,0,0.1)}.img-circle{-webkit-border-radius:500px;-moz-border-radius:500px;border-radius:500px}.row{margin-left:-20px;*zoom:1}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.span12{width:940px}.span11{width:860px}.span10{width:780px}.span9{width:700px}.span8{width:620px}.span7{width:540px}.span6{width:460px}.span5{width:380px}.span4{width:300px}.span3{width:220px}.span2{width:140px}.span1{width:60px}.offset12{margin-left:980px}.offset11{margin-left:900px}.offset10{margin-left:820px}.offset9{margin-left:740px}.offset8{margin-left:660px}.offset7{margin-left:580px}.offset6{margin-left:500px}.offset5{margin-left:420px}.offset4{margin-left:340px}.offset3{margin-left:260px}.offset2{margin-left:180px}.offset1{margin-left:100px}.row-fluid{width:100%;*zoom:1}.row-fluid:before,.row-fluid:after{display:table;line-height:0;content:""}.row-fluid:after{clear:both}.row-fluid [class*="span"]{display:block;float:left;width:100%;min-height:32px;margin-left:2.127659574468085%;*margin-left:2.074468085106383%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.row-fluid [class*="span"]:first-child{margin-left:0}.row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.127659574468085%}.row-fluid .span12{width:100%;*width:99.94680851063829%}.row-fluid .span11{width:91.48936170212765%;*width:91.43617021276594%}.row-fluid .span10{width:82.97872340425532%;*width:82.92553191489361%}.row-fluid .span9{width:74.46808510638297%;*width:74.41489361702126%}.row-fluid .span8{width:65.95744680851064%;*width:65.90425531914893%}.row-fluid .span7{width:57.44680851063829%;*width:57.39361702127659%}.row-fluid .span6{width:48.93617021276595%;*width:48.88297872340425%}.row-fluid .span5{width:40.42553191489362%;*width:40.37234042553192%}.row-fluid .span4{width:31.914893617021278%;*width:31.861702127659576%}.row-fluid .span3{width:23.404255319148934%;*width:23.351063829787233%}.row-fluid .span2{width:14.893617021276595%;*width:14.840425531914894%}.row-fluid .span1{width:6.382978723404255%;*width:6.329787234042553%}.row-fluid .offset12{margin-left:104.25531914893617%;*margin-left:104.14893617021275%}.row-fluid .offset12:first-child{margin-left:102.12765957446808%;*margin-left:102.02127659574467%}.row-fluid .offset11{margin-left:95.74468085106382%;*margin-left:95.6382978723404%}.row-fluid .offset11:first-child{margin-left:93.61702127659574%;*margin-left:93.51063829787232%}.row-fluid .offset10{margin-left:87.23404255319149%;*margin-left:87.12765957446807%}.row-fluid .offset10:first-child{margin-left:85.1063829787234%;*margin-left:84.99999999999999%}.row-fluid .offset9{margin-left:78.72340425531914%;*margin-left:78.61702127659572%}.row-fluid .offset9:first-child{margin-left:76.59574468085106%;*margin-left:76.48936170212764%}.row-fluid .offset8{margin-left:70.2127659574468%;*margin-left:70.10638297872339%}.row-fluid .offset8:first-child{margin-left:68.08510638297872%;*margin-left:67.9787234042553%}.row-fluid .offset7{margin-left:61.70212765957446%;*margin-left:61.59574468085106%}.row-fluid .offset7:first-child{margin-left:59.574468085106375%;*margin-left:59.46808510638297%}.row-fluid .offset6{margin-left:53.191489361702125%;*margin-left:53.085106382978715%}.row-fluid .offset6:first-child{margin-left:51.063829787234035%;*margin-left:50.95744680851063%}.row-fluid .offset5{margin-left:44.68085106382979%;*margin-left:44.57446808510638%}.row-fluid .offset5:first-child{margin-left:42.5531914893617%;*margin-left:42.4468085106383%}.row-fluid .offset4{margin-left:36.170212765957444%;*margin-left:36.06382978723405%}.row-fluid .offset4:first-child{margin-left:34.04255319148936%;*margin-left:33.93617021276596%}.row-fluid .offset3{margin-left:27.659574468085104%;*margin-left:27.5531914893617%}.row-fluid .offset3:first-child{margin-left:25.53191489361702%;*margin-left:25.425531914893618%}.row-fluid .offset2{margin-left:19.148936170212764%;*margin-left:19.04255319148936%}.row-fluid .offset2:first-child{margin-left:17.02127659574468%;*margin-left:16.914893617021278%}.row-fluid .offset1{margin-left:10.638297872340425%;*margin-left:10.53191489361702%}.row-fluid .offset1:first-child{margin-left:8.51063829787234%;*margin-left:8.404255319148938%}[class*="span"].hide,.row-fluid [class*="span"].hide{display:none}[class*="span"].pull-right,.row-fluid [class*="span"].pull-right{float:right}.container{margin-right:auto;margin-left:auto;*zoom:1}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}.container-fluid{padding-right:20px;padding-left:20px;*zoom:1}.container-fluid:before,.container-fluid:after{display:table;line-height:0;content:""}.container-fluid:after{clear:both}p{margin:0 0 11px}.lead{margin-bottom:22px;font-size:24px;font-weight:200;line-height:33px}small{font-size:85%}strong{font-weight:bold}em{font-style:italic}cite{font-style:normal}.muted{color:#dfdfdf}a.muted:hover,a.muted:focus{color:#c6c6c6}.text-warning{color:#fff}a.text-warning:hover,a.text-warning:focus{color:#e6e6e6}.text-error{color:#fff}a.text-error:hover,a.text-error:focus{color:#e6e6e6}.text-info{color:#fff}a.text-info:hover,a.text-info:focus{color:#e6e6e6}.text-success{color:#fff}a.text-success:hover,a.text-success:focus{color:#e6e6e6}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6{margin:11px 0;font-family:inherit;font-weight:300;line-height:22px;color:#080808;text-rendering:optimizelegibility}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{font-weight:normal;line-height:1;color:#dfdfdf}h1,h2,h3{line-height:44px}h1{font-size:44px}h2{font-size:36px}h3{font-size:28px}h4{font-size:20px}h5{font-size:16px}h6{font-size:13.6px}h1 small{font-size:28px}h2 small{font-size:20px}h3 small{font-size:16px}h4 small{font-size:16px}.page-header{padding-bottom:10px;margin:44px 0 22px;border-bottom:1px solid #eee}ul,ol{padding:0;margin:0 0 11px 25px}ul ul,ul ol,ol ol,ol ul{margin-bottom:0}li{line-height:22px}ul.unstyled,ol.unstyled{margin-left:0;list-style:none}ul.inline,ol.inline{margin-left:0;list-style:none}ul.inline>li,ol.inline>li{display:inline-block;*display:inline;padding-right:5px;padding-left:5px;*zoom:1}dl{margin-bottom:22px}dt,dd{line-height:22px}dt{font-weight:bold}dd{margin-left:11px}.dl-horizontal{*zoom:1}.dl-horizontal:before,.dl-horizontal:after{display:table;line-height:0;content:""}.dl-horizontal:after{clear:both}.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}hr{margin:22px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #dfdfdf}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:0 0 0 15px;margin:0 0 22px;border-left:5px solid #eee}blockquote p{margin-bottom:0;font-size:20px;font-weight:300;line-height:1.25}blockquote small{display:block;line-height:22px;color:#dfdfdf}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:22px;font-style:normal;line-height:22px}code,pre{padding:0 3px 2px;font-family:Monaco,Menlo,Consolas,"Courier New",monospace;font-size:14px;color:#999;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}code{padding:2px 4px;color:#d14;white-space:nowrap;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{display:block;padding:10.5px;margin:0 0 11px;font-size:15px;line-height:22px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}pre.prettyprint{margin-bottom:22px}pre code{padding:0;color:inherit;white-space:pre;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}form{margin:0 0 22px}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:22px;font-size:24px;line-height:44px;color:#999;border:0;border-bottom:1px solid #e5e5e5}legend small{font-size:16.5px;color:#dfdfdf}label,input,button,select,textarea{font-size:16px;font-weight:normal;line-height:22px}input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}label{display:block;margin-bottom:5px}select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{display:inline-block;height:22px;padding:4px 6px;margin-bottom:11px;font-size:16px;line-height:22px;color:#bbb;vertical-align:middle;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}input,textarea,.uneditable-input{width:206px}textarea{height:auto}textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{background-color:#fff;border:1px solid #bbb;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;*margin-top:0;line-height:normal}input[type="file"],input[type="image"],input[type="submit"],input[type="reset"],input[type="button"],input[type="radio"],input[type="checkbox"]{width:auto}select,input[type="file"]{height:32px;*margin-top:4px;line-height:32px}select{width:220px;background-color:#fff;border:1px solid #bbb}select[multiple],select[size]{height:auto}select:focus,input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.uneditable-input,.uneditable-textarea{color:#dfdfdf;cursor:not-allowed;background-color:#fcfcfc;border-color:#bbb;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);box-shadow:inset 0 1px 2px rgba(0,0,0,0.025)}.uneditable-input{overflow:hidden;white-space:nowrap}.uneditable-textarea{width:auto;height:auto}input:-moz-placeholder,textarea:-moz-placeholder{color:#bbb}input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#bbb}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#bbb}.radio,.checkbox{min-height:22px;padding-left:20px}.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-20px}.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px}.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle}.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px}.input-mini{width:60px}.input-small{width:90px}.input-medium{width:150px}.input-large{width:210px}.input-xlarge{width:270px}.input-xxlarge{width:530px}input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0}.input-append input[class*="span"],.input-append .uneditable-input[class*="span"],.input-prepend input[class*="span"],.input-prepend .uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"],.row-fluid .input-prepend [class*="span"],.row-fluid .input-append [class*="span"]{display:inline-block}input,textarea,.uneditable-input{margin-left:0}.controls-row [class*="span"]+[class*="span"]{margin-left:20px}input.span12,textarea.span12,.uneditable-input.span12{width:926px}input.span11,textarea.span11,.uneditable-input.span11{width:846px}input.span10,textarea.span10,.uneditable-input.span10{width:766px}input.span9,textarea.span9,.uneditable-input.span9{width:686px}input.span8,textarea.span8,.uneditable-input.span8{width:606px}input.span7,textarea.span7,.uneditable-input.span7{width:526px}input.span6,textarea.span6,.uneditable-input.span6{width:446px}input.span5,textarea.span5,.uneditable-input.span5{width:366px}input.span4,textarea.span4,.uneditable-input.span4{width:286px}input.span3,textarea.span3,.uneditable-input.span3{width:206px}input.span2,textarea.span2,.uneditable-input.span2{width:126px}input.span1,textarea.span1,.uneditable-input.span1{width:46px}.controls-row{*zoom:1}.controls-row:before,.controls-row:after{display:table;line-height:0;content:""}.controls-row:after{clear:both}.controls-row [class*="span"],.row-fluid .controls-row [class*="span"]{float:left}.controls-row .checkbox[class*="span"],.controls-row .radio[class*="span"]{padding-top:5px}input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eee}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent}.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#fff}.control-group.warning .checkbox,.control-group.warning .radio,.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#fff}.control-group.warning input,.control-group.warning select,.control-group.warning textarea{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff}.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#fff;background-color:#ff7518;border-color:#fff}.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#fff}.control-group.error .checkbox,.control-group.error .radio,.control-group.error input,.control-group.error select,.control-group.error textarea{color:#fff}.control-group.error input,.control-group.error select,.control-group.error textarea{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff}.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#fff;background-color:#ff0039;border-color:#fff}.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#fff}.control-group.success .checkbox,.control-group.success .radio,.control-group.success input,.control-group.success select,.control-group.success textarea{color:#fff}.control-group.success input,.control-group.success select,.control-group.success textarea{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff}.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#fff;background-color:#3fb618;border-color:#fff}.control-group.info .control-label,.control-group.info .help-block,.control-group.info .help-inline{color:#fff}.control-group.info .checkbox,.control-group.info .radio,.control-group.info input,.control-group.info select,.control-group.info textarea{color:#fff}.control-group.info input,.control-group.info select,.control-group.info textarea{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.info input:focus,.control-group.info select:focus,.control-group.info textarea:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #fff}.control-group.info .input-prepend .add-on,.control-group.info .input-append .add-on{color:#fff;background-color:#9954bb;border-color:#fff}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.form-actions{padding:21px 20px 22px;margin-top:22px;margin-bottom:22px;background-color:#f5f5f5;border-top:1px solid #e5e5e5;*zoom:1}.form-actions:before,.form-actions:after{display:table;line-height:0;content:""}.form-actions:after{clear:both}.help-block,.help-inline{color:#7b7b7b}.help-block{display:block;margin-bottom:11px}.help-inline{display:inline-block;*display:inline;padding-left:5px;vertical-align:middle;*zoom:1}.input-append,.input-prepend{display:inline-block;margin-bottom:11px;font-size:0;white-space:nowrap;vertical-align:middle}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input,.input-append .dropdown-menu,.input-prepend .dropdown-menu,.input-append .popover,.input-prepend .popover{font-size:16px}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append input:focus,.input-prepend input:focus,.input-append select:focus,.input-prepend select:focus,.input-append .uneditable-input:focus,.input-prepend .uneditable-input:focus{z-index:2}.input-append .add-on,.input-prepend .add-on{display:inline-block;width:auto;height:22px;min-width:16px;padding:4px 5px;font-size:16px;font-weight:normal;line-height:22px;text-align:center;text-shadow:0 1px 0 #fff;background-color:#eee;border:1px solid #ccc}.input-append .add-on,.input-prepend .add-on,.input-append .btn,.input-prepend .btn,.input-append .btn-group>.dropdown-toggle,.input-prepend .btn-group>.dropdown-toggle{vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append .active,.input-prepend .active{background-color:#96ed7a;border-color:#3fb618}.input-prepend .add-on,.input-prepend .btn{margin-right:-1px}.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append input+.btn-group .btn:last-child,.input-append select+.btn-group .btn:last-child,.input-append .uneditable-input+.btn-group .btn:last-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append .add-on,.input-append .btn,.input-append .btn-group{margin-left:-1px}.input-append .add-on:last-child,.input-append .btn:last-child,.input-append .btn-group:last-child>.dropdown-toggle{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append input+.btn-group .btn,.input-prepend.input-append select+.btn-group .btn,.input-prepend.input-append .uneditable-input+.btn-group .btn{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append .btn-group:first-child{margin-left:0}input.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.form-search .input-append .search-query,.form-search .input-prepend .search-query{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.form-search .input-append .search-query{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search .input-append .btn{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .search-query{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .btn{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;margin-bottom:0;vertical-align:middle;*zoom:1}.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none}.form-search label,.form-inline label,.form-search .btn-group,.form-inline .btn-group{display:inline-block}.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0}.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle}.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0}.control-group{margin-bottom:11px}legend+.control-group{margin-top:22px;-webkit-margin-top-collapse:separate}.form-horizontal .control-group{margin-bottom:22px;*zoom:1}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;line-height:0;content:""}.form-horizontal .control-group:after{clear:both}.form-horizontal .control-label{float:left;width:160px;padding-top:5px;text-align:right}.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:180px;*margin-left:0}.form-horizontal .controls:first-child{*padding-left:180px}.form-horizontal .help-block{margin-bottom:0}.form-horizontal input+.help-block,.form-horizontal select+.help-block,.form-horizontal textarea+.help-block,.form-horizontal .uneditable-input+.help-block,.form-horizontal .input-prepend+.help-block,.form-horizontal .input-append+.help-block{margin-top:11px}.form-horizontal .form-actions{padding-left:180px}table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0}.table{width:100%;margin-bottom:22px}.table th,.table td{padding:8px;line-height:22px;text-align:left;vertical-align:top;border-top:1px solid #ddd}.table th{font-weight:bold}.table thead th{vertical-align:bottom}.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed th,.table-condensed td{padding:4px 5px}.table-bordered{border:1px solid #ddd;border-collapse:separate;*border-collapse:collapse;border-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.table-bordered th,.table-bordered td{border-left:1px solid #ddd}.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0}.table-bordered thead:first-child tr:first-child>th:first-child,.table-bordered tbody:first-child tr:first-child>td:first-child,.table-bordered tbody:first-child tr:first-child>th:first-child{-webkit-border-top-left-radius:0;border-top-left-radius:0;-moz-border-radius-topleft:0}.table-bordered thead:first-child tr:first-child>th:last-child,.table-bordered tbody:first-child tr:first-child>td:last-child,.table-bordered tbody:first-child tr:first-child>th:last-child{-webkit-border-top-right-radius:0;border-top-right-radius:0;-moz-border-radius-topright:0}.table-bordered thead:last-child tr:last-child>th:first-child,.table-bordered tbody:last-child tr:last-child>td:first-child,.table-bordered tbody:last-child tr:last-child>th:first-child,.table-bordered tfoot:last-child tr:last-child>td:first-child,.table-bordered tfoot:last-child tr:last-child>th:first-child{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomleft:0}.table-bordered thead:last-child tr:last-child>th:last-child,.table-bordered tbody:last-child tr:last-child>td:last-child,.table-bordered tbody:last-child tr:last-child>th:last-child,.table-bordered tfoot:last-child tr:last-child>td:last-child,.table-bordered tfoot:last-child tr:last-child>th:last-child{-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-bottomright:0}.table-bordered tfoot+tbody:last-child tr:last-child td:first-child{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomleft:0}.table-bordered tfoot+tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-bottomright:0}.table-bordered caption+thead tr:first-child th:first-child,.table-bordered caption+tbody tr:first-child td:first-child,.table-bordered colgroup+thead tr:first-child th:first-child,.table-bordered colgroup+tbody tr:first-child td:first-child{-webkit-border-top-left-radius:0;border-top-left-radius:0;-moz-border-radius-topleft:0}.table-bordered caption+thead tr:first-child th:last-child,.table-bordered caption+tbody tr:first-child td:last-child,.table-bordered colgroup+thead tr:first-child th:last-child,.table-bordered colgroup+tbody tr:first-child td:last-child{-webkit-border-top-right-radius:0;border-top-right-radius:0;-moz-border-radius-topright:0}.table-striped tbody>tr:nth-child(odd)>td,.table-striped tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover tbody tr:hover>td,.table-hover tbody tr:hover>th{background-color:#e8f8fd}table td[class*="span"],table th[class*="span"],.row-fluid table td[class*="span"],.row-fluid table th[class*="span"]{display:table-cell;float:none;margin-left:0}.table td.span1,.table th.span1{float:none;width:44px;margin-left:0}.table td.span2,.table th.span2{float:none;width:124px;margin-left:0}.table td.span3,.table th.span3{float:none;width:204px;margin-left:0}.table td.span4,.table th.span4{float:none;width:284px;margin-left:0}.table td.span5,.table th.span5{float:none;width:364px;margin-left:0}.table td.span6,.table th.span6{float:none;width:444px;margin-left:0}.table td.span7,.table th.span7{float:none;width:524px;margin-left:0}.table td.span8,.table th.span8{float:none;width:604px;margin-left:0}.table td.span9,.table th.span9{float:none;width:684px;margin-left:0}.table td.span10,.table th.span10{float:none;width:764px;margin-left:0}.table td.span11,.table th.span11{float:none;width:844px;margin-left:0}.table td.span12,.table th.span12{float:none;width:924px;margin-left:0}.table tbody tr.success>td{background-color:#3fb618}.table tbody tr.error>td{background-color:#ff0039}.table tbody tr.warning>td{background-color:#ff7518}.table tbody tr.info>td{background-color:#9954bb}.table-hover tbody tr.success:hover>td{background-color:#379f15}.table-hover tbody tr.error:hover>td{background-color:#e60033}.table-hover tbody tr.warning:hover>td{background-color:#fe6600}.table-hover tbody tr.info:hover>td{background-color:#8d46b0}[class^="icon-"],[class*=" icon-"]{display:inline-block;width:14px;height:14px;margin-top:1px;*margin-right:.3em;line-height:14px;vertical-align:text-top;background-image:url("../img/glyphicons-halflings.png");background-position:14px 14px;background-repeat:no-repeat}.icon-white,.nav-pills>.active>a>[class^="icon-"],.nav-pills>.active>a>[class*=" icon-"],.nav-list>.active>a>[class^="icon-"],.nav-list>.active>a>[class*=" icon-"],.navbar-inverse .nav>.active>a>[class^="icon-"],.navbar-inverse .nav>.active>a>[class*=" icon-"],.dropdown-menu>li>a:hover>[class^="icon-"],.dropdown-menu>li>a:focus>[class^="icon-"],.dropdown-menu>li>a:hover>[class*=" icon-"],.dropdown-menu>li>a:focus>[class*=" icon-"],.dropdown-menu>.active>a>[class^="icon-"],.dropdown-menu>.active>a>[class*=" icon-"],.dropdown-submenu:hover>a>[class^="icon-"],.dropdown-submenu:focus>a>[class^="icon-"],.dropdown-submenu:hover>a>[class*=" icon-"],.dropdown-submenu:focus>a>[class*=" icon-"]{background-image:url("../img/glyphicons-halflings-white.png")}.icon-glass{background-position:0 0}.icon-music{background-position:-24px 0}.icon-search{background-position:-48px 0}.icon-envelope{background-position:-72px 0}.icon-heart{background-position:-96px 0}.icon-star{background-position:-120px 0}.icon-star-empty{background-position:-144px 0}.icon-user{background-position:-168px 0}.icon-film{background-position:-192px 0}.icon-th-large{background-position:-216px 0}.icon-th{background-position:-240px 0}.icon-th-list{background-position:-264px 0}.icon-ok{background-position:-288px 0}.icon-remove{background-position:-312px 0}.icon-zoom-in{background-position:-336px 0}.icon-zoom-out{background-position:-360px 0}.icon-off{background-position:-384px 0}.icon-signal{background-position:-408px 0}.icon-cog{background-position:-432px 0}.icon-trash{background-position:-456px 0}.icon-home{background-position:0 -24px}.icon-file{background-position:-24px -24px}.icon-time{background-position:-48px -24px}.icon-road{background-position:-72px -24px}.icon-download-alt{background-position:-96px -24px}.icon-download{background-position:-120px -24px}.icon-upload{background-position:-144px -24px}.icon-inbox{background-position:-168px -24px}.icon-play-circle{background-position:-192px -24px}.icon-repeat{background-position:-216px -24px}.icon-refresh{background-position:-240px -24px}.icon-list-alt{background-position:-264px -24px}.icon-lock{background-position:-287px -24px}.icon-flag{background-position:-312px -24px}.icon-headphones{background-position:-336px -24px}.icon-volume-off{background-position:-360px -24px}.icon-volume-down{background-position:-384px -24px}.icon-volume-up{background-position:-408px -24px}.icon-qrcode{background-position:-432px -24px}.icon-barcode{background-position:-456px -24px}.icon-tag{background-position:0 -48px}.icon-tags{background-position:-25px -48px}.icon-book{background-position:-48px -48px}.icon-bookmark{background-position:-72px -48px}.icon-print{background-position:-96px -48px}.icon-camera{background-position:-120px -48px}.icon-font{background-position:-144px -48px}.icon-bold{background-position:-167px -48px}.icon-italic{background-position:-192px -48px}.icon-text-height{background-position:-216px -48px}.icon-text-width{background-position:-240px -48px}.icon-align-left{background-position:-264px -48px}.icon-align-center{background-position:-288px -48px}.icon-align-right{background-position:-312px -48px}.icon-align-justify{background-position:-336px -48px}.icon-list{background-position:-360px -48px}.icon-indent-left{background-position:-384px -48px}.icon-indent-right{background-position:-408px -48px}.icon-facetime-video{background-position:-432px -48px}.icon-picture{background-position:-456px -48px}.icon-pencil{background-position:0 -72px}.icon-map-marker{background-position:-24px -72px}.icon-adjust{background-position:-48px -72px}.icon-tint{background-position:-72px -72px}.icon-edit{background-position:-96px -72px}.icon-share{background-position:-120px -72px}.icon-check{background-position:-144px -72px}.icon-move{background-position:-168px -72px}.icon-step-backward{background-position:-192px -72px}.icon-fast-backward{background-position:-216px -72px}.icon-backward{background-position:-240px -72px}.icon-play{background-position:-264px -72px}.icon-pause{background-position:-288px -72px}.icon-stop{background-position:-312px -72px}.icon-forward{background-position:-336px -72px}.icon-fast-forward{background-position:-360px -72px}.icon-step-forward{background-position:-384px -72px}.icon-eject{background-position:-408px -72px}.icon-chevron-left{background-position:-432px -72px}.icon-chevron-right{background-position:-456px -72px}.icon-plus-sign{background-position:0 -96px}.icon-minus-sign{background-position:-24px -96px}.icon-remove-sign{background-position:-48px -96px}.icon-ok-sign{background-position:-72px -96px}.icon-question-sign{background-position:-96px -96px}.icon-info-sign{background-position:-120px -96px}.icon-screenshot{background-position:-144px -96px}.icon-remove-circle{background-position:-168px -96px}.icon-ok-circle{background-position:-192px -96px}.icon-ban-circle{background-position:-216px -96px}.icon-arrow-left{background-position:-240px -96px}.icon-arrow-right{background-position:-264px -96px}.icon-arrow-up{background-position:-289px -96px}.icon-arrow-down{background-position:-312px -96px}.icon-share-alt{background-position:-336px -96px}.icon-resize-full{background-position:-360px -96px}.icon-resize-small{background-position:-384px -96px}.icon-plus{background-position:-408px -96px}.icon-minus{background-position:-433px -96px}.icon-asterisk{background-position:-456px -96px}.icon-exclamation-sign{background-position:0 -120px}.icon-gift{background-position:-24px -120px}.icon-leaf{background-position:-48px -120px}.icon-fire{background-position:-72px -120px}.icon-eye-open{background-position:-96px -120px}.icon-eye-close{background-position:-120px -120px}.icon-warning-sign{background-position:-144px -120px}.icon-plane{background-position:-168px -120px}.icon-calendar{background-position:-192px -120px}.icon-random{width:16px;background-position:-216px -120px}.icon-comment{background-position:-240px -120px}.icon-magnet{background-position:-264px -120px}.icon-chevron-up{background-position:-288px -120px}.icon-chevron-down{background-position:-313px -119px}.icon-retweet{background-position:-336px -120px}.icon-shopping-cart{background-position:-360px -120px}.icon-folder-close{width:16px;background-position:-384px -120px}.icon-folder-open{width:16px;background-position:-408px -120px}.icon-resize-vertical{background-position:-432px -119px}.icon-resize-horizontal{background-position:-456px -118px}.icon-hdd{background-position:0 -144px}.icon-bullhorn{background-position:-24px -144px}.icon-bell{background-position:-48px -144px}.icon-certificate{background-position:-72px -144px}.icon-thumbs-up{background-position:-96px -144px}.icon-thumbs-down{background-position:-120px -144px}.icon-hand-right{background-position:-144px -144px}.icon-hand-left{background-position:-168px -144px}.icon-hand-up{background-position:-192px -144px}.icon-hand-down{background-position:-216px -144px}.icon-circle-arrow-right{background-position:-240px -144px}.icon-circle-arrow-left{background-position:-264px -144px}.icon-circle-arrow-up{background-position:-288px -144px}.icon-circle-arrow-down{background-position:-312px -144px}.icon-globe{background-position:-336px -144px}.icon-wrench{background-position:-360px -144px}.icon-tasks{background-position:-384px -144px}.icon-filter{background-position:-408px -144px}.icon-briefcase{background-position:-432px -144px}.icon-fullscreen{background-position:-456px -144px}.dropup,.dropdown{position:relative}.dropdown-toggle{*margin-bottom:-3px}.dropdown-toggle:active,.open .dropdown-toggle{outline:0}.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000;border-right:4px solid transparent;border-left:4px solid transparent;content:""}.dropdown .caret{margin-top:8px;margin-left:2px}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{*width:100%;height:1px;margin:10px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:22px;color:#999;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus,.dropdown-submenu:hover>a,.dropdown-submenu:focus>a{color:#fff;text-decoration:none;background-color:#007af5;background-image:-moz-linear-gradient(top,#007fff,#0072e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#007fff),to(#0072e6));background-image:-webkit-linear-gradient(top,#007fff,#0072e6);background-image:-o-linear-gradient(top,#007fff,#0072e6);background-image:linear-gradient(to bottom,#007fff,#0072e6);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff007fff',endColorstr='#ff0072e6',GradientType=0)}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#007af5;background-image:-moz-linear-gradient(top,#007fff,#0072e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#007fff),to(#0072e6));background-image:-webkit-linear-gradient(top,#007fff,#0072e6);background-image:-o-linear-gradient(top,#007fff,#0072e6);background-image:linear-gradient(to bottom,#007fff,#0072e6);background-repeat:repeat-x;outline:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff007fff',endColorstr='#ff0072e6',GradientType=0)}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#dfdfdf}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open{*z-index:1000}.open>.dropdown-menu{display:block}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}.dropdown-submenu{position:relative}.dropdown-submenu>.dropdown-menu{top:0;left:100%;margin-top:-6px;margin-left:-1px;-webkit-border-radius:0 6px 6px 6px;-moz-border-radius:0 6px 6px 6px;border-radius:0 6px 6px 6px}.dropdown-submenu:hover>.dropdown-menu{display:block}.dropup .dropdown-submenu>.dropdown-menu{top:auto;bottom:0;margin-top:0;margin-bottom:-2px;-webkit-border-radius:5px 5px 5px 0;-moz-border-radius:5px 5px 5px 0;border-radius:5px 5px 5px 0}.dropdown-submenu>a:after{display:block;float:right;width:0;height:0;margin-top:5px;margin-right:-10px;border-color:transparent;border-left-color:#ccc;border-style:solid;border-width:5px 0 5px 5px;content:" "}.dropdown-submenu:hover>a:after{border-left-color:#fff}.dropdown-submenu.pull-left{float:none}.dropdown-submenu.pull-left>.dropdown-menu{left:-100%;margin-left:10px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.dropdown .dropdown-menu .nav-header{padding-right:20px;padding-left:20px}.typeahead{z-index:1051;margin-top:2px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#eee;border:1px solid #dcdcdc;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-large{padding:24px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.well-small{padding:9px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.collapse.in{height:auto}.close{float:right;font-size:20px;font-weight:bold;line-height:22px;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.btn{display:inline-block;*display:inline;padding:4px 12px;margin-bottom:0;*margin-left:.3em;font-size:16px;line-height:22px;color:#999;text-align:center;text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;cursor:pointer;background-color:#dfdfdf;*background-color:#c8c8c8;background-image:-moz-linear-gradient(top,#eee,#c8c8c8);background-image:-webkit-gradient(linear,0 0,0 100%,from(#eee),to(#c8c8c8));background-image:-webkit-linear-gradient(top,#eee,#c8c8c8);background-image:-o-linear-gradient(top,#eee,#c8c8c8);background-image:linear-gradient(to bottom,#eee,#c8c8c8);background-repeat:repeat-x;border:1px solid #bbb;*border:0;border-color:#c8c8c8 #c8c8c8 #a2a2a2;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);border-bottom-color:#a2a2a2;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffeeeeee',endColorstr='#ffc8c8c8',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);*zoom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn:hover,.btn:focus,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{color:#999;background-color:#c8c8c8;*background-color:#bbb}.btn:active,.btn.active{background-color:#aeaeae \9}.btn:first-child{*margin-left:0}.btn:hover,.btn:focus{color:#999;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position .1s linear;-moz-transition:background-position .1s linear;-o-transition:background-position .1s linear;transition:background-position .1s linear}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn.disabled,.btn[disabled]{cursor:default;background-image:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-large{padding:22px 30px;font-size:20px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-large [class^="icon-"],.btn-large [class*=" icon-"]{margin-top:4px}.btn-small{padding:2px 10px;font-size:13.6px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-small [class^="icon-"],.btn-small [class*=" icon-"]{margin-top:0}.btn-mini [class^="icon-"],.btn-mini [class*=" icon-"]{margin-top:-1px}.btn-mini{padding:2px 6px;font-size:12px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-block{display:block;width:100%;padding-right:0;padding-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255,255,255,0.75)}.btn-primary{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0f82f5;*background-color:#0072e6;background-image:-moz-linear-gradient(top,#1a8cff,#0072e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#1a8cff),to(#0072e6));background-image:-webkit-linear-gradient(top,#1a8cff,#0072e6);background-image:-o-linear-gradient(top,#1a8cff,#0072e6);background-image:linear-gradient(to bottom,#1a8cff,#0072e6);background-repeat:repeat-x;border-color:#0072e6 #0072e6 #004c99;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff1a8cff',endColorstr='#ff0072e6',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{color:#fff;background-color:#0072e6;*background-color:#06c}.btn-primary:active,.btn-primary.active{background-color:#0059b3 \9}.btn-warning{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#fe781e;*background-color:#fe6600;background-image:-moz-linear-gradient(top,#ff8432,#fe6600);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ff8432),to(#fe6600));background-image:-webkit-linear-gradient(top,#ff8432,#fe6600);background-image:-o-linear-gradient(top,#ff8432,#fe6600);background-image:linear-gradient(to bottom,#ff8432,#fe6600);background-repeat:repeat-x;border-color:#fe6600 #fe6600 #b14700;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffff8432',endColorstr='#fffe6600',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{color:#fff;background-color:#fe6600;*background-color:#e45c00}.btn-warning:active,.btn-warning.active{background-color:#cb5200 \9}.btn-danger{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#f50f43;*background-color:#e60033;background-image:-moz-linear-gradient(top,#ff1a4d,#e60033);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ff1a4d),to(#e60033));background-image:-webkit-linear-gradient(top,#ff1a4d,#e60033);background-image:-o-linear-gradient(top,#ff1a4d,#e60033);background-image:linear-gradient(to bottom,#ff1a4d,#e60033);background-repeat:repeat-x;border-color:#e60033 #e60033 #902;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffff1a4d',endColorstr='#ffe60033',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{color:#fff;background-color:#e60033;*background-color:#cc002e}.btn-danger:active,.btn-danger.active{background-color:#b30028 \9}.btn-success{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#41bb19;*background-color:#379f15;background-image:-moz-linear-gradient(top,#47cd1b,#379f15);background-image:-webkit-gradient(linear,0 0,0 100%,from(#47cd1b),to(#379f15));background-image:-webkit-linear-gradient(top,#47cd1b,#379f15);background-image:-o-linear-gradient(top,#47cd1b,#379f15);background-image:linear-gradient(to bottom,#47cd1b,#379f15);background-repeat:repeat-x;border-color:#379f15 #379f15 #205c0c;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff47cd1b',endColorstr='#ff379f15',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{color:#fff;background-color:#379f15;*background-color:#2f8912}.btn-success:active,.btn-success.active{background-color:#28720f \9}.btn-info{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#9b59bb;*background-color:#8d46b0;background-image:-moz-linear-gradient(top,#a466c2,#8d46b0);background-image:-webkit-gradient(linear,0 0,0 100%,from(#a466c2),to(#8d46b0));background-image:-webkit-linear-gradient(top,#a466c2,#8d46b0);background-image:-o-linear-gradient(top,#a466c2,#8d46b0);background-image:linear-gradient(to bottom,#a466c2,#8d46b0);background-repeat:repeat-x;border-color:#8d46b0 #8d46b0 #613079;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffa466c2',endColorstr='#ff8d46b0',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{color:#fff;background-color:#8d46b0;*background-color:#7e3f9d}.btn-info:active,.btn-info.active{background-color:#6f378b \9}.btn-inverse{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#080808;*background-color:#000;background-image:-moz-linear-gradient(top,#0d0d0d,#000);background-image:-webkit-gradient(linear,0 0,0 100%,from(#0d0d0d),to(#000));background-image:-webkit-linear-gradient(top,#0d0d0d,#000);background-image:-o-linear-gradient(top,#0d0d0d,#000);background-image:linear-gradient(to bottom,#0d0d0d,#000);background-repeat:repeat-x;border-color:#000 #000 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0d0d0d',endColorstr='#ff000000',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-inverse:hover,.btn-inverse:focus,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{color:#fff;background-color:#000;*background-color:#000}.btn-inverse:active,.btn-inverse.active{background-color:#000 \9}button.btn,input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px}button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px}button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px}.btn-link,.btn-link:active,.btn-link[disabled]{background-color:transparent;background-image:none;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-link{color:#007fff;cursor:pointer;border-color:transparent;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-link:hover,.btn-link:focus{color:#06c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,.btn-link[disabled]:focus{color:#999;text-decoration:none}.btn-group{position:relative;display:inline-block;*display:inline;*margin-left:.3em;font-size:0;white-space:nowrap;vertical-align:middle;*zoom:1}.btn-group:first-child{*margin-left:0}.btn-group+.btn-group{margin-left:5px}.btn-toolbar{margin-top:11px;margin-bottom:11px;font-size:0}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group{margin-left:5px}.btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group>.btn+.btn{margin-left:-1px}.btn-group>.btn,.btn-group>.dropdown-menu,.btn-group>.popover{font-size:16px}.btn-group>.btn-mini{font-size:12px}.btn-group>.btn-small{font-size:13.6px}.btn-group>.btn-large{font-size:20px}.btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-webkit-border-top-left-radius:0;border-top-left-radius:0;-moz-border-radius-bottomleft:0;-moz-border-radius-topleft:0}.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:0;border-top-right-radius:0;-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-topright:0;-moz-border-radius-bottomright:0}.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-webkit-border-top-left-radius:0;border-top-left-radius:0;-moz-border-radius-bottomleft:0;-moz-border-radius-topleft:0}.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:0;border-top-right-radius:0;-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-topright:0;-moz-border-radius-bottomright:0}.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{*padding-top:5px;padding-right:8px;*padding-bottom:5px;padding-left:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn-group>.btn-mini+.dropdown-toggle{*padding-top:2px;padding-right:5px;*padding-bottom:2px;padding-left:5px}.btn-group>.btn-small+.dropdown-toggle{*padding-top:5px;*padding-bottom:4px}.btn-group>.btn-large+.dropdown-toggle{*padding-top:7px;padding-right:12px;*padding-bottom:7px;padding-left:12px}.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn-group.open .btn.dropdown-toggle{background-color:#c8c8c8}.btn-group.open .btn-primary.dropdown-toggle{background-color:#0072e6}.btn-group.open .btn-warning.dropdown-toggle{background-color:#fe6600}.btn-group.open .btn-danger.dropdown-toggle{background-color:#e60033}.btn-group.open .btn-success.dropdown-toggle{background-color:#379f15}.btn-group.open .btn-info.dropdown-toggle{background-color:#8d46b0}.btn-group.open .btn-inverse.dropdown-toggle{background-color:#000}.btn .caret{margin-top:8px;margin-left:0}.btn-large .caret{margin-top:6px}.btn-large .caret{border-top-width:5px;border-right-width:5px;border-left-width:5px}.btn-mini .caret,.btn-small .caret{margin-top:8px}.dropup .btn-large .caret{border-bottom-width:5px}.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#fff;border-bottom-color:#fff}.btn-group-vertical{display:inline-block;*display:inline;*zoom:1}.btn-group-vertical>.btn{display:block;float:none;max-width:100%;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn+.btn{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:first-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn:last-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn-large:first-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn-large:last-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.alert{padding:8px 35px 8px 14px;margin-bottom:22px;text-shadow:0 1px 0 rgba(255,255,255,0.5);background-color:#ff7518;border:1px solid transparent;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.alert,.alert h4{color:#fff}.alert h4{margin:0}.alert .close{position:relative;top:-2px;right:-21px;line-height:22px}.alert-success{color:#fff;background-color:#3fb618;border-color:transparent}.alert-success h4{color:#fff}.alert-danger,.alert-error{color:#fff;background-color:#ff0039;border-color:transparent}.alert-danger h4,.alert-error h4{color:#fff}.alert-info{color:#fff;background-color:#9954bb;border-color:transparent}.alert-info h4{color:#fff}.alert-block{padding-top:14px;padding-bottom:14px}.alert-block>p,.alert-block>ul{margin-bottom:0}.alert-block p+p{margin-top:5px}.nav{margin-bottom:22px;margin-left:0;list-style:none}.nav>li>a{display:block}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li>a>img{max-width:none}.nav>.pull-right{float:right}.nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:22px;color:#dfdfdf;text-shadow:0 1px 0 rgba(255,255,255,0.5);text-transform:uppercase}.nav li+.nav-header{margin-top:9px}.nav-list{padding-right:15px;padding-left:15px;margin-bottom:0}.nav-list>li>a,.nav-list .nav-header{margin-right:-15px;margin-left:-15px;text-shadow:0 1px 0 rgba(255,255,255,0.5)}.nav-list>li>a{padding:3px 15px}.nav-list>.active>a,.nav-list>.active>a:hover,.nav-list>.active>a:focus{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.2);background-color:#007fff}.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{margin-right:2px}.nav-list .divider{*width:100%;height:1px;margin:10px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.nav-tabs,.nav-pills{*zoom:1}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;line-height:0;content:""}.nav-tabs:after,.nav-pills:after{clear:both}.nav-tabs>li,.nav-pills>li{float:left}.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{margin-bottom:-1px}.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:22px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover,.nav-tabs>li>a:focus{border-color:#eee #eee #ddd}.nav-tabs>.active>a,.nav-tabs>.active>a:hover,.nav-tabs>.active>a:focus{color:#bbb;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.nav-pills>.active>a,.nav-pills>.active>a:hover,.nav-pills>.active>a:focus{color:#fff;background-color:#007fff}.nav-stacked>li{float:none}.nav-stacked>li>a{margin-right:0}.nav-tabs.nav-stacked{border-bottom:0}.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-topleft:4px}.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomright:4px;-moz-border-radius-bottomleft:4px}.nav-tabs.nav-stacked>li>a:hover,.nav-tabs.nav-stacked>li>a:focus{z-index:2;border-color:#ddd}.nav-pills.nav-stacked>li>a{margin-bottom:3px}.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px}.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.nav-pills .dropdown-menu{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.nav .dropdown-toggle .caret{margin-top:6px;border-top-color:#007fff;border-bottom-color:#007fff}.nav .dropdown-toggle:hover .caret,.nav .dropdown-toggle:focus .caret{border-top-color:#06c;border-bottom-color:#06c}.nav-tabs .dropdown-toggle .caret{margin-top:8px}.nav .active .dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.nav-tabs .active .dropdown-toggle .caret{border-top-color:#bbb;border-bottom-color:#bbb}.nav>.dropdown.active>a:hover,.nav>.dropdown.active>a:focus{cursor:pointer}.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover,.nav>li.dropdown.open.active>a:focus{color:#fff;background-color:#dfdfdf;border-color:#dfdfdf}.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret,.nav li.dropdown.open a:focus .caret{border-top-color:#fff;border-bottom-color:#fff;opacity:1;filter:alpha(opacity=100)}.tabs-stacked .open>a:hover,.tabs-stacked .open>a:focus{border-color:#dfdfdf}.tabbable{*zoom:1}.tabbable:before,.tabbable:after{display:table;line-height:0;content:""}.tabbable:after{clear:both}.tab-content{overflow:auto}.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.tabs-below>.nav-tabs{border-top:1px solid #ddd}.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0}.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.tabs-below>.nav-tabs>li>a:hover,.tabs-below>.nav-tabs>li>a:focus{border-top-color:#ddd;border-bottom-color:transparent}.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover,.tabs-below>.nav-tabs>.active>a:focus{border-color:transparent #ddd #ddd #ddd}.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none}.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px}.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd}.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.tabs-left>.nav-tabs>li>a:hover,.tabs-left>.nav-tabs>li>a:focus{border-color:#eee #ddd #eee #eee}.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover,.tabs-left>.nav-tabs .active>a:focus{border-color:#ddd transparent #ddd #ddd;*border-right-color:#fff}.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd}.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.tabs-right>.nav-tabs>li>a:hover,.tabs-right>.nav-tabs>li>a:focus{border-color:#eee #eee #eee #ddd}.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover,.tabs-right>.nav-tabs .active>a:focus{border-color:#ddd #ddd #ddd transparent;*border-left-color:#fff}.nav>.disabled>a{color:#dfdfdf}.nav>.disabled>a:hover,.nav>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent}.navbar{*position:relative;*z-index:2;margin-bottom:22px;overflow:visible}.navbar-inner{min-height:50px;padding-right:20px;padding-left:20px;background-color:#080808;background-image:-moz-linear-gradient(top,#080808,#080808);background-image:-webkit-gradient(linear,0 0,0 100%,from(#080808),to(#080808));background-image:-webkit-linear-gradient(top,#080808,#080808);background-image:-o-linear-gradient(top,#080808,#080808);background-image:linear-gradient(to bottom,#080808,#080808);background-repeat:repeat-x;border:1px solid transparent;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808',endColorstr='#ff080808',GradientType=0);*zoom:1;-webkit-box-shadow:0 1px 4px rgba(0,0,0,0.065);-moz-box-shadow:0 1px 4px rgba(0,0,0,0.065);box-shadow:0 1px 4px rgba(0,0,0,0.065)}.navbar-inner:before,.navbar-inner:after{display:table;line-height:0;content:""}.navbar-inner:after{clear:both}.navbar .container{width:auto}.nav-collapse.collapse{height:auto;overflow:visible}.navbar .brand{display:block;float:left;padding:14px 20px 14px;margin-left:-20px;font-size:20px;font-weight:200;color:#fff;text-shadow:0 1px 0 #080808}.navbar .brand:hover,.navbar .brand:focus{text-decoration:none}.navbar-text{margin-bottom:0;line-height:50px;color:#fff}.navbar-link{color:#fff}.navbar-link:hover,.navbar-link:focus{color:#fff}.navbar .divider-vertical{height:50px;margin:0 9px;border-right:1px solid #080808;border-left:1px solid #080808}.navbar .btn,.navbar .btn-group{margin-top:10px}.navbar .btn-group .btn,.navbar .input-prepend .btn,.navbar .input-append .btn,.navbar .input-prepend .btn-group,.navbar .input-append .btn-group{margin-top:0}.navbar-form{margin-bottom:0;*zoom:1}.navbar-form:before,.navbar-form:after{display:table;line-height:0;content:""}.navbar-form:after{clear:both}.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:10px}.navbar-form input,.navbar-form select,.navbar-form .btn{display:inline-block;margin-bottom:0}.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px}.navbar-form .input-append,.navbar-form .input-prepend{margin-top:5px;white-space:nowrap}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0}.navbar-search{position:relative;float:left;margin-top:10px;margin-bottom:0}.navbar-search .search-query{padding:4px 14px;margin-bottom:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.navbar-static-top{position:static;margin-bottom:0}.navbar-static-top .navbar-inner{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{border-width:0 0 1px}.navbar-fixed-bottom .navbar-inner{border-width:1px 0 0}.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-right:0;padding-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.navbar-fixed-top{top:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{-webkit-box-shadow:0 1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 10px rgba(0,0,0,0.1);box-shadow:0 1px 10px rgba(0,0,0,0.1)}.navbar-fixed-bottom{bottom:0}.navbar-fixed-bottom .navbar-inner{-webkit-box-shadow:0 -1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 -1px 10px rgba(0,0,0,0.1);box-shadow:0 -1px 10px rgba(0,0,0,0.1)}.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0}.navbar .nav.pull-right{float:right;margin-right:0}.navbar .nav>li{float:left}.navbar .nav>li>a{float:none;padding:14px 15px 14px;color:#fff;text-decoration:none;text-shadow:0 1px 0 #080808}.navbar .nav .dropdown-toggle .caret{margin-top:8px}.navbar .nav>li>a:focus,.navbar .nav>li>a:hover{color:#fff;text-decoration:none;background-color:#3b3b3b}.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{color:#fff;text-decoration:none;background-color:transparent;-webkit-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);-moz-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);box-shadow:inset 0 3px 8px rgba(0,0,0,0.125)}.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-right:5px;margin-left:5px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#000;*background-color:#000;background-image:-moz-linear-gradient(top,#000,#000);background-image:-webkit-gradient(linear,0 0,0 100%,from(#000),to(#000));background-image:-webkit-linear-gradient(top,#000,#000);background-image:-o-linear-gradient(top,#000,#000);background-image:linear-gradient(to bottom,#000,#000);background-repeat:repeat-x;border-color:#000 #000 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff000000',endColorstr='#ff000000',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075)}.navbar .btn-navbar:hover,.navbar .btn-navbar:focus,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{color:#fff;background-color:#000;*background-color:#000}.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#000 \9}.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,0.25);-moz-box-shadow:0 1px 0 rgba(0,0,0,0.25);box-shadow:0 1px 0 rgba(0,0,0,0.25)}.btn-navbar .icon-bar+.icon-bar{margin-top:3px}.navbar .nav>li>.dropdown-menu:before{position:absolute;top:-7px;left:9px;display:inline-block;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-left:7px solid transparent;border-bottom-color:rgba(0,0,0,0.2);content:''}.navbar .nav>li>.dropdown-menu:after{position:absolute;top:-6px;left:10px;display:inline-block;border-right:6px solid transparent;border-bottom:6px solid #fff;border-left:6px solid transparent;content:''}.navbar-fixed-bottom .nav>li>.dropdown-menu:before{top:auto;bottom:-7px;border-top:7px solid #ccc;border-bottom:0;border-top-color:rgba(0,0,0,0.2)}.navbar-fixed-bottom .nav>li>.dropdown-menu:after{top:auto;bottom:-6px;border-top:6px solid #fff;border-bottom:0}.navbar .nav li.dropdown>a:hover .caret,.navbar .nav li.dropdown>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{color:#fff;background-color:transparent}.navbar .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar .nav li.dropdown.open>.dropdown-toggle .caret,.navbar .nav li.dropdown.active>.dropdown-toggle .caret,.navbar .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar .pull-right>li>.dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar .pull-right>li>.dropdown-menu:before,.navbar .nav>li>.dropdown-menu.pull-right:before{right:12px;left:auto}.navbar .pull-right>li>.dropdown-menu:after,.navbar .nav>li>.dropdown-menu.pull-right:after{right:13px;left:auto}.navbar .pull-right>li>.dropdown-menu .dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right .dropdown-menu{right:100%;left:auto;margin-right:-1px;margin-left:0;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.navbar-inverse .navbar-inner{background-color:#007fff;background-image:-moz-linear-gradient(top,#007fff,#007fff);background-image:-webkit-gradient(linear,0 0,0 100%,from(#007fff),to(#007fff));background-image:-webkit-linear-gradient(top,#007fff,#007fff);background-image:-o-linear-gradient(top,#007fff,#007fff);background-image:linear-gradient(to bottom,#007fff,#007fff);background-repeat:repeat-x;border-color:transparent;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff007fff',endColorstr='#ff007fff',GradientType=0)}.navbar-inverse .brand,.navbar-inverse .nav>li>a{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-inverse .brand:hover,.navbar-inverse .nav>li>a:hover,.navbar-inverse .brand:focus,.navbar-inverse .nav>li>a:focus{color:#fff}.navbar-inverse .brand{color:#fff}.navbar-inverse .navbar-text{color:#fff}.navbar-inverse .nav>li>a:focus,.navbar-inverse .nav>li>a:hover{color:#fff;background-color:rgba(0,0,0,0.05)}.navbar-inverse .nav .active>a,.navbar-inverse .nav .active>a:hover,.navbar-inverse .nav .active>a:focus{color:#fff;background-color:#007fff}.navbar-inverse .navbar-link{color:#fff}.navbar-inverse .navbar-link:hover,.navbar-inverse .navbar-link:focus{color:#fff}.navbar-inverse .divider-vertical{border-right-color:#007fff;border-left-color:#007fff}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle{color:#fff;background-color:#007fff}.navbar-inverse .nav li.dropdown>a:hover .caret,.navbar-inverse .nav li.dropdown>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-search .search-query{color:#fff;background-color:#80bfff;border-color:#007fff;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-webkit-transition:none;-moz-transition:none;-o-transition:none;transition:none}.navbar-inverse .navbar-search .search-query:-moz-placeholder{color:#999}.navbar-inverse .navbar-search .search-query:-ms-input-placeholder{color:#999}.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder{color:#999}.navbar-inverse .navbar-search .search-query:focus,.navbar-inverse .navbar-search .search-query.focused{padding:5px 15px;color:#999;text-shadow:0 1px 0 #fff;background-color:#fff;border:0;outline:0;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.15);-moz-box-shadow:0 0 3px rgba(0,0,0,0.15);box-shadow:0 0 3px rgba(0,0,0,0.15)}.navbar-inverse .btn-navbar{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0072e6;*background-color:#0072e6;background-image:-moz-linear-gradient(top,#0072e6,#0072e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#0072e6),to(#0072e6));background-image:-webkit-linear-gradient(top,#0072e6,#0072e6);background-image:-o-linear-gradient(top,#0072e6,#0072e6);background-image:linear-gradient(to bottom,#0072e6,#0072e6);background-repeat:repeat-x;border-color:#0072e6 #0072e6 #004c99;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0072e6',endColorstr='#ff0072e6',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.navbar-inverse .btn-navbar:hover,.navbar-inverse .btn-navbar:focus,.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active,.navbar-inverse .btn-navbar.disabled,.navbar-inverse .btn-navbar[disabled]{color:#fff;background-color:#0072e6;*background-color:#06c}.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active{background-color:#0059b3 \9}.breadcrumb{padding:8px 15px;margin:0 0 22px;list-style:none;background-color:#f5f5f5;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.breadcrumb>li{display:inline-block;*display:inline;text-shadow:0 1px 0 #fff;*zoom:1}.breadcrumb>li>.divider{padding:0 5px;color:#ccc}.breadcrumb>.active{color:#dfdfdf}.pagination{margin:22px 0}.pagination ul{display:inline-block;*display:inline;margin-bottom:0;margin-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;*zoom:1;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.pagination ul>li{display:inline}.pagination ul>li>a,.pagination ul>li>span{float:left;padding:4px 12px;line-height:22px;text-decoration:none;background-color:#dfdfdf;border:1px solid transparent;border-left-width:0}.pagination ul>li>a:hover,.pagination ul>li>a:focus,.pagination ul>.active>a,.pagination ul>.active>span{background-color:#007fff}.pagination ul>.active>a,.pagination ul>.active>span{color:#dfdfdf;cursor:default}.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover,.pagination ul>.disabled>a:focus{color:#dfdfdf;cursor:default;background-color:transparent}.pagination ul>li:first-child>a,.pagination ul>li:first-child>span{border-left-width:1px;-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-webkit-border-top-left-radius:0;border-top-left-radius:0;-moz-border-radius-bottomleft:0;-moz-border-radius-topleft:0}.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{-webkit-border-top-right-radius:0;border-top-right-radius:0;-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-topright:0;-moz-border-radius-bottomright:0}.pagination-centered{text-align:center}.pagination-right{text-align:right}.pagination-large ul>li>a,.pagination-large ul>li>span{padding:22px 30px;font-size:20px}.pagination-large ul>li:first-child>a,.pagination-large ul>li:first-child>span{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-webkit-border-top-left-radius:0;border-top-left-radius:0;-moz-border-radius-bottomleft:0;-moz-border-radius-topleft:0}.pagination-large ul>li:last-child>a,.pagination-large ul>li:last-child>span{-webkit-border-top-right-radius:0;border-top-right-radius:0;-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-topright:0;-moz-border-radius-bottomright:0}.pagination-mini ul>li:first-child>a,.pagination-small ul>li:first-child>a,.pagination-mini ul>li:first-child>span,.pagination-small ul>li:first-child>span{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-webkit-border-top-left-radius:0;border-top-left-radius:0;-moz-border-radius-bottomleft:0;-moz-border-radius-topleft:0}.pagination-mini ul>li:last-child>a,.pagination-small ul>li:last-child>a,.pagination-mini ul>li:last-child>span,.pagination-small ul>li:last-child>span{-webkit-border-top-right-radius:0;border-top-right-radius:0;-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-topright:0;-moz-border-radius-bottomright:0}.pagination-small ul>li>a,.pagination-small ul>li>span{padding:2px 10px;font-size:13.6px}.pagination-mini ul>li>a,.pagination-mini ul>li>span{padding:2px 6px;font-size:12px}.pager{margin:22px 0;text-align:center;list-style:none;*zoom:1}.pager:before,.pager:after{display:table;line-height:0;content:""}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#f5f5f5}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#dfdfdf;cursor:default;background-color:#fff}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop,.modal-backdrop.fade.in{opacity:.8;filter:alpha(opacity=80)}.modal{position:fixed;top:10%;left:50%;z-index:1050;width:560px;margin-left:-280px;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;outline:0;-webkit-box-shadow:0 3px 7px rgba(0,0,0,0.3);-moz-box-shadow:0 3px 7px rgba(0,0,0,0.3);box-shadow:0 3px 7px rgba(0,0,0,0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.modal.fade{top:-25%;-webkit-transition:opacity .3s linear,top .3s ease-out;-moz-transition:opacity .3s linear,top .3s ease-out;-o-transition:opacity .3s linear,top .3s ease-out;transition:opacity .3s linear,top .3s ease-out}.modal.fade.in{top:10%}.modal-header{padding:9px 15px;border-bottom:1px solid #eee}.modal-header .close{margin-top:2px}.modal-header h3{margin:0;line-height:30px}.modal-body{position:relative;max-height:400px;padding:15px;overflow-y:auto}.modal-form{margin-bottom:0}.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;*zoom:1;-webkit-box-shadow:inset 0 1px 0 #fff;-moz-box-shadow:inset 0 1px 0 #fff;box-shadow:inset 0 1px 0 #fff}.modal-footer:before,.modal-footer:after{display:table;line-height:0;content:""}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.tooltip{position:absolute;z-index:1030;display:block;font-size:11px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.8;filter:alpha(opacity=80)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#ff7518;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#ff7518;border-bottom:1px solid #fe6600;-webkit-border-radius:5px 5px 0 0;-moz-border-radius:5px 5px 0 0;border-radius:5px 5px 0 0}.popover-title:empty{display:none}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:16px}.popover .arrow:after{border-width:15px;content:""}.popover.top .arrow{bottom:-16px;left:50%;margin-left:-16px;border-top-color:#999;border-top-color:transparent;border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-15px;border-top-color:#ff7518;border-bottom-width:0}.popover.right .arrow{top:50%;left:-16px;margin-top:-16px;border-right-color:#999;border-right-color:transparent;border-left-width:0}.popover.right .arrow:after{bottom:-15px;left:1px;border-right-color:#ff7518;border-left-width:0}.popover.bottom .arrow{top:-16px;left:50%;margin-left:-16px;border-bottom-color:#999;border-bottom-color:transparent;border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-15px;border-bottom-color:#ff7518;border-top-width:0}.popover.left .arrow{top:50%;right:-16px;margin-top:-16px;border-left-color:#999;border-left-color:transparent;border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-15px;border-left-color:#ff7518;border-right-width:0}.thumbnails{margin-left:-20px;list-style:none;*zoom:1}.thumbnails:before,.thumbnails:after{display:table;line-height:0;content:""}.thumbnails:after{clear:both}.row-fluid .thumbnails{margin-left:0}.thumbnails>li{float:left;margin-bottom:22px;margin-left:20px}.thumbnail{display:block;padding:4px;line-height:22px;border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.055);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.055);box-shadow:0 1px 3px rgba(0,0,0,0.055);-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}a.thumbnail:hover,a.thumbnail:focus{border-color:#007fff;-webkit-box-shadow:0 1px 4px rgba(0,105,214,0.25);-moz-box-shadow:0 1px 4px rgba(0,105,214,0.25);box-shadow:0 1px 4px rgba(0,105,214,0.25)}.thumbnail>img{display:block;max-width:100%;margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#bbb}.media,.media-body{overflow:hidden;*overflow:visible;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{margin-left:0;list-style:none}.label,.badge{display:inline-block;padding:2px 4px;font-size:13.536px;font-weight:bold;line-height:14px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);white-space:nowrap;vertical-align:baseline;background-color:#dfdfdf}.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.badge{padding-right:9px;padding-left:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px}.label:empty,.badge:empty{display:none}a.label:hover,a.label:focus,a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.label-important,.badge-important{background-color:#fff}.label-important[href],.badge-important[href]{background-color:#e6e6e6}.label-warning,.badge-warning{background-color:#ff7518}.label-warning[href],.badge-warning[href]{background-color:#e45c00}.label-success,.badge-success{background-color:#fff}.label-success[href],.badge-success[href]{background-color:#e6e6e6}.label-info,.badge-info{background-color:#fff}.label-info[href],.badge-info[href]{background-color:#e6e6e6}.label-inverse,.badge-inverse{background-color:#999}.label-inverse[href],.badge-inverse[href]{background-color:#808080}.btn .label,.btn .badge{position:relative;top:-1px}.btn-mini .label,.btn-mini .badge{top:0}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:22px;margin-bottom:22px;overflow:hidden;background-color:#f7f7f7;background-image:-moz-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f5f5f5),to(#f9f9f9));background-image:-webkit-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-o-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:linear-gradient(to bottom,#f5f5f5,#f9f9f9);background-repeat:repeat-x;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5',endColorstr='#fff9f9f9',GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress .bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top,#149bdf,#0480be);background-image:-webkit-gradient(linear,0 0,0 100%,from(#149bdf),to(#0480be));background-image:-webkit-linear-gradient(top,#149bdf,#0480be);background-image:-o-linear-gradient(top,#149bdf,#0480be);background-image:linear-gradient(to bottom,#149bdf,#0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf',endColorstr='#ff0480be',GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width .6s ease;-moz-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress .bar+.bar{-webkit-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15)}.progress-striped .bar{background-color:#149bdf;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px}.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-danger .bar,.progress .bar-danger{background-color:#dd514c;background-image:-moz-linear-gradient(top,#ee5f5b,#c43c35);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#c43c35));background-image:-webkit-linear-gradient(top,#ee5f5b,#c43c35);background-image:-o-linear-gradient(top,#ee5f5b,#c43c35);background-image:linear-gradient(to bottom,#ee5f5b,#c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffc43c35',GradientType=0)}.progress-danger.progress-striped .bar,.progress-striped .bar-danger{background-color:#ee5f5b;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-success .bar,.progress .bar-success{background-color:#5eb95e;background-image:-moz-linear-gradient(top,#62c462,#57a957);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#57a957));background-image:-webkit-linear-gradient(top,#62c462,#57a957);background-image:-o-linear-gradient(top,#62c462,#57a957);background-image:linear-gradient(to bottom,#62c462,#57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff57a957',GradientType=0)}.progress-success.progress-striped .bar,.progress-striped .bar-success{background-color:#62c462;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-info .bar,.progress .bar-info{background-color:#4bb1cf;background-image:-moz-linear-gradient(top,#5bc0de,#339bb9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#339bb9));background-image:-webkit-linear-gradient(top,#5bc0de,#339bb9);background-image:-o-linear-gradient(top,#5bc0de,#339bb9);background-image:linear-gradient(to bottom,#5bc0de,#339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff339bb9',GradientType=0)}.progress-info.progress-striped .bar,.progress-striped .bar-info{background-color:#5bc0de;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-warning .bar,.progress .bar-warning{background-color:#ff9046;background-image:-moz-linear-gradient(top,#ffa365,#ff7518);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ffa365),to(#ff7518));background-image:-webkit-linear-gradient(top,#ffa365,#ff7518);background-image:-o-linear-gradient(top,#ffa365,#ff7518);background-image:linear-gradient(to bottom,#ffa365,#ff7518);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffa365',endColorstr='#ffff7518',GradientType=0)}.progress-warning.progress-striped .bar,.progress-striped .bar-warning{background-color:#ffa365;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.accordion{margin-bottom:22px}.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.accordion-heading{border-bottom:0}.accordion-heading .accordion-toggle{display:block;padding:8px 15px}.accordion-toggle{cursor:pointer}.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5}.carousel{position:relative;margin-bottom:22px;line-height:1}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-moz-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#fff;text-align:center;background:#080808;border:3px solid #fff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:.5;filter:alpha(opacity=50)}.carousel-control.right{right:15px;left:auto}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-indicators{position:absolute;top:15px;right:15px;z-index:5;margin:0;list-style:none}.carousel-indicators li{display:block;float:left;width:10px;height:10px;margin-left:5px;text-indent:-999px;background-color:#ccc;background-color:rgba(255,255,255,0.25);border-radius:5px}.carousel-indicators .active{background-color:#fff}.carousel-caption{position:absolute;right:0;bottom:0;left:0;padding:15px;background:#999;background:rgba(0,0,0,0.75)}.carousel-caption h4,.carousel-caption p{line-height:22px;color:#fff}.carousel-caption h4{margin:0 0 5px}.carousel-caption p{margin-bottom:0}.hero-unit{padding:60px;margin-bottom:30px;font-size:18px;font-weight:200;line-height:33px;color:inherit;background-color:#eee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;letter-spacing:-1px;color:inherit}.hero-unit li{line-height:33px}body{overflow-y:scroll;font-weight:300}h1{font-size:50px}h2,h3{font-size:26px}h4{font-size:14px}h5,h6{font-size:11px}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{color:#999}blockquote{padding:10px 15px;background-color:#eee;border-left-color:#bbb}blockquote.pull-right{padding:10px 15px;border-right-color:#bbb}blockquote small{color:#999}.muted{color:#bbb}.text-warning{color:#ff7518}a.text-warning:hover{color:#e45c00}.text-error{color:#ff0039}a.text-error:hover{color:#cc002e}.text-info{color:#9954bb}a.text-info:hover{color:#7e3f9d}.text-success{color:#3fb618}a.text-success:hover{color:#2f8912}.navbar .navbar-inner{background-image:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.navbar .brand:hover{color:#fff}.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{background-color:#3b3b3b;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{color:#fff}.navbar .nav li.dropdown.open>.dropdown-toggle:hover,.navbar .nav li.dropdown.active>.dropdown-toggle:hover,.navbar .nav li.dropdown.open.active>.dropdown-toggle:hover{color:#eee}.navbar .navbar-search .search-query{line-height:normal}.navbar-inverse .brand,.navbar-inverse .nav>li>a{text-shadow:none}.navbar-inverse .brand:hover,.navbar-inverse .nav>.active>a,.navbar-inverse .nav>.active>a:hover,.navbar-inverse .nav>.active>a:focus{color:#fff;background-color:rgba(0,0,0,0.05);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.navbar-inverse .navbar-search .search-query{color:#080808}div.subnav{margin:0 1px;background:#dfdfdf none;border:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}div.subnav .nav{background-color:transparent}div.subnav .nav>li>a{border-color:transparent}div.subnav .nav>.active>a,div.subnav .nav>.active>a:hover{color:#fff;background-color:#000;border-color:transparent;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}div.subnav-fixed{top:51px;margin:0}.nav .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover{color:#007fff}.nav-tabs>li>a{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-tabs.nav-stacked>li>a:hover{color:#fff;background-color:#007fff}.nav-tabs.nav-stacked>.active>a,.nav-tabs.nav-stacked>.active>a:hover{color:#bbb;background-color:#fff}.nav-tabs.nav-stacked>li:first-child>a,.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.tabs-below>.nav-tabs>li>a,.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-pills>li>a{color:#000;background-color:#dfdfdf;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-pills>li>a:hover{color:#fff;background-color:#000}.nav-pills>.disabled>a,.nav-pills>.disabled>a:hover{color:#999;background-color:#eee}.nav-list>li>a{color:#080808}.nav-list>li>a:hover{color:#fff;text-shadow:none;background-color:#007fff}.nav-list .nav-header{font-size:16px;color:#000}.nav-list .divider{background-color:#bbb;border-bottom:0}.pagination ul{-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.pagination ul>li>a,.pagination ul>li>span{margin-right:6px;color:#080808}.pagination ul>li>a:hover,.pagination ul>li>span:hover{color:#fff;background-color:#080808}.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{margin-right:0}.pagination ul>.active>a,.pagination ul>.active>span{color:#fff}.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover{color:#999;background-color:#eee}.pager li>a,.pager li>span{color:#080808;background-color:#dfdfdf;border:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.pager li>a:hover,.pager li>span:hover{color:#fff;background-color:#080808}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>span{color:#999;background-color:#eee}.breadcrumb{background-color:#dfdfdf}.breadcrumb li{text-shadow:none}.breadcrumb .divider,.breadcrumb .active{color:#080808;text-shadow:none}.btn{padding:5px 12px;color:#080808;text-shadow:none;background-image:none;border:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn.disabled{box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn:hover,.btn:focus{color:#000}.btn-large{padding:22px 30px}.btn-small{padding:2px 10px}.btn-mini{padding:2px 6px}.btn-group>.btn:first-child,.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group>.btn+.dropdown-toggle{-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.table tbody tr.success td{color:#fff}.table tbody tr.error td{color:#fff}.table tbody tr.info td{color:#fff}.table-bordered{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.table-bordered thead:first-child tr:first-child th:first-child,.table-bordered tbody:first-child tr:first-child td:first-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.table-bordered thead:last-child tr:last-child th:first-child,.table-bordered tbody:last-child tr:last-child td:first-child,.table-bordered tfoot:last-child tr:last-child td:first-child{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"]{color:#080808}.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#ff7518}.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#080808;border-color:#ff7518}.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#ff0039}.control-group.error input,.control-group.error select,.control-group.error textarea{color:#080808;border-color:#ff0039}.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#3fb618}.control-group.success input,.control-group.success select,.control-group.success textarea{color:#080808;border-color:#3fb618}legend{color:#080808;border-bottom:0}.form-actions{background-color:#eee;border-top:0}.dropdown-menu{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.alert{text-shadow:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.alert-heading,.alert h1,.alert h2,.alert h3,.alert h4,.alert h5,.alert h6{color:#fff}.label{min-width:80px;min-height:80px;font-weight:300;text-shadow:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.label-success{background-color:#3fb618}.label-important{background-color:#ff0039}.label-info{background-color:#9954bb}.label-inverse{background-color:#000}.badge{font-weight:300;text-shadow:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.badge-success{background-color:#3fb618}.badge-important{background-color:#ff0039}.badge-info{background-color:#9954bb}.badge-inverse{background-color:#000}.hero-unit{border:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.well{border:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}[class^="icon-"],[class*=" icon-"]{margin:0 2px;vertical-align:-2px}a.thumbnail{background-color:#dfdfdf}a.thumbnail:hover{background-color:#bbb;border-color:transparent}.progress{height:6px;background-color:#eee;background-image:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.progress .bar{background-color:#007fff;background-image:none}.progress-info{background-color:#9954bb}.progress-success{background-color:#3fb618}.progress-warning{background-color:#ff7518}.progress-danger{background-color:#ff0039}.modal{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.modal-header{border-bottom:0}.modal-footer{background-color:transparent;border-top:0}.popover{color:#fff;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.popover-title{color:#fff;border-bottom:0}.pull-right{float:right}.pull-left{float:left}.hide{display:none}.show{display:block}.invisible{visibility:hidden}.affix{position:fixed}pre{margin-top:10px;color:#333}pre.terminal{font-size:1em;color:#c0c0c0;background:#000}.tlist li{padding-top:.3em;paddint-bottom:.3em}
diff --git a/pathod/libpathod/static/bootstrap.min.js b/pathod/libpathod/static/bootstrap.min.js
new file mode 100644
index 00000000..14356981
--- /dev/null
+++ b/pathod/libpathod/static/bootstrap.min.js
@@ -0,0 +1,6 @@
+/*!
+* Bootstrap.js by @fat & @mdo
+* Copyright 2012 Twitter, Inc.
+* http://www.apache.org/licenses/LICENSE-2.0.txt
+*/
+!function(a){a(function(){"use strict",a.support.transition=function(){var a=function(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd",msTransition:"MSTransitionEnd",transition:"transitionend"},c;for(c in b)if(a.style[c]!==undefined)return b[c]}();return a&&{end:a}}()})}(window.jQuery),!function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function f(){e.trigger("closed").remove()}var c=a(this),d=c.attr("data-target"),e;d||(d=c.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),e=a(d),b&&b.preventDefault(),e.length||(e=c.hasClass("alert")?c:c.parent()),e.trigger(b=a.Event("close"));if(b.isDefaultPrevented())return;e.removeClass("in"),a.support.transition&&e.hasClass("fade")?e.on(a.support.transition.end,f):f()},a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("alert");e||d.data("alert",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.alert.Constructor=c,a(function(){a("body").on("click.alert.data-api",b,c.prototype.close)})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.button.defaults,c)};b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.data(),e=c.is("input")?"val":"html";a+="Text",d.resetText||c.data("resetText",c[e]()),c[e](d[a]||this.options[a]),setTimeout(function(){a=="loadingText"?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.parent('[data-toggle="buttons-radio"]');a&&a.find(".active").removeClass("active"),this.$element.toggleClass("active")},a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("button"),f=typeof c=="object"&&c;e||d.data("button",e=new b(this,f)),c=="toggle"?e.toggle():c&&e.setState(c)})},a.fn.button.defaults={loadingText:"loading..."},a.fn.button.Constructor=b,a(function(){a("body").on("click.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle")})})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=c,this.options.slide&&this.slide(this.options.slide),this.options.pause=="hover"&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.prototype={cycle:function(b){return b||(this.paused=!1),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},to:function(b){var c=this.$element.find(".active"),d=c.parent().children(),e=d.index(c),f=this;if(b>d.length-1||b<0)return;return this.sliding?this.$element.one("slid",function(){f.to(b)}):e==b?this.pause().cycle():this.slide(b>e?"next":"prev",a(d[b]))},pause:function(a){return a||(this.paused=!0),clearInterval(this.interval),this.interval=null,this},next:function(){if(this.sliding)return;return this.slide("next")},prev:function(){if(this.sliding)return;return this.slide("prev")},slide:function(b,c){var d=this.$element.find(".active"),e=c||d[b](),f=this.interval,g=b=="next"?"left":"right",h=b=="next"?"first":"last",i=this,j=a.Event("slide");this.sliding=!0,f&&this.pause(),e=e.length?e:this.$element.find(".item")[h]();if(e.hasClass("active"))return;if(a.support.transition&&this.$element.hasClass("slide")){this.$element.trigger(j);if(j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),this.$element.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)})}else{this.$element.trigger(j);if(j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}},a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("carousel"),f=a.extend({},a.fn.carousel.defaults,typeof c=="object"&&c);e||d.data("carousel",e=new b(this,f)),typeof c=="number"?e.to(c):typeof c=="string"||(c=f.slide)?e[c]():f.interval&&e.cycle()})},a.fn.carousel.defaults={interval:5e3,pause:"hover"},a.fn.carousel.Constructor=b,a(function(){a("body").on("click.carousel.data-api","[data-slide]",function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=!e.data("modal")&&a.extend({},e.data(),c.data());e.carousel(f),b.preventDefault()})})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.collapse.defaults,c),this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.prototype={constructor:b,dimension:function(){var a=this.$element.hasClass("width");return a?"width":"height"},show:function(){var b,c,d,e;if(this.transitioning)return;b=this.dimension(),c=a.camelCase(["scroll",b].join("-")),d=this.$parent&&this.$parent.find("> .accordion-group > .in");if(d&&d.length){e=d.data("collapse");if(e&&e.transitioning)return;d.collapse("hide"),e||d.data("collapse",null)}this.$element[b](0),this.transition("addClass",a.Event("show"),"shown"),this.$element[b](this.$element[0][c])},hide:function(){var b;if(this.transitioning)return;b=this.dimension(),this.reset(this.$element[b]()),this.transition("removeClass",a.Event("hide"),"hidden"),this.$element[b](0)},reset:function(a){var b=this.dimension();return this.$element.removeClass("collapse")[b](a||"auto")[0].offsetWidth,this.$element[a!==null?"addClass":"removeClass"]("collapse"),this},transition:function(b,c,d){var e=this,f=function(){c.type=="show"&&e.reset(),e.transitioning=0,e.$element.trigger(d)};this.$element.trigger(c);if(c.isDefaultPrevented())return;this.transitioning=1,this.$element[b]("in"),a.support.transition&&this.$element.hasClass("collapse")?this.$element.one(a.support.transition.end,f):f()},toggle:function(){this[this.$element.hasClass("in")?"hide":"show"]()}},a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("collapse"),f=typeof c=="object"&&c;e||d.data("collapse",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.collapse.defaults={toggle:!0},a.fn.collapse.Constructor=b,a(function(){a("body").on("click.collapse.data-api","[data-toggle=collapse]",function(b){var c=a(this),d,e=c.attr("data-target")||b.preventDefault()||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""),f=a(e).data("collapse")?"toggle":c.data();a(e).collapse(f)})})}(window.jQuery),!function(a){function d(){a(b).parent().removeClass("open")}"use strict";var b='[data-toggle="dropdown"]',c=function(b){var c=a(b).on("click.dropdown.data-api",this.toggle);a("html").on("click.dropdown.data-api",function(){c.parent().removeClass("open")})};c.prototype={constructor:c,toggle:function(b){var c=a(this),e,f,g;if(c.is(".disabled, :disabled"))return;return f=c.attr("data-target"),f||(f=c.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,"")),e=a(f),e.length||(e=c.parent()),g=e.hasClass("open"),d(),g||e.toggleClass("open"),!1}},a.fn.dropdown=function(b){return this.each(function(){var d=a(this),e=d.data("dropdown");e||d.data("dropdown",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.dropdown.Constructor=c,a(function(){a("html").on("click.dropdown.data-api",d),a("body").on("click.dropdown",".dropdown form",function(a){a.stopPropagation()}).on("click.dropdown.data-api",b,c.prototype.toggle)})}(window.jQuery),!function(a){function c(){var b=this,c=setTimeout(function(){b.$element.off(a.support.transition.end),d.call(b)},500);this.$element.one(a.support.transition.end,function(){clearTimeout(c),d.call(b)})}function d(a){this.$element.hide().trigger("hidden"),e.call(this)}function e(b){var c=this,d=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var e=a.support.transition&&d;this.$backdrop=a('<div class="modal-backdrop '+d+'" />').appendTo(document.body),this.options.backdrop!="static"&&this.$backdrop.click(a.proxy(this.hide,this)),e&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),e?this.$backdrop.one(a.support.transition.end,b):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,a.proxy(f,this)):f.call(this)):b&&b()}function f(){this.$backdrop.remove(),this.$backdrop=null}function g(){var b=this;this.isShown&&this.options.keyboard?a(document).on("keyup.dismiss.modal",function(a){a.which==27&&b.hide()}):this.isShown||a(document).off("keyup.dismiss.modal")}"use strict";var b=function(b,c){this.options=c,this.$element=a(b).delegate('[data-dismiss="modal"]',"click.dismiss.modal",a.proxy(this.hide,this))};b.prototype={constructor:b,toggle:function(){return this[this.isShown?"hide":"show"]()},show:function(){var b=this,c=a.Event("show");this.$element.trigger(c);if(this.isShown||c.isDefaultPrevented())return;a("body").addClass("modal-open"),this.isShown=!0,g.call(this),e.call(this,function(){var c=a.support.transition&&b.$element.hasClass("fade");b.$element.parent().length||b.$element.appendTo(document.body),b.$element.show(),c&&b.$element[0].offsetWidth,b.$element.addClass("in"),c?b.$element.one(a.support.transition.end,function(){b.$element.trigger("shown")}):b.$element.trigger("shown")})},hide:function(b){b&&b.preventDefault();var e=this;b=a.Event("hide"),this.$element.trigger(b);if(!this.isShown||b.isDefaultPrevented())return;this.isShown=!1,a("body").removeClass("modal-open"),g.call(this),this.$element.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?c.call(this):d.call(this)}},a.fn.modal=function(c){return this.each(function(){var d=a(this),e=d.data("modal"),f=a.extend({},a.fn.modal.defaults,d.data(),typeof c=="object"&&c);e||d.data("modal",e=new b(this,f)),typeof c=="string"?e[c]():f.show&&e.show()})},a.fn.modal.defaults={backdrop:!0,keyboard:!0,show:!0},a.fn.modal.Constructor=b,a(function(){a("body").on("click.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({},e.data(),c.data());b.preventDefault(),e.modal(f)})})}(window.jQuery),!function(a){"use strict";var b=function(a,b){this.init("tooltip",a,b)};b.prototype={constructor:b,init:function(b,c,d){var e,f;this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.enabled=!0,this.options.trigger!="manual"&&(e=this.options.trigger=="hover"?"mouseenter":"focus",f=this.options.trigger=="hover"?"mouseleave":"blur",this.$element.on(e,this.options.selector,a.proxy(this.enter,this)),this.$element.on(f,this.options.selector,a.proxy(this.leave,this))),this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},getOptions:function(b){return b=a.extend({},a.fn[this.type].defaults,b,this.$element.data()),b.delay&&typeof b.delay=="number"&&(b.delay={show:b.delay,hide:b.delay}),b},enter:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);if(!c.options.delay||!c.options.delay.show)return c.show();clearTimeout(this.timeout),c.hoverState="in",this.timeout=setTimeout(function(){c.hoverState=="in"&&c.show()},c.options.delay.show)},leave:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);this.timeout&&clearTimeout(this.timeout);if(!c.options.delay||!c.options.delay.hide)return c.hide();c.hoverState="out",this.timeout=setTimeout(function(){c.hoverState=="out"&&c.hide()},c.options.delay.hide)},show:function(){var a,b,c,d,e,f,g;if(this.hasContent()&&this.enabled){a=this.tip(),this.setContent(),this.options.animation&&a.addClass("fade"),f=typeof this.options.placement=="function"?this.options.placement.call(this,a[0],this.$element[0]):this.options.placement,b=/in/.test(f),a.remove().css({top:0,left:0,display:"block"}).appendTo(b?this.$element:document.body),c=this.getPosition(b),d=a[0].offsetWidth,e=a[0].offsetHeight;switch(b?f.split(" ")[1]:f){case"bottom":g={top:c.top+c.height,left:c.left+c.width/2-d/2};break;case"top":g={top:c.top-e,left:c.left+c.width/2-d/2};break;case"left":g={top:c.top+c.height/2-e/2,left:c.left-d};break;case"right":g={top:c.top+c.height/2-e/2,left:c.left+c.width}}a.css(g).addClass(f).addClass("in")}},isHTML:function(a){return typeof a!="string"||a.charAt(0)==="<"&&a.charAt(a.length-1)===">"&&a.length>=3||/^(?:[^<]*<[\w\W]+>[^>]*$)/.exec(a)},setContent:function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.isHTML(b)?"html":"text"](b),a.removeClass("fade in top bottom left right")},hide:function(){function d(){var b=setTimeout(function(){c.off(a.support.transition.end).remove()},500);c.one(a.support.transition.end,function(){clearTimeout(b),c.remove()})}var b=this,c=this.tip();c.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d():c.remove()},fixTitle:function(){var a=this.$element;(a.attr("title")||typeof a.attr("data-original-title")!="string")&&a.attr("data-original-title",a.attr("title")||"").removeAttr("title")},hasContent:function(){return this.getTitle()},getPosition:function(b){return a.extend({},b?{top:0,left:0}:this.$element.offset(),{width:this.$element[0].offsetWidth,height:this.$element[0].offsetHeight})},getTitle:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||(typeof c.title=="function"?c.title.call(b[0]):c.title),a},tip:function(){return this.$tip=this.$tip||a(this.options.template)},validate:function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},enable:function(){this.enabled=!0},disable:function(){this.enabled=!1},toggleEnabled:function(){this.enabled=!this.enabled},toggle:function(){this[this.tip().hasClass("in")?"hide":"show"]()}},a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("tooltip"),f=typeof c=="object"&&c;e||d.data("tooltip",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.defaults={animation:!0,placement:"top",selector:!1,template:'<div class="tooltip"><div class="tooltip-arrow"></div><div class="tooltip-inner"></div></div>',trigger:"hover",title:"",delay:0}}(window.jQuery),!function(a){"use strict";var b=function(a,b){this.init("popover",a,b)};b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype,{constructor:b,setContent:function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.isHTML(b)?"html":"text"](b),a.find(".popover-content > *")[this.isHTML(c)?"html":"text"](c),a.removeClass("fade top bottom left right in")},hasContent:function(){return this.getTitle()||this.getContent()},getContent:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-content")||(typeof c.content=="function"?c.content.call(b[0]):c.content),a},tip:function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip}}),a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("popover"),f=typeof c=="object"&&c;e||d.data("popover",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.defaults=a.extend({},a.fn.tooltip.defaults,{placement:"right",content:"",template:'<div class="popover"><div class="arrow"></div><div class="popover-inner"><h3 class="popover-title"></h3><div class="popover-content"><p></p></div></div></div>'})}(window.jQuery),!function(a){function b(b,c){var d=a.proxy(this.process,this),e=a(b).is("body")?a(window):a(b),f;this.options=a.extend({},a.fn.scrollspy.defaults,c),this.$scrollElement=e.on("scroll.scroll.data-api",d),this.selector=(this.options.target||(f=a(b).attr("href"))&&f.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.$body=a("body"),this.refresh(),this.process()}"use strict",b.prototype={constructor:b,refresh:function(){var b=this,c;this.offsets=a([]),this.targets=a([]),c=this.$body.find(this.selector).map(function(){var b=a(this),c=b.data("target")||b.attr("href"),d=/^#\w/.test(c)&&a(c);return d&&c.length&&[[d.position().top,c]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},process:function(){var a=this.$scrollElement.scrollTop()+this.options.offset,b=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,c=b-this.$scrollElement.height(),d=this.offsets,e=this.targets,f=this.activeTarget,g;if(a>=c)return f!=(g=e.last()[0])&&this.activate(g);for(g=d.length;g--;)f!=e[g]&&a>=d[g]&&(!d[g+1]||a<=d[g+1])&&this.activate(e[g])},activate:function(b){var c,d;this.activeTarget=b,a(this.selector).parent(".active").removeClass("active"),d=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',c=a(d).parent("li").addClass("active"),c.parent(".dropdown-menu")&&(c=c.closest("li.dropdown").addClass("active")),c.trigger("activate")}},a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("scrollspy"),f=typeof c=="object"&&c;e||d.data("scrollspy",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.defaults={offset:10},a(function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),!function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype={constructor:b,show:function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target"),e,f,g;d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,""));if(b.parent("li").hasClass("active"))return;e=c.find(".active a").last()[0],g=a.Event("show",{relatedTarget:e}),b.trigger(g);if(g.isDefaultPrevented())return;f=a(d),this.activate(b.parent("li"),c),this.activate(f,f.parent(),function(){b.trigger({type:"shown",relatedTarget:e})})},activate:function(b,c,d){function g(){e.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),f?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var e=c.find("> .active"),f=d&&a.support.transition&&e.hasClass("fade");f?e.one(a.support.transition.end,g):g(),e.removeClass("in")}},a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("tab");e||d.data("tab",e=new b(this)),typeof c=="string"&&e[c]()})},a.fn.tab.Constructor=b,a(function(){a("body").on("click.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.typeahead.defaults,c),this.matcher=this.options.matcher||this.matcher,this.sorter=this.options.sorter||this.sorter,this.highlighter=this.options.highlighter||this.highlighter,this.updater=this.options.updater||this.updater,this.$menu=a(this.options.menu).appendTo("body"),this.source=this.options.source,this.shown=!1,this.listen()};b.prototype={constructor:b,select:function(){var a=this.$menu.find(".active").attr("data-value");return this.$element.val(this.updater(a)).change(),this.hide()},updater:function(a){return a},show:function(){var b=a.extend({},this.$element.offset(),{height:this.$element[0].offsetHeight});return this.$menu.css({top:b.top+b.height,left:b.left}),this.$menu.show(),this.shown=!0,this},hide:function(){return this.$menu.hide(),this.shown=!1,this},lookup:function(b){var c=this,d,e;return this.query=this.$element.val(),this.query?(d=a.grep(this.source,function(a){return c.matcher(a)}),d=this.sorter(d),d.length?this.render(d.slice(0,this.options.items)).show():this.shown?this.hide():this):this.shown?this.hide():this},matcher:function(a){return~a.toLowerCase().indexOf(this.query.toLowerCase())},sorter:function(a){var b=[],c=[],d=[],e;while(e=a.shift())e.toLowerCase().indexOf(this.query.toLowerCase())?~e.indexOf(this.query)?c.push(e):d.push(e):b.push(e);return b.concat(c,d)},highlighter:function(a){var b=this.query.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&");return a.replace(new RegExp("("+b+")","ig"),function(a,b){return"<strong>"+b+"</strong>"})},render:function(b){var c=this;return b=a(b).map(function(b,d){return b=a(c.options.item).attr("data-value",d),b.find("a").html(c.highlighter(d)),b[0]}),b.first().addClass("active"),this.$menu.html(b),this},next:function(b){var c=this.$menu.find(".active").removeClass("active"),d=c.next();d.length||(d=a(this.$menu.find("li")[0])),d.addClass("active")},prev:function(a){var b=this.$menu.find(".active").removeClass("active"),c=b.prev();c.length||(c=this.$menu.find("li").last()),c.addClass("active")},listen:function(){this.$element.on("blur",a.proxy(this.blur,this)).on("keypress",a.proxy(this.keypress,this)).on("keyup",a.proxy(this.keyup,this)),(a.browser.webkit||a.browser.msie)&&this.$element.on("keydown",a.proxy(this.keypress,this)),this.$menu.on("click",a.proxy(this.click,this)).on("mouseenter","li",a.proxy(this.mouseenter,this))},keyup:function(a){switch(a.keyCode){case 40:case 38:break;case 9:case 13:if(!this.shown)return;this.select();break;case 27:if(!this.shown)return;this.hide();break;default:this.lookup()}a.stopPropagation(),a.preventDefault()},keypress:function(a){if(!this.shown)return;switch(a.keyCode){case 9:case 13:case 27:a.preventDefault();break;case 38:if(a.type!="keydown")break;a.preventDefault(),this.prev();break;case 40:if(a.type!="keydown")break;a.preventDefault(),this.next()}a.stopPropagation()},blur:function(a){var b=this;setTimeout(function(){b.hide()},150)},click:function(a){a.stopPropagation(),a.preventDefault(),this.select()},mouseenter:function(b){this.$menu.find(".active").removeClass("active"),a(b.currentTarget).addClass("active")}},a.fn.typeahead=function(c){return this.each(function(){var d=a(this),e=d.data("typeahead"),f=typeof c=="object"&&c;e||d.data("typeahead",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.typeahead.defaults={source:[],items:8,menu:'<ul class="typeahead dropdown-menu"></ul>',item:'<li><a href="#"></a></li>'},a.fn.typeahead.Constructor=b,a(function(){a("body").on("focus.typeahead.data-api",'[data-provide="typeahead"]',function(b){var c=a(this);if(c.data("typeahead"))return;b.preventDefault(),c.typeahead(c.data())})})}(window.jQuery);
\ No newline at end of file
diff --git a/pathod/libpathod/static/jquery-1.7.2.min.js b/pathod/libpathod/static/jquery-1.7.2.min.js
new file mode 100644
index 00000000..16ad06c5
--- /dev/null
+++ b/pathod/libpathod/static/jquery-1.7.2.min.js
@@ -0,0 +1,4 @@
+/*! jQuery v1.7.2 jquery.com | jquery.org/license */
+(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g++){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l+" "+k,n=e[m]||e["* "+k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1]+" "+k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from "+m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.responseFields,h,i,j,k;for(i in g)i in d&&(c[g[i]]=d[i]);while(f[0]==="*")f.shift(),h===b&&(h=a.mimeType||c.getResponseHeader("content-type"));if(h)for(i in e)if(e[i]&&e[i].test(h)){f.unshift(i);break}if(f[0]in d)j=f[0];else{for(i in d){if(!f[0]||a.converters[i+" "+f[0]]){j=i;break}k||(k=i)}j=j||k}if(j){j!==f[0]&&f.unshift(j);return d[j]}}function b_(a,b,c,d){if(f.isArray(b))f.each(b,function(b,e){c||bD.test(a)?d(a,e):b_(a+"["+(typeof e=="object"?b:"")+"]",e,c,d)});else if(!c&&f.type(b)==="object")for(var e in b)b_(a+"["+e+"]",b[e],c,d);else d(a,b)}function b$(a,c){var d,e,g=f.ajaxSettings.flatOptions||{};for(d in c)c[d]!==b&&((g[d]?a:e||(e={}))[d]=c[d]);e&&f.extend(!0,a,e)}function bZ(a,c,d,e,f,g){f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h=a[f],i=0,j=h?h.length:0,k=a===bS,l;for(;i<j&&(k||!l);i++)l=h[i](c,d,e),typeof l=="string"&&(!k||g[l]?l=b:(c.dataTypes.unshift(l),l=bZ(a,c,d,e,l,g)));(k||!l)&&!g["*"]&&(l=bZ(a,c,d,e,"*",g));return l}function bY(a){return function(b,c){typeof b!="string"&&(c=b,b="*");if(f.isFunction(c)){var d=b.toLowerCase().split(bO),e=0,g=d.length,h,i,j;for(;e<g;e++)h=d[e],j=/^\+/.test(h),j&&(h=h.substr(1)||"*"),i=a[h]=a[h]||[],i[j?"unshift":"push"](c)}}}function bB(a,b,c){var d=b==="width"?a.offsetWidth:a.offsetHeight,e=b==="width"?1:0,g=4;if(d>0){if(c!=="border")for(;e<g;e+=2)c||(d-=parseFloat(f.css(a,"padding"+bx[e]))||0),c==="margin"?d+=parseFloat(f.css(a,c+bx[e]))||0:d-=parseFloat(f.css(a,"border"+bx[e]+"Width"))||0;return d+"px"}d=by(a,b);if(d<0||d==null)d=a.style[b];if(bt.test(d))return d;d=parseFloat(d)||0;if(c)for(;e<g;e+=2)d+=parseFloat(f.css(a,"padding"+bx[e]))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+bx[e]+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+bx[e]))||0);return d+"px"}function bo(a){var b=c.createElement("div");bh.appendChild(b),b.innerHTML=a.outerHTML;return b.firstChild}function bn(a){var b=(a.nodeName||"").toLowerCase();b==="input"?bm(a):b!=="script"&&typeof a.getElementsByTagName!="undefined"&&f.grep(a.getElementsByTagName("input"),bm)}function bm(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bl(a){return typeof a.getElementsByTagName!="undefined"?a.getElementsByTagName("*"):typeof a.querySelectorAll!="undefined"?a.querySelectorAll("*"):[]}function bk(a,b){var c;b.nodeType===1&&(b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase(),c==="object"?b.outerHTML=a.outerHTML:c!=="input"||a.type!=="checkbox"&&a.type!=="radio"?c==="option"?b.selected=a.defaultSelected:c==="input"||c==="textarea"?b.defaultValue=a.defaultValue:c==="script"&&b.text!==a.text&&(b.text=a.text):(a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value)),b.removeAttribute(f.expando),b.removeAttribute("_submit_attached"),b.removeAttribute("_change_attached"))}function bj(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c,d,e,g=f._data(a),h=f._data(b,g),i=g.events;if(i){delete h.handle,h.events={};for(c in i)for(d=0,e=i[c].length;d<e;d++)f.event.add(b,c,i[c][d])}h.data&&(h.data=f.extend({},h.data))}}function bi(a,b){return f.nodeName(a,"table")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function U(a){var b=V.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}function T(a,b,c){b=b||0;if(f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=f.grep(a,function(a){return a.nodeType===1});if(O.test(b))return f.filter(b,d,!c);b=f.filter(b,d)}return f.grep(a,function(a,d){return f.inArray(a,b)>=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?+d:j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c<d;c++)b[a[c]]=!0;return b}var c=a.document,d=a.navigator,e=a.location,f=function(){function J(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(J,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.2",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j<k;j++)if((a=arguments[j])!=null)for(c in a){d=i[c],f=a[c];if(i===f)continue;l&&f&&(e.isPlainObject(f)||(g=e.isArray(f)))?(g?(g=!1,h=d&&e.isArray(d)?d:[]):h=d&&e.isPlainObject(d)?d:{},i[c]=e.extend(l,h,f)):f!==b&&(i[c]=f)}return i},e.extend({noConflict:function(b){a.$===e&&(a.$=g),b&&a.jQuery===e&&(a.jQuery=f);return e},isReady:!1,readyWait:1,holdReady:function(a){a?e.readyWait++:e.ready(!0)},ready:function(a){if(a===!0&&!--e.readyWait||a!==!0&&!e.isReady){if(!c.body)return setTimeout(e.ready,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a!=null&&a==a.window},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){if(typeof c!="string"||!c)return null;var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g<h;)if(c.apply(a[g++],d)===!1)break}else if(i){for(f in a)if(c.call(a[f],f,a[f])===!1)break}else for(;g<h;)if(c.call(a[g],g,a[g++])===!1)break;return a},trim:G?function(a){return a==null?"":G.call(a)}:function(a){return a==null?"":(a+"").replace(k,"").replace(l,"")},makeArray:function(a,b){var c=b||[];if(a!=null){var d=e.type(a);a.length==null||d==="string"||d==="function"||d==="regexp"||e.isWindow(a)?E.call(c,a):e.merge(c,a)}return c},inArray:function(a,b,c){var d;if(b){if(H)return H.call(b,a,c);d=b.length,c=c?c<0?Math.max(0,d+c):c:0;for(;c<d;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,c){var d=a.length,e=0;if(typeof c.length=="number")for(var f=c.length;e<f;e++)a[d++]=c[e];else while(c[e]!==b)a[d++]=c[e++];a.length=d;return a},grep:function(a,b,c){var d=[],e;c=!!c;for(var f=0,g=a.length;f<g;f++)e=!!b(a[f],f),c!==e&&d.push(a[f]);return d},map:function(a,c,d){var f,g,h=[],i=0,j=a.length,k=a instanceof e||j!==b&&typeof j=="number"&&(j>0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i<j;i++)f=c(a[i],i,d),f!=null&&(h[h.length]=f);else for(g in a)f=c(a[g],g,d),f!=null&&(h[h.length]=f);return h.concat.apply([],h)},guid:1,proxy:function(a,c){if(typeof c=="string"){var d=a[c];c=a,a=d}if(!e.isFunction(a))return b;var f=F.call(arguments,2),g=function(){return a.apply(c,f.concat(F.call(arguments)))};g.guid=a.guid=a.guid||g.guid||e.guid++;return g},access:function(a,c,d,f,g,h,i){var j,k=d==null,l=0,m=a.length;if(d&&typeof d=="object"){for(l in d)e.access(a,c,l,d[l],1,h,f);g=1}else if(f!==b){j=i===b&&e.isFunction(f),k&&(j?(j=c,c=function(a,b,c){return j.call(e(a),c)}):(c.call(a,f),c=null));if(c)for(;l<m;l++)c(a[l],d,j?f.call(a[l],l,c(a[l],d)):f,i);g=1}return g?a:k?c.call(a):m?c(a[0],d):h},now:function(){return(new Date).getTime()},uaMatch:function(a){a=a.toLowerCase();var b=r.exec(a)||s.exec(a)||t.exec(a)||a.indexOf("compatible")<0&&u.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},sub:function(){function a(b,c){return new a.fn.init(b,c)}e.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function(d,f){f&&f instanceof e&&!(f instanceof a)&&(f=a(f));return e.fn.init.call(this,d,f,b)},a.fn.init.prototype=a.fn;var b=a(c);return a},browser:{}}),e.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(a,b){I["[object "+b+"]"]=b.toLowerCase()}),z=e.uaMatch(y),z.browser&&(e.browser[z.browser]=!0,e.browser.version=z.version),e.browser.webkit&&(e.browser.safari=!0),j.test(" ")&&(k=/^[\s\xA0]+/,l=/[\s\xA0]+$/),h=e(c),c.addEventListener?B=function(){c.removeEventListener("DOMContentLoaded",B,!1),e.ready()}:c.attachEvent&&(B=function(){c.readyState==="complete"&&(c.detachEvent("onreadystatechange",B),e.ready())});return e}(),g={};f.Callbacks=function(a){a=a?g[a]||h(a):{};var c=[],d=[],e,i,j,k,l,m,n=function(b){var d,e,g,h,i;for(d=0,e=b.length;d<e;d++)g=b[d],h=f.type(g),h==="array"?n(g):h==="function"&&(!a.unique||!p.has(g))&&c.push(g)},o=function(b,f){f=f||[],e=!a.memory||[b,f],i=!0,j=!0,m=k||0,k=0,l=c.length;for(;c&&m<l;m++)if(c[m].apply(b,f)===!1&&a.stopOnFalse){e=!0;break}j=!1,c&&(a.once?e===!0?p.disable():c=[]:d&&d.length&&(e=d.shift(),p.fireWith(e[0],e[1])))},p={add:function(){if(c){var a=c.length;n(arguments),j?l=c.length:e&&e!==!0&&(k=a,o(e[0],e[1]))}return this},remove:function(){if(c){var b=arguments,d=0,e=b.length;for(;d<e;d++)for(var f=0;f<c.length;f++)if(b[d]===c[f]){j&&f<=l&&(l--,f<=m&&m--),c.splice(f--,1);if(a.unique)break}}return this},has:function(a){if(c){var b=0,d=c.length;for(;b<d;b++)if(a===c[b])return!0}return!1},empty:function(){c=[];return this},disable:function(){c=d=e=b;return this},disabled:function(){return!c},lock:function(){d=b,(!e||e===!0)&&p.disable();return this},locked:function(){return!d},fireWith:function(b,c){d&&(j?a.once||d.push([b,c]):(!a.once||!e)&&o(b,c));return this},fire:function(){p.fireWith(this,arguments);return this},fired:function(){return!!i}};return p};var i=[].slice;f.extend({Deferred:function(a){var b=f.Callbacks("once memory"),c=f.Callbacks("once memory"),d=f.Callbacks("memory"),e="pending",g={resolve:b,reject:c,notify:d},h={done:b.add,fail:c.add,progress:d.add,state:function(){return e},isResolved:b.fired,isRejected:c.fired,then:function(a,b,c){i.done(a).fail(b).progress(c);return this},always:function(){i.done.apply(i,arguments).fail.apply(i,arguments);return this},pipe:function(a,b,c){return f.Deferred(function(d){f.each({done:[a,"resolve"],fail:[b,"reject"],progress:[c,"notify"]},function(a,b){var c=b[0],e=b[1],g;f.isFunction(c)?i[a](function(){g=c.apply(this,arguments),g&&f.isFunction(g.promise)?g.promise().then(d.resolve,d.reject,d.notify):d[e+"With"](this===i?d:this,[g])}):i[a](d[e])})}).promise()},promise:function(a){if(a==null)a=h;else for(var b in h)a[b]=h[b];return a}},i=h.promise({}),j;for(j in g)i[j]=g[j].fire,i[j+"With"]=g[j].fireWith;i.done(function(){e="resolved"},c.disable,d.lock).fail(function(){e="rejected"},b.disable,d.lock),a&&a.call(i,i);return i},when:function(a){function m(a){return function(b){e[a]=arguments.length>1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c<d;c++)b[c]&&b[c].promise&&f.isFunction(b[c].promise)?b[c].promise().then(l(c),j.reject,m(c)):--g;g||j.resolveWith(j,b)}else j!==a&&j.resolveWith(j,d?[a]:[]);return k}}),f.support=function(){var b,d,e,g,h,i,j,k,l,m,n,o,p=c.createElement("div"),q=c.documentElement;p.setAttribute("className","t"),p.innerHTML="   <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>",d=p.getElementsByTagName("*"),e=p.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=p.getElementsByTagName("input")[0],b={leadingWhitespace:p.firstChild.nodeType===3,tbody:!p.getElementsByTagName("tbody").length,htmlSerialize:!!p.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:p.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav></:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,pixelMargin:!0},f.boxModel=b.boxModel=c.compatMode==="CSS1Compat",i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete p.test}catch(r){b.deleteExpando=!1}!p.addEventListener&&p.attachEvent&&p.fireEvent&&(p.attachEvent("onclick",function(){b.noCloneEvent=!1}),p.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),i.setAttribute("name","t"),p.appendChild(i),j=c.createDocumentFragment(),j.appendChild(p.lastChild),b.checkClone=j.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,j.removeChild(i),j.appendChild(p);if(p.attachEvent)for(n in{submit:1,change:1,focusin:1})m="on"+n,o=m in p,o||(p.setAttribute(m,"return;"),o=typeof p[m]=="function"),b[n+"Bubbles"]=o;j.removeChild(p),j=g=h=p=i=null,f(function(){var d,e,g,h,i,j,l,m,n,q,r,s,t,u=c.getElementsByTagName("body")[0];!u||(m=1,t="padding:0;margin:0;border:",r="position:absolute;top:0;left:0;width:1px;height:1px;",s=t+"0;visibility:hidden;",n="style='"+r+t+"5px solid #000;",q="<div "+n+"display:block;'><div style='"+t+"0;display:block;overflow:hidden;'></div></div>"+"<table "+n+"' cellpadding='0' cellspacing='0'>"+"<tr><td></td></tr></table>",d=c.createElement("div"),d.style.cssText=s+"width:0;height:0;position:static;top:0;margin-top:"+m+"px",u.insertBefore(d,u.firstChild),p=c.createElement("div"),d.appendChild(p),p.innerHTML="<table><tr><td style='"+t+"0;display:none'></td><td>t</td></tr></table>",k=p.getElementsByTagName("td"),o=k[0].offsetHeight===0,k[0].style.display="",k[1].style.display="none",b.reliableHiddenOffsets=o&&k[0].offsetHeight===0,a.getComputedStyle&&(p.innerHTML="",l=c.createElement("div"),l.style.width="0",l.style.marginRight="0",p.style.width="2px",p.appendChild(l),b.reliableMarginRight=(parseInt((a.getComputedStyle(l,null)||{marginRight:0}).marginRight,10)||0)===0),typeof p.style.zoom!="undefined"&&(p.innerHTML="",p.style.width=p.style.padding="1px",p.style.border=0,p.style.overflow="hidden",p.style.display="inline",p.style.zoom=1,b.inlineBlockNeedsLayout=p.offsetWidth===3,p.style.display="block",p.style.overflow="visible",p.innerHTML="<div style='width:5px;'></div>",b.shrinkWrapBlocks=p.offsetWidth!==3),p.style.cssText=r+s,p.innerHTML=q,e=p.firstChild,g=e.firstChild,i=e.nextSibling.firstChild.firstChild,j={doesNotAddBorder:g.offsetTop!==5,doesAddBorderForTableAndCells:i.offsetTop===5},g.style.position="fixed",g.style.top="20px",j.fixedPosition=g.offsetTop===20||g.offsetTop===15,g.style.position=g.style.top="",e.style.overflow="hidden",e.style.position="relative",j.subtractsBorderForOverflowNotVisible=g.offsetTop===-5,j.doesNotIncludeMarginInBodyOffset=u.offsetTop!==m,a.getComputedStyle&&(p.style.marginTop="1%",b.pixelMargin=(a.getComputedStyle(p,null)||{marginTop:0}).marginTop!=="1%"),typeof d.style.zoom!="undefined"&&(d.style.zoom=1),u.removeChild(d),l=p=d=null,f.extend(b,j))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e<g;e++)delete d[b[e]];if(!(c?m:f.isEmptyObject)(d))return}}if(!c){delete j[k].data;if(!m(j[k]))return}f.support.deleteExpando||!j.setInterval?delete j[k]:j[k]=null,i&&(f.support.deleteExpando?delete a[h]:a.removeAttribute?a.removeAttribute(h):a[h]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d,e,g,h,i,j=this[0],k=0,m=null;if(a===b){if(this.length){m=f.data(j);if(j.nodeType===1&&!f._data(j,"parsedAttrs")){g=j.attributes;for(i=g.length;k<i;k++)h=g[k].name,h.indexOf("data-")===0&&(h=f.camelCase(h.substring(5)),l(j,h,m[h]));f._data(j,"parsedAttrs",!0)}}return m}if(typeof a=="object")return this.each(function(){f.data(this,a)});d=a.split(".",2),d[1]=d[1]?"."+d[1]:"",e=d[1]+"!";return f.access(this,function(c){if(c===b){m=this.triggerHandler("getData"+e,[d[0]]),m===b&&j&&(m=f.data(j,a),m=l(j,a,m));return m===b&&d[1]?this.data(d[0]):m}d[1]=c,this.each(function(){var b=f(this);b.triggerHandler("setData"+e,d),f.data(this,a,c),b.triggerHandler("changeData"+e,d)})},null,c,arguments.length>1,null,!1)},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,b){a&&(b=(b||"fx")+"mark",f._data(a,b,(f._data(a,b)||0)+1))},_unmark:function(a,b,c){a!==!0&&(c=b,b=a,a=!1);if(b){c=c||"fx";var d=c+"mark",e=a?0:(f._data(b,d)||1)-1;e?f._data(b,d,e):(f.removeData(b,d,!0),n(b,c,"mark"))}},queue:function(a,b,c){var d;if(a){b=(b||"fx")+"queue",d=f._data(a,b),c&&(!d||f.isArray(c)?d=f._data(a,b,f.makeArray(c)):d.push(c));return d||[]}},dequeue:function(a,b){b=b||"fx";var c=f.queue(a,b),d=c.shift(),e={};d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),f._data(a,b+".run",e),d.call(a,function(){f.dequeue(a,b)},e)),c.length||(f.removeData(a,b+"queue "+b+".run",!0),n(a,b,"queue"))}}),f.fn.extend({queue:function(a,c){var d=2;typeof a!="string"&&(c=a,a="fx",d--);if(arguments.length<d)return f.queue(this[0],a);return c===b?this:this.each(function(){var b=f.queue(this,a,c);a==="fx"&&b[0]!=="inprogress"&&f.dequeue(this,a)})},dequeue:function(a){return this.each(function(){f.dequeue(this,a)})},delay:function(a,b){a=f.fx?f.fx.speeds[a]||a:a,b=b||"fx";return this.queue(b,function(b,c){var d=setTimeout(b,a);c.stop=function(){clearTimeout(d)}})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,c){function m(){--h||d.resolveWith(e,[e])}typeof a!="string"&&(c=a,a=b),a=a||"fx";var d=f.Deferred(),e=this,g=e.length,h=1,i=a+"defer",j=a+"queue",k=a+"mark",l;while(g--)if(l=f.data(e[g],i,b,!0)||(f.data(e[g],j,b,!0)||f.data(e[g],k,b,!0))&&f.data(e[g],i,f.Callbacks("once memory"),!0))h++,l.add(m);m();return d.promise(c)}});var o=/[\n\t\r]/g,p=/\s+/,q=/\r/g,r=/^(?:button|input)$/i,s=/^(?:button|input|object|select|textarea)$/i,t=/^a(?:rea)?$/i,u=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,v=f.support.getSetAttribute,w,x,y;f.fn.extend({attr:function(a,b){return f.access(this,f.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,f.prop,a,b,arguments.length>1)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(p);for(c=0,d=this.length;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className=a;else{g=" "+e.className+" ";for(h=0,i=b.length;h<i;h++)~g.indexOf(" "+b[h]+" ")||(g+=b[h]+" ");e.className=f.trim(g)}}}return this},removeClass:function(a){var c,d,e,g,h,i,j;if(f.isFunction(a))return this.each(function(b){f(this).removeClass(a.call(this,b,this.className))});if(a&&typeof a=="string"||a===b){c=(a||"").split(p);for(d=0,e=this.length;d<e;d++){g=this[d];if(g.nodeType===1&&g.className)if(a){h=(" "+g.className+" ").replace(o," ");for(i=0,j=c.length;i<j;i++)h=h.replace(" "+c[i]+" "," ");g.className=f.trim(h)}else g.className=""}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";if(f.isFunction(a))return this.each(function(c){f(this).toggleClass(a.call(this,c,this.className,b),b)});return this.each(function(){if(c==="string"){var e,g=0,h=f(this),i=b,j=a.split(p);while(e=j[g++])i=d?i:!h.hasClass(e),h[i?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&f._data(this,"__className__",this.className),this.className=this.className||a===!1?"":f._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ",c=0,d=this.length;for(;c<d;c++)if(this[c].nodeType===1&&(" "+this[c].className+" ").replace(o," ").indexOf(b)>-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.type]||f.valHooks[this.nodeName.toLowerCase()];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.type]||f.valHooks[g.nodeName.toLowerCase()];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c<d;c++){e=i[c];if(e.selected&&(f.support.optDisabled?!e.disabled:e.getAttribute("disabled")===null)&&(!e.parentNode.disabled||!f.nodeName(e.parentNode,"optgroup"))){b=f(e).val();if(j)return b;h.push(b)}}if(j&&!h.length&&i.length)return f(i[g]).val();return h},set:function(a,b){var c=f.makeArray(b);f(a).find("option").each(function(){this.selected=f.inArray(f(this).val(),c)>=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h,i=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;i<g;i++)e=d[i],e&&(c=f.propFix[e]||e,h=u.test(e),h||f.attr(a,e,""),a.removeAttribute(v?e:c),h&&c in a&&(a[c]=!1))}},attrHooks:{type:{set:function(a,b){if(r.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(w&&f.nodeName(a,"button"))return w.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(w&&f.nodeName(a,"button"))return w.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e,g,h,i=a.nodeType;if(!!a&&i!==3&&i!==8&&i!==2){h=i!==1||!f.isXMLDoc(a),h&&(c=f.propFix[c]||c,g=f.propHooks[c]);return d!==b?g&&"set"in g&&(e=g.set(a,d,c))!==b?e:a[c]=d:g&&"get"in g&&(e=g.get(a,c))!==null?e:a[c]}},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):s.test(a.nodeName)||t.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabindex=f.propHooks.tabIndex,x={get:function(a,c){var d,e=f.prop(a,c);return e===!0||typeof e!="boolean"&&(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},v||(y={name:!0,id:!0,coords:!0},w=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&(y[c]?d.nodeValue!=="":d.specified)?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+""}},f.attrHooks.tabindex.set=w.set,f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})}),f.attrHooks.contenteditable={get:w.get,set:function(a,b,c){b===""&&(b="false"),w.set(a,b,c)}}),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.enctype||(f.propFix.enctype="encoding"),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/(?:^|\s)hover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function(
+a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")};f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler,g=p.selector),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k<c.length;k++){l=A.exec(c[k])||[],m=l[1],n=(l[2]||"").split(".").sort(),s=f.event.special[m]||{},m=(g?s.delegateType:s.bindType)||m,s=f.event.special[m]||{},o=f.extend({type:m,origType:l[1],data:e,handler:d,guid:d.guid,selector:g,quick:g&&G(g),namespace:n.join(".")},p),r=j[m];if(!r){r=j[m]=[],r.delegateCount=0;if(!s.setup||s.setup.call(a,e,n,i)===!1)a.addEventListener?a.addEventListener(m,i,!1):a.attachEvent&&a.attachEvent("on"+m,i)}s.add&&(s.add.call(a,o),o.handler.guid||(o.handler.guid=d.guid)),g?r.splice(r.delegateCount++,0,o):r.push(o),f.event.global[m]=!0}a=null}},global:{},remove:function(a,b,c,d,e){var g=f.hasData(a)&&f._data(a),h,i,j,k,l,m,n,o,p,q,r,s;if(!!g&&!!(o=g.events)){b=f.trim(I(b||"")).split(" ");for(h=0;h<b.length;h++){i=A.exec(b[h])||[],j=k=i[1],l=i[2];if(!j){for(j in o)f.event.remove(a,j+b[h],c,d,!0);continue}p=f.event.special[j]||{},j=(d?p.delegateType:p.bindType)||j,r=o[j]||[],m=r.length,l=l?new RegExp("(^|\\.)"+l.split(".").sort().join("\\.(?:.*\\.)?")+"(\\.|$)"):null;for(n=0;n<r.length;n++)s=r[n],(e||k===s.origType)&&(!c||c.guid===s.guid)&&(!l||l.test(s.namespace))&&(!d||d===s.selector||d==="**"&&s.selector)&&(r.splice(n--,1),s.selector&&r.delegateCount--,p.remove&&p.remove.call(a,s));r.length===0&&m!==r.length&&((!p.teardown||p.teardown.call(a,l)===!1)&&f.removeEvent(a,j,g.handle),delete o[j])}f.isEmptyObject(o)&&(q=g.handle,q&&(q.elem=null),f.removeData(a,["events","handle"],!0))}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){if(!e||e.nodeType!==3&&e.nodeType!==8){var h=c.type||c,i=[],j,k,l,m,n,o,p,q,r,s;if(E.test(h+f.event.triggered))return;h.indexOf("!")>=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;l<r.length&&!c.isPropagationStopped();l++)m=r[l][0],c.type=r[l][1],q=(f._data(m,"events")||{})[c.type]&&f._data(m,"handle"),q&&q.apply(m,d),q=o&&m[o],q&&f.acceptData(m)&&q.apply(m,d)===!1&&c.preventDefault();c.type=h,!g&&!c.isDefaultPrevented()&&(!p._default||p._default.apply(e.ownerDocument,d)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)&&o&&e[h]&&(h!=="focus"&&h!=="blur"||c.target.offsetWidth!==0)&&!f.isWindow(e)&&(n=e[o],n&&(e[o]=null),f.event.triggered=h,e[h](),f.event.triggered=b,n&&(e[o]=n));return c.result}},dispatch:function(c){c=f.event.fix(c||a.event);var d=(f._data(this,"events")||{})[c.type]||[],e=d.delegateCount,g=[].slice.call(arguments,0),h=!c.exclusive&&!c.namespace,i=f.event.special[c.type]||{},j=[],k,l,m,n,o,p,q,r,s,t,u;g[0]=c,c.delegateTarget=this;if(!i.preDispatch||i.preDispatch.call(this,c)!==!1){if(e&&(!c.button||c.type!=="click")){n=f(this),n.context=this.ownerDocument||this;for(m=c.target;m!=this;m=m.parentNode||this)if(m.disabled!==!0){p={},r=[],n[0]=m;for(k=0;k<e;k++)s=d[k],t=s.selector,p[t]===b&&(p[t]=s.quick?H(m,s.quick):n.is(t)),p[t]&&r.push(s);r.length&&j.push({elem:m,matches:r})}}d.length>e&&j.push({elem:this,matches:d.slice(e)});for(k=0;k<j.length&&!c.isPropagationStopped();k++){q=j[k],c.currentTarget=q.elem;for(l=0;l<q.matches.length&&!c.isImmediatePropagationStopped();l++){s=q.matches[l];if(h||!c.namespace&&!s.namespace||c.namespace_re&&c.namespace_re.test(s.namespace))c.data=s.data,c.handleObj=s,o=((f.event.special[s.origType]||{}).handle||s.handler).apply(q.elem,g),o!==b&&(c.result=o,o===!1&&(c.preventDefault(),c.stopPropagation()))}}i.postDispatch&&i.postDispatch.call(this,c);return c.result}},props:"attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){a.which==null&&(a.which=b.charCode!=null?b.charCode:b.keyCode);return a}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,d){var e,f,g,h=d.button,i=d.fromElement;a.pageX==null&&d.clientX!=null&&(e=a.target.ownerDocument||c,f=e.documentElement,g=e.body,a.pageX=d.clientX+(f&&f.scrollLeft||g&&g.scrollLeft||0)-(f&&f.clientLeft||g&&g.clientLeft||0),a.pageY=d.clientY+(f&&f.scrollTop||g&&g.scrollTop||0)-(f&&f.clientTop||g&&g.clientTop||0)),!a.relatedTarget&&i&&(a.relatedTarget=i===a.target?d.toElement:i),!a.which&&h!==b&&(a.which=h&1?1:h&2?3:h&4?2:0);return a}},fix:function(a){if(a[f.expando])return a;var d,e,g=a,h=f.event.fixHooks[a.type]||{},i=h.props?this.props.concat(h.props):this.props;a=f.Event(g);for(d=i.length;d;)e=i[--d],a[e]=g[e];a.target||(a.target=g.srcElement||c),a.target.nodeType===3&&(a.target=a.target.parentNode),a.metaKey===b&&(a.metaKey=a.ctrlKey);return h.filter?h.filter(a,g):a},special:{ready:{setup:f.bindReady},load:{noBubble:!0},focus:{delegateType:"focusin"},blur:{delegateType:"focusout"},beforeunload:{setup:function(a,b,c){f.isWindow(this)&&(this.onbeforeunload=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)}}},simulate:function(a,b,c,d){var e=f.extend(new f.Event,c,{type:a,isSimulated:!0,originalEvent:{}});d?f.event.trigger(e,null,b):f.event.dispatch.call(b,e),e.isDefaultPrevented()&&c.preventDefault()}},f.event.handle=f.event.dispatch,f.removeEvent=c.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)}:function(a,b,c){a.detachEvent&&a.detachEvent("on"+b,c)},f.Event=function(a,b){if(!(this instanceof f.Event))return new f.Event(a,b);a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?K:J):this.type=a,b&&f.extend(this,b),this.timeStamp=a&&a.timeStamp||f.now(),this[f.expando]=!0},f.Event.prototype={preventDefault:function(){this.isDefaultPrevented=K;var a=this.originalEvent;!a||(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){this.isPropagationStopped=K;var a=this.originalEvent;!a||(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=K,this.stopPropagation()},isDefaultPrevented:J,isPropagationStopped:J,isImmediatePropagationStopped:J},f.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(a,b){f.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c=this,d=a.relatedTarget,e=a.handleObj,g=e.selector,h;if(!d||d!==c&&!f.contains(c,d))a.type=e.origType,h=e.handler.apply(this,arguments),a.type=b;return h}}}),f.support.submitBubbles||(f.event.special.submit={setup:function(){if(f.nodeName(this,"form"))return!1;f.event.add(this,"click._submit keypress._submit",function(a){var c=a.target,d=f.nodeName(c,"input")||f.nodeName(c,"button")?c.form:b;d&&!d._submit_attached&&(f.event.add(d,"submit._submit",function(a){a._submit_bubble=!0}),d._submit_attached=!0)})},postDispatch:function(a){a._submit_bubble&&(delete a._submit_bubble,this.parentNode&&!a.isTrigger&&f.event.simulate("submit",this.parentNode,a,!0))},teardown:function(){if(f.nodeName(this,"form"))return!1;f.event.remove(this,"._submit")}}),f.support.changeBubbles||(f.event.special.change={setup:function(){if(z.test(this.nodeName)){if(this.type==="checkbox"||this.type==="radio")f.event.add(this,"propertychange._change",function(a){a.originalEvent.propertyName==="checked"&&(this._just_changed=!0)}),f.event.add(this,"click._change",function(a){this._just_changed&&!a.isTrigger&&(this._just_changed=!1,f.event.simulate("change",this,a,!0))});return!1}f.event.add(this,"beforeactivate._change",function(a){var b=a.target;z.test(b.nodeName)&&!b._change_attached&&(f.event.add(b,"change._change",function(a){this.parentNode&&!a.isSimulated&&!a.isTrigger&&f.event.simulate("change",this.parentNode,a,!0)}),b._change_attached=!0)})},handle:function(a){var b=a.target;if(this!==b||a.isSimulated||a.isTrigger||b.type!=="radio"&&b.type!=="checkbox")return a.handleObj.handler.apply(this,arguments)},teardown:function(){f.event.remove(this,"._change");return z.test(this.nodeName)}}),f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){var d=0,e=function(a){f.event.simulate(b,a.target,f.event.fix(a),!0)};f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.fn.extend({on:function(a,c,d,e,g){var h,i;if(typeof a=="object"){typeof c!="string"&&(d=d||c,c=b);for(i in a)this.on(i,c,d,a[i],g);return this}d==null&&e==null?(e=c,d=c=b):e==null&&(typeof c=="string"?(e=d,d=b):(e=d,d=c,c=b));if(e===!1)e=J;else if(!e)return this;g===1&&(h=e,e=function(a){f().off(a);return h.apply(this,arguments)},e.guid=h.guid||(h.guid=f.guid++));return this.each(function(){f.event.add(this,a,e,d,c)})},one:function(a,b,c,d){return this.on(a,b,c,d,1)},off:function(a,c,d){if(a&&a.preventDefault&&a.handleObj){var e=a.handleObj;f(a.delegateTarget).off(e.namespace?e.origType+"."+e.namespace:e.origType,e.selector,e.handler);return this}if(typeof a=="object"){for(var g in a)this.off(g,c,a[g]);return this}if(c===!1||typeof c=="function")d=c,c=b;d===!1&&(d=J);return this.each(function(){f.event.remove(this,a,d,c)})},bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},live:function(a,b,c){f(this.context).on(a,this.selector,b,c);return this},die:function(a,b){f(this.context).off(a,this.selector||"**",b);return this},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return arguments.length==1?this.off(a,"**"):this.off(b,a,c)},trigger:function(a,b){return this.each(function(){f.event.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return f.event.trigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||f.guid++,d=0,e=function(c){var e=(f._data(this,"lastToggle"+a.guid)||0)%d;f._data(this,"lastToggle"+a.guid,e+1),c.preventDefault();return b[e].apply(this,arguments)||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}}),f.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){f.fn[b]=function(a,c){c==null&&(c=a,a=null);return arguments.length>0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h<i;h++){var j=e[h];if(j){var k=!1;j=j[a];while(j){if(j[d]===c){k=e[j.sizset];break}if(j.nodeType===1){g||(j[d]=c,j.sizset=h);if(typeof b!="string"){if(j===b){k=!0;break}}else if(m.filter(b,[j]).length>0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h<i;h++){var j=e[h];if(j){var k=!1;j=j[a];while(j){if(j[d]===c){k=e[j.sizset];break}j.nodeType===1&&!g&&(j[d]=c,j.sizset=h);if(j.nodeName.toLowerCase()===b){k=j;break}j=j[a]}e[h]=k}}}var a=/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b<a.length;b++)a[b]===a[b-1]&&a.splice(b--,1)}return a},m.matches=function(a,b){return m(a,null,null,b)},m.matchesSelector=function(a,b){return m(b,null,null,[a]).length>0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e<f;e++){h=o.order[e];if(g=o.leftMatch[h].exec(a)){i=g[1],g.splice(1,1);if(i.substr(i.length-1)!=="\\"){g[1]=(g[1]||"").replace(j,""),d=o.find[h](g,b,c);if(d!=null){a=a.replace(o.match[h],"");break}}}}d||(d=typeof b.getElementsByTagName!="undefined"?b.getElementsByTagName("*"):[]);return{set:d,expr:a}},m.filter=function(a,c,d,e){var f,g,h,i,j,k,l,n,p,q=a,r=[],s=c,t=c&&c[0]&&m.isXML(c[0]);while(a&&c.length){for(h in o.filter)if((f=o.leftMatch[h].exec(a))!=null&&f[2]){k=o.filter[h],l=f[1],g=!1,f.splice(1,1);if(l.substr(l.length-1)==="\\")continue;s===r&&(r=[]);if(o.preFilter[h]){f=o.preFilter[h](f,s,d,r,e,t);if(!f)g=i=!0;else if(f===!0)continue}if(f)for(n=0;(j=s[n])!=null;n++)j&&(i=k(j,f,n,s),p=e^i,d&&i!=null?p?g=!0:s[n]=!1:p&&(r.push(j),g=!0));if(i!==b){d||(s=r),a=a.replace(o.match[h],"");if(!g)return[];break}}if(a===q)if(g==null)m.error(a);else break;q=a}return s},m.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)};var n=m.getText=function(a){var b,c,d=a.nodeType,e="";if(d){if(d===1||d===9||d===11){if(typeof a.textContent=="string")return a.textContent;if(typeof a.innerText=="string")return a.innerText.replace(k,"");for(a=a.firstChild;a;a=a.nextSibling)e+=n(a)}else if(d===3||d===4)return a.nodeValue}else for(b=0;c=a[b];b++)c.nodeType!==8&&(e+=n(c));return e},o=m.selectors={order:["ID","NAME","TAG"],match:{ID:/#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,CLASS:/\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,NAME:/\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/,ATTR:/\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/,TAG:/^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/,POS:/:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/,PSEUDO:/:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/},leftMatch:{},attrMap:{"class":"className","for":"htmlFor"},attrHandle:{href:function(a){return a.getAttribute("href")},type:function(a){return a.getAttribute("type")}},relative:{"+":function(a,b){var c=typeof b=="string",d=c&&!l.test(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e||h&&h.nodeName.toLowerCase()===b?h||!1:h===b}e&&m.filter(b,a,!0)},">":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e<f;e++){c=a[e];if(c){var g=c.parentNode;a[e]=g.nodeName.toLowerCase()===b?g:!1}}}else{for(;e<f;e++)c=a[e],c&&(a[e]=d?c.parentNode:c.parentNode===b);d&&m.filter(b,a,!0)}},"":function(a,b,c){var d,f=e++,g=x;typeof b=="string"&&!l.test(b)&&(b=b.toLowerCase(),d=b,g=w),g("parentNode",b,f,a,d,c)},"~":function(a,b,c){var d,f=e++,g=x;typeof b=="string"&&!l.test(b)&&(b=b.toLowerCase(),d=b,g=w),g("previousSibling",b,f,a,d,c)}},find:{ID:function(a,b,c){if(typeof b.getElementById!="undefined"&&!c){var d=b.getElementById(a[1]);return d&&d.parentNode?[d]:[]}},NAME:function(a,b){if(typeof b.getElementsByName!="undefined"){var c=[],d=b.getElementsByName(a[1]);for(var e=0,f=d.length;e<f;e++)d[e].getAttribute("name")===a[1]&&c.push(d[e]);return c.length===0?null:c}},TAG:function(a,b){if(typeof b.getElementsByTagName!="undefined")return b.getElementsByTagName(a[1])}},preFilter:{CLASS:function(a,b,c,d,e,f){a=" "+a[1].replace(j,"")+" ";if(f)return a;for(var g=0,h;(h=b[g])!=null;g++)h&&(e^(h.className&&(" "+h.className+" ").replace(/[\t\n\r]/g," ").indexOf(a)>=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return b<c[3]-0},gt:function(a,b,c){return b>c[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h<i;h++)if(g[h]===a)return!1;return!0}m.error(e)},CHILD:function(a,b){var c,e,f,g,h,i,j,k=b[1],l=a;switch(k){case"only":case"first":while(l=l.previousSibling)if(l.nodeType===1)return!1;if(k==="first")return!0;l=a;case"last":while(l=l.nextSibling)if(l.nodeType===1)return!1;return!0;case"nth":c=b[2],e=b[3];if(c===1&&e===0)return!0;f=b[0],g=a.parentNode;if(g&&(g[d]!==f||!a.nodeIndex)){i=0;for(l=g.firstChild;l;l=l.nextSibling)l.nodeType===1&&(l.nodeIndex=++i);g[d]=f}j=a.nodeIndex-e;return c===0?j===0:j%c===0&&j/c>=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));o.match.globalPOS=p;var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c<e;c++)d.push(a[c]);else for(;a[c];c++)d.push(a[c]);return d}}var u,v;c.documentElement.compareDocumentPosition?u=function(a,b){if(a===b){h=!0;return 0}if(!a.compareDocumentPosition||!b.compareDocumentPosition)return a.compareDocumentPosition?-1:1;return a.compareDocumentPosition(b)&4?-1:1}:(u=function(a,b){if(a===b){h=!0;return 0}if(a.sourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],f=[],g=a.parentNode,i=b.parentNode,j=g;if(g===i)return v(a,b);if(!g)return-1;if(!i)return 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)f.unshift(j),j=j.parentNode;c=e.length,d=f.length;for(var k=0;k<c&&k<d;k++)if(e[k]!==f[k])return v(e[k],f[k]);return k===c?v(a,f[k],-1):v(e[k],b,1)},v=function(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),function(){var a=c.createElement("div"),d="script"+(new Date).getTime(),e=c.documentElement;a.innerHTML="<a name='"+d+"'/>",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="<a href='#'></a>",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="<p class='TEST'></p>";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="<div class='test e'></div><div class='test'></div>";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h<i;h++)m(a,g[h],e,c);return m.filter(f,e)};m.attr=f.attr,m.selectors.attrMap={},f.find=m,f.expr=m.selectors,f.expr[":"]=f.expr.filters,f.unique=m.uniqueSort,f.text=m.getText,f.isXMLDoc=m.isXML,f.contains=m.contains}();var L=/Until$/,M=/^(?:parents|prevUntil|prevAll)/,N=/,/,O=/^.[^:#\[\.,]*$/,P=Array.prototype.slice,Q=f.expr.match.globalPOS,R={children:!0,contents:!0,next:!0,prev:!0};f.fn.extend({find:function(a){var b=this,c,d;if(typeof a!="string")return f(a).filter(function(){for(c=0,d=b.length;c<d;c++)if(f.contains(b[c],this))return!0});var e=this.pushStack("","find",a),g,h,i;for(c=0,d=this.length;c<d;c++){g=e.length,f.find(a,this[c],e);if(c>0)for(h=g;h<e.length;h++)for(i=0;i<g;i++)if(e[i]===e[h]){e.splice(h--,1);break}}return e},has:function(a){var b=f(a);return this.filter(function(){for(var a=0,c=b.length;a<c;a++)if(f.contains(this,b[a]))return!0})},not:function(a){return this.pushStack(T(this,a,!1),"not",a)},filter:function(a){return this.pushStack(T(this,a,!0),"filter",a)},is:function(a){return!!a&&(typeof a=="string"?Q.test(a)?f(a,this.context).index(this[0])>=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d<a.length;d++)f(g).is(a[d])&&c.push({selector:a[d],elem:g,level:h});g=g.parentNode,h++}return c}var i=Q.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d<e;d++){g=this[d];while(g){if(i?i.index(g)>-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/<tbody/i,_=/<|&#?\w+;/,ba=/<(?:script|style)/i,bb=/<(?:script|object|embed|option|style)/i,bc=new RegExp("<(?:"+V+")[\\s/>]","i"),bd=/checked\s*(?:[^=]|=\s*.checked.)/i,be=/\/(java|ecma)script/i,bf=/^\s*<!(?:\[CDATA\[|\-\-)/,bg={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div<div>","</div>"]),f.fn.extend({text:function(a){return f.access(this,function(a){return a===b?f.text(this):this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a))},null,a,arguments.length)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f
+.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){return f.access(this,function(a){var c=this[0]||{},d=0,e=this.length;if(a===b)return c.nodeType===1?c.innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1></$2>");try{for(;d<e;d++)c=this[d]||{},c.nodeType===1&&(f.cleanData(c.getElementsByTagName("*")),c.innerHTML=a);c=0}catch(g){}}c&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(a){if(this[0]&&this[0].parentNode){if(f.isFunction(a))return this.each(function(b){var c=f(this),d=c.html();c.replaceWith(a.call(this,b,d))});typeof a!="string"&&(a=f(a).detach());return this.each(function(){var b=this.nextSibling,c=this.parentNode;f(this).remove(),b?f(b).before(a):f(c).append(a)})}return this.length?this.pushStack(f(f.isFunction(a)?a():a),"replaceWith",a):this},detach:function(a){return this.remove(a,!0)},domManip:function(a,c,d){var e,g,h,i,j=a[0],k=[];if(!f.support.checkClone&&arguments.length===3&&typeof j=="string"&&bd.test(j))return this.each(function(){f(this).domManip(a,c,d,!0)});if(f.isFunction(j))return this.each(function(e){var g=f(this);a[0]=j.call(this,e,c?g.html():b),g.domManip(a,c,d)});if(this[0]){i=j&&j.parentNode,f.support.parentNode&&i&&i.nodeType===11&&i.childNodes.length===this.length?e={fragment:i}:e=f.buildFragment(a,this,k),h=e.fragment,h.childNodes.length===1?g=h=h.firstChild:g=h.firstChild;if(g){c=c&&f.nodeName(g,"tr");for(var l=0,m=this.length,n=m-1;l<m;l++)d.call(c?bi(this[l],g):this[l],e.cacheable||m>1&&l<n?f.clone(h,!0,!0):h)}k.length&&f.each(k,function(a,b){b.src?f.ajax({type:"GET",global:!1,url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bf,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)})}return this}}),f.buildFragment=function(a,b,d){var e,g,h,i,j=a[0];b&&b[0]&&(i=b[0].ownerDocument||b[0]),i.createDocumentFragment||(i=c),a.length===1&&typeof j=="string"&&j.length<512&&i===c&&j.charAt(0)==="<"&&!bb.test(j)&&(f.support.checkClone||!bd.test(j))&&(f.support.html5Clone||!bc.test(j))&&(g=!0,h=f.fragments[j],h&&h!==1&&(e=h)),e||(e=i.createDocumentFragment(),f.clean(a,i,e,d)),g&&(f.fragments[j]=h?e:1);return{fragment:e,cacheable:g}},f.fragments={},f.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){f.fn[a]=function(c){var d=[],e=f(c),g=this.length===1&&this[0].parentNode;if(g&&g.nodeType===11&&g.childNodes.length===1&&e.length===1){e[b](this[0]);return this}for(var h=0,i=e.length;h<i;h++){var j=(h>0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||f.isXMLDoc(a)||!bc.test("<"+a.nodeName+">")?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g,h,i,j=[];b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);for(var k=0,l;(l=a[k])!=null;k++){typeof l=="number"&&(l+="");if(!l)continue;if(typeof l=="string")if(!_.test(l))l=b.createTextNode(l);else{l=l.replace(Y,"<$1></$2>");var m=(Z.exec(l)||["",""])[1].toLowerCase(),n=bg[m]||bg._default,o=n[0],p=b.createElement("div"),q=bh.childNodes,r;b===c?bh.appendChild(p):U(b).appendChild(p),p.innerHTML=n[1]+l+n[2];while(o--)p=p.lastChild;if(!f.support.tbody){var s=$.test(l),t=m==="table"&&!s?p.firstChild&&p.firstChild.childNodes:n[1]==="<table>"&&!s?p.childNodes:[];for(i=t.length-1;i>=0;--i)f.nodeName(t[i],"tbody")&&!t[i].childNodes.length&&t[i].parentNode.removeChild(t[i])}!f.support.leadingWhitespace&&X.test(l)&&p.insertBefore(b.createTextNode(X.exec(l)[0]),p.firstChild),l=p.childNodes,p&&(p.parentNode.removeChild(p),q.length>0&&(r=q[q.length-1],r&&r.parentNode&&r.parentNode.removeChild(r)))}var u;if(!f.support.appendChecked)if(l[0]&&typeof (u=l.length)=="number")for(i=0;i<u;i++)bn(l[i]);else bn(l);l.nodeType?j.push(l):j=f.merge(j,l)}if(d){g=function(a){return!a.type||be.test(a.type)};for(k=0;j[k];k++){h=j[k];if(e&&f.nodeName(h,"script")&&(!h.type||be.test(h.type)))e.push(h.parentNode?h.parentNode.removeChild(h):h);else{if(h.nodeType===1){var v=f.grep(h.getElementsByTagName("script"),g);j.splice.apply(j,[k+1,0].concat(v))}d.appendChild(h)}}}return j},cleanData:function(a){var b,c,d=f.cache,e=f.event.special,g=f.support.deleteExpando;for(var h=0,i;(i=a[h])!=null;h++){if(i.nodeName&&f.noData[i.nodeName.toLowerCase()])continue;c=i[f.expando];if(c){b=d[c];if(b&&b.events){for(var j in b.events)e[j]?f.event.remove(i,j):f.removeEvent(i,j,b.handle);b.handle&&(b.handle.elem=null)}g?delete i[f.expando]:i.removeAttribute&&i.removeAttribute(f.expando),delete d[c]}}}});var bp=/alpha\([^)]*\)/i,bq=/opacity=([^)]*)/,br=/([A-Z]|^ms)/g,bs=/^[\-+]?(?:\d*\.)?\d+$/i,bt=/^-?(?:\d*\.)?\d+(?!px)[^\d\s]+$/i,bu=/^([\-+])=([\-+.\de]+)/,bv=/^margin/,bw={position:"absolute",visibility:"hidden",display:"block"},bx=["Top","Right","Bottom","Left"],by,bz,bA;f.fn.css=function(a,c){return f.access(this,function(a,c,d){return d!==b?f.style(a,c,d):f.css(a,c)},a,c,arguments.length>1)},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=by(a,"opacity");return c===""?"1":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":f.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&"get"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d,h==="string"&&(g=bu.exec(d))&&(d=+(g[1]+1)*+g[2]+parseFloat(f.css(a,c)),h="number");if(d==null||h==="number"&&isNaN(d))return;h==="number"&&!f.cssNumber[i]&&(d+="px");if(!k||!("set"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c==="cssFloat"&&(c="float");if(g&&"get"in g&&(e=g.get(a,!0,d))!==b)return e;if(by)return by(a,c)},swap:function(a,b,c){var d={},e,f;for(f in b)d[f]=a.style[f],a.style[f]=b[f];e=c.call(a);for(f in b)a.style[f]=d[f];return e}}),f.curCSS=f.css,c.defaultView&&c.defaultView.getComputedStyle&&(bz=function(a,b){var c,d,e,g,h=a.style;b=b.replace(br,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b))),!f.support.pixelMargin&&e&&bv.test(b)&&bt.test(c)&&(g=h.width,h.width=c,c=e.width,h.width=g);return c}),c.documentElement.currentStyle&&(bA=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f==null&&g&&(e=g[b])&&(f=e),bt.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),by=bz||bA,f.each(["height","width"],function(a,b){f.cssHooks[b]={get:function(a,c,d){if(c)return a.offsetWidth!==0?bB(a,b,d):f.swap(a,bw,function(){return bB(a,b,d)})},set:function(a,b){return bs.test(b)?b+"px":b}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bq.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bp,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bp.test(g)?g.replace(bp,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){return f.swap(a,{display:"inline-block"},function(){return b?by(a,"margin-right"):a.style.marginRight})}})}),f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)}),f.each({margin:"",padding:"",border:"Width"},function(a,b){f.cssHooks[a+b]={expand:function(c){var d,e=typeof c=="string"?c.split(" "):[c],f={};for(d=0;d<4;d++)f[a+bx[d]+b]=e[d]||e[d-2]||e[0];return f}}});var bC=/%20/g,bD=/\[\]$/,bE=/\r?\n/g,bF=/#.*$/,bG=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bH=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bI=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bJ=/^(?:GET|HEAD)$/,bK=/^\/\//,bL=/\?/,bM=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bN=/^(?:select|textarea)/i,bO=/\s+/,bP=/([?&])_=[^&]*/,bQ=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bR=f.fn.load,bS={},bT={},bU,bV,bW=["*/"]+["*"];try{bU=e.href}catch(bX){bU=c.createElement("a"),bU.href="",bU=bU.href}bV=bQ.exec(bU.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bR)return bR.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("<div>").append(c.replace(bM,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bN.test(this.nodeName)||bH.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bE,"\r\n")}}):{name:b.name,value:c.replace(bE,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b$(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b$(a,b);return a},ajaxSettings:{url:bU,isLocal:bI.test(bV[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bW},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bY(bS),ajaxTransport:bY(bT),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?ca(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cb(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bG.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bF,"").replace(bK,bV[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bO),d.crossDomain==null&&(r=bQ.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bV[1]&&r[2]==bV[2]&&(r[3]||(r[1]==="http:"?80:443))==(bV[3]||(bV[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bZ(bS,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bJ.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bL.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bP,"$1_="+x);d.url=y+(y===d.url?(bL.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bW+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bZ(bT,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)b_(g,a[g],c,e);return d.join("&").replace(bC,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cc=f.now(),cd=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cc++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=typeof b.data=="string"&&/^application\/x\-www\-form\-urlencoded/.test(b.contentType);if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(cd.test(b.url)||e&&cd.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(cd,l),b.url===j&&(e&&(k=k.replace(cd,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var ce=a.ActiveXObject?function(){for(var a in cg)cg[a](0,1)}:!1,cf=0,cg;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ch()||ci()}:ch,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,ce&&delete cg[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n);try{m.text=h.responseText}catch(a){}try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cf,ce&&(cg||(cg={},f(a).unload(ce)),cg[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cj={},ck,cl,cm=/^(?:toggle|show|hide)$/,cn=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,co,cp=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cq;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(ct("show",3),a,b,c);for(var g=0,h=this.length;g<h;g++)d=this[g],d.style&&(e=d.style.display,!f._data(d,"olddisplay")&&e==="none"&&(e=d.style.display=""),(e===""&&f.css(d,"display")==="none"||!f.contains(d.ownerDocument.documentElement,d))&&f._data(d,"olddisplay",cu(d.nodeName)));for(g=0;g<h;g++){d=this[g];if(d.style){e=d.style.display;if(e===""||e==="none")d.style.display=f._data(d,"olddisplay")||""}}return this},hide:function(a,b,c){if(a||a===0)return this.animate(ct("hide",3),a,b,c);var d,e,g=0,h=this.length;for(;g<h;g++)d=this[g],d.style&&(e=f.css(d,"display"),e!=="none"&&!f._data(d,"olddisplay")&&f._data(d,"olddisplay",e));for(g=0;g<h;g++)this[g].style&&(this[g].style.display="none");return this},_toggle:f.fn.toggle,toggle:function(a,b,c){var d=typeof a=="boolean";f.isFunction(a)&&f.isFunction(b)?this._toggle.apply(this,arguments):a==null||d?this.each(function(){var b=d?a:f(this).is(":hidden");f(this)[b?"show":"hide"]()}):this.animate(ct("toggle",3),a,b,c);return this},fadeTo:function(a,b,c,d){return this.filter(":hidden").css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){function g(){e.queue===!1&&f._mark(this);var b=f.extend({},e),c=this.nodeType===1,d=c&&f(this).is(":hidden"),g,h,i,j,k,l,m,n,o,p,q;b.animatedProperties={};for(i in a){g=f.camelCase(i),i!==g&&(a[g]=a[i],delete a[i]);if((k=f.cssHooks[g])&&"expand"in k){l=k.expand(a[g]),delete a[g];for(i in l)i in a||(a[i]=l[i])}}for(g in a){h=a[g],f.isArray(h)?(b.animatedProperties[g]=h[1],h=a[g]=h[0]):b.animatedProperties[g]=b.specialEasing&&b.specialEasing[g]||b.easing||"swing";if(h==="hide"&&d||h==="show"&&!d)return b.complete.call(this);c&&(g==="height"||g==="width")&&(b.overflow=[this.style.overflow,this.style.overflowX,this.style.overflowY],f.css(this,"display")==="inline"&&f.css(this,"float")==="none"&&(!f.support.inlineBlockNeedsLayout||cu(this.nodeName)==="inline"?this.style.display="inline-block":this.style.zoom=1))}b.overflow!=null&&(this.style.overflow="hidden");for(i in a)j=new f.fx(this,b,i),h=a[i],cm.test(h)?(q=f._data(this,"toggle"+i)||(h==="toggle"?d?"show":"hide":0),q?(f._data(this,"toggle"+i,q==="show"?"hide":"show"),j[q]()):j[h]()):(m=cn.exec(h),n=j.cur(),m?(o=parseFloat(m[2]),p=m[3]||(f.cssNumber[i]?"":"px"),p!=="px"&&(f.style(this,i,(o||1)+p),n=(o||1)/j.cur()*n,f.style(this,i,n+p)),m[1]&&(o=(m[1]==="-="?-1:1)*o+n),j.custom(n,o,p)):j.custom(n,h,""));return!0}var e=f.speed(b,c,d);if(f.isEmptyObject(a))return this.each(e.complete,[!1]);a=f.extend({},a);return e.queue===!1?this.each(g):this.queue(e.queue,g)},stop:function(a,c,d){typeof a!="string"&&(d=c,c=a,a=b),c&&a!==!1&&this.queue(a||"fx",[]);return this.each(function(){function h(a,b,c){var e=b[c];f.removeData(a,c,!0),e.stop(d)}var b,c=!1,e=f.timers,g=f._data(this);d||f._unmark(!0,this);if(a==null)for(b in g)g[b]&&g[b].stop&&b.indexOf(".run")===b.length-4&&h(this,g,b);else g[b=a+".run"]&&g[b].stop&&h(this,g,b);for(b=e.length;b--;)e[b].elem===this&&(a==null||e[b].queue===a)&&(d?e[b](!0):e[b].saveState(),c=!0,e.splice(b,1));(!d||!c)&&f.dequeue(this,a)})}}),f.each({slideDown:ct("show",1),slideUp:ct("hide",1),slideToggle:ct("toggle",1),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){f.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),f.extend({speed:function(a,b,c){var d=a&&typeof a=="object"?f.extend({},a):{complete:c||!c&&b||f.isFunction(a)&&a,duration:a,easing:c&&b||b&&!f.isFunction(b)&&b};d.duration=f.fx.off?0:typeof d.duration=="number"?d.duration:d.duration in f.fx.speeds?f.fx.speeds[d.duration]:f.fx.speeds._default;if(d.queue==null||d.queue===!0)d.queue="fx";d.old=d.complete,d.complete=function(a){f.isFunction(d.old)&&d.old.call(this),d.queue?f.dequeue(this,d.queue):a!==!1&&f._unmark(this)};return d},easing:{linear:function(a){return a},swing:function(a){return-Math.cos(a*Math.PI)/2+.5}},timers:[],fx:function(a,b,c){this.options=b,this.elem=a,this.prop=c,b.orig=b.orig||{}}}),f.fx.prototype={update:function(){this.options.step&&this.options.step.call(this.elem,this.now,this),(f.fx.step[this.prop]||f.fx.step._default)(this)},cur:function(){if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==null))return this.elem[this.prop];var a,b=f.css(this.elem,this.prop);return isNaN(a=parseFloat(b))?!b||b==="auto"?0:b:a},custom:function(a,c,d){function h(a){return e.step(a)}var e=this,g=f.fx;this.startTime=cq||cr(),this.end=c,this.now=this.start=a,this.pos=this.state=0,this.unit=d||this.unit||(f.cssNumber[this.prop]?"":"px"),h.queue=this.options.queue,h.elem=this.elem,h.saveState=function(){f._data(e.elem,"fxshow"+e.prop)===b&&(e.options.hide?f._data(e.elem,"fxshow"+e.prop,e.start):e.options.show&&f._data(e.elem,"fxshow"+e.prop,e.end))},h()&&f.timers.push(h)&&!co&&(co=setInterval(g.tick,g.interval))},show:function(){var a=f._data(this.elem,"fxshow"+this.prop);this.options.orig[this.prop]=a||f.style(this.elem,this.prop),this.options.show=!0,a!==b?this.custom(this.cur(),a):this.custom(this.prop==="width"||this.prop==="height"?1:0,this.cur()),f(this.elem).show()},hide:function(){this.options.orig[this.prop]=f._data(this.elem,"fxshow"+this.prop)||f.style(this.elem,this.prop),this.options.hide=!0,this.custom(this.cur(),0)},step:function(a){var b,c,d,e=cq||cr(),g=!0,h=this.elem,i=this.options;if(a||e>=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c<b.length;c++)a=b[c],!a()&&b[c]===a&&b.splice(c--,1);b.length||f.fx.stop()},interval:13,stop:function(){clearInterval(co),co=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:function(a){f.style(a.elem,"opacity",a.now)},_default:function(a){a.elem.style&&a.elem.style[a.prop]!=null?a.elem.style[a.prop]=a.now+a.unit:a.elem[a.prop]=a.now}}}),f.each(cp.concat.apply([],cp),function(a,b){b.indexOf("margin")&&(f.fx.step[b]=function(a){f.style(a.elem,b,Math.max(0,a.now)+a.unit)})}),f.expr&&f.expr.filters&&(f.expr.filters.animated=function(a){return f.grep(f.timers,function(b){return a===b.elem}).length});var cv,cw=/^t(?:able|d|h)$/i,cx=/^(?:body|html)$/i;"getBoundingClientRect"in c.documentElement?cv=function(a,b,c,d){try{d=a.getBoundingClientRect()}catch(e){}if(!d||!f.contains(c,a))return d?{top:d.top,left:d.left}:{top:0,left:0};var g=b.body,h=cy(b),i=c.clientTop||g.clientTop||0,j=c.clientLeft||g.clientLeft||0,k=h.pageYOffset||f.support.boxModel&&c.scrollTop||g.scrollTop,l=h.pageXOffset||f.support.boxModel&&c.scrollLeft||g.scrollLeft,m=d.top+k-i,n=d.left+l-j;return{top:m,left:n}}:cv=function(a,b,c){var d,e=a.offsetParent,g=a,h=b.body,i=b.defaultView,j=i?i.getComputedStyle(a,null):a.currentStyle,k=a.offsetTop,l=a.offsetLeft;while((a=a.parentNode)&&a!==h&&a!==c){if(f.support.fixedPosition&&j.position==="fixed")break;d=i?i.getComputedStyle(a,null):a.currentStyle,k-=a.scrollTop,l-=a.scrollLeft,a===e&&(k+=a.offsetTop,l+=a.offsetLeft,f.support.doesNotAddBorder&&(!f.support.doesAddBorderForTableAndCells||!cw.test(a.nodeName))&&(k+=parseFloat(d.borderTopWidth)||0,l+=parseFloat(d.borderLeftWidth)||0),g=e,e=a.offsetParent),f.support.subtractsBorderForOverflowNotVisible&&d.overflow!=="visible"&&(k+=parseFloat(d.borderTopWidth)||0,l+=parseFloat(d.borderLeftWidth)||0),j=d}if(j.position==="relative"||j.position==="static")k+=h.offsetTop,l+=h.offsetLeft;f.support.fixedPosition&&j.position==="fixed"&&(k+=Math.max(c.scrollTop,h.scrollTop),l+=Math.max(c.scrollLeft,h.scrollLeft));return{top:k,left:l}},f.fn.offset=function(a){if(arguments.length)return a===b?this:this.each(function(b){f.offset.setOffset(this,a,b)});var c=this[0],d=c&&c.ownerDocument;if(!d)return null;if(c===d.body)return f.offset.bodyOffset(c);return cv(c,d,d.documentElement)},f.offset={bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.support.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,c){var d=/Y/.test(c);f.fn[a]=function(e){return f.access(this,function(a,e,g){var h=cy(a);if(g===b)return h?c in h?h[c]:f.support.boxModel&&h.document.documentElement[e]||h.document.body[e]:a[e];h?h.scrollTo(d?f(h).scrollLeft():g,d?g:f(h).scrollTop()):a[e]=g},a,e,arguments.length,null)}}),f.each({Height:"height",Width:"width"},function(a,c){var d="client"+a,e="scroll"+a,g="offset"+a;f.fn["inner"+a]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,c,"padding")):this[c]():null},f.fn["outer"+a]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,c,a?"margin":"border")):this[c]():null},f.fn[c]=function(a){return f.access(this,function(a,c,h){var i,j,k,l;if(f.isWindow(a)){i=a.document,j=i.documentElement[d];return f.support.boxModel&&j||i.body&&i.body[d]||j}if(a.nodeType===9){i=a.documentElement;if(i[d]>=i[e])return i[d];return Math.max(a.body[e],i[e],a.body[g],i[g])}if(h===b){k=f.css(a,c),l=parseFloat(k);return f.isNumeric(l)?l:k}f(a).css(c,h)},c,a,arguments.length,null)}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window);
\ No newline at end of file
diff --git a/pathod/libpathod/static/jquery.localscroll-min.js b/pathod/libpathod/static/jquery.localscroll-min.js
new file mode 100644
index 00000000..3f8d64cc
--- /dev/null
+++ b/pathod/libpathod/static/jquery.localscroll-min.js
@@ -0,0 +1,9 @@
+/**

+ * jQuery.LocalScroll - Animated scrolling navigation, using anchors.

+ * Copyright (c) 2007-2009 Ariel Flesler - aflesler(at)gmail(dot)com | http://flesler.blogspot.com

+ * Dual licensed under MIT and GPL.

+ * Date: 3/11/2009

+ * @author Ariel Flesler

+ * @version 1.2.7

+ **/

+;(function($){var l=location.href.replace(/#.*/,'');var g=$.localScroll=function(a){$('body').localScroll(a)};g.defaults={duration:1e3,axis:'y',event:'click',stop:true,target:window,reset:true};g.hash=function(a){if(location.hash){a=$.extend({},g.defaults,a);a.hash=false;if(a.reset){var e=a.duration;delete a.duration;$(a.target).scrollTo(0,a);a.duration=e}i(0,location,a)}};$.fn.localScroll=function(b){b=$.extend({},g.defaults,b);return b.lazy?this.bind(b.event,function(a){var e=$([a.target,a.target.parentNode]).filter(d)[0];if(e)i(a,e,b)}):this.find('a,area').filter(d).bind(b.event,function(a){i(a,this,b)}).end().end();function d(){return!!this.href&&!!this.hash&&this.href.replace(this.hash,'')==l&&(!b.filter||$(this).is(b.filter))}};function i(a,e,b){var d=e.hash.slice(1),f=document.getElementById(d)||document.getElementsByName(d)[0];if(!f)return;if(a)a.preventDefault();var h=$(b.target);if(b.lock&&h.is(':animated')||b.onBefore&&b.onBefore.call(b,a,f,h)===false)return;if(b.stop)h.stop(true);if(b.hash){var j=f.id==d?'id':'name',k=$('<a> </a>').attr(j,d).css({position:'absolute',top:$(window).scrollTop(),left:$(window).scrollLeft()});f[j]='';$('body').prepend(k);location=e.hash;k.remove();f[j]=d}h.scrollTo(f,b).trigger('notify.serialScroll',[f])}})(jQuery);
\ No newline at end of file
diff --git a/pathod/libpathod/static/jquery.scrollTo-min.js b/pathod/libpathod/static/jquery.scrollTo-min.js
new file mode 100644
index 00000000..7d4001dc
--- /dev/null
+++ b/pathod/libpathod/static/jquery.scrollTo-min.js
@@ -0,0 +1,11 @@
+/**

+ * jQuery.ScrollTo - Easy element scrolling using jQuery.

+ * Copyright (c) 2007-2009 Ariel Flesler - aflesler(at)gmail(dot)com | http://flesler.blogspot.com

+ * Dual licensed under MIT and GPL.

+ * Date: 3/9/2009

+ * @author Ariel Flesler

+ * @version 1.4.1

+ *

+ * http://flesler.blogspot.com/2007/10/jqueryscrollto.html

+ */

+;(function($){var m=$.scrollTo=function(b,h,f){$(window).scrollTo(b,h,f)};m.defaults={axis:'xy',duration:parseFloat($.fn.jquery)>=1.3?0:1};m.window=function(b){return $(window).scrollable()};$.fn.scrollable=function(){return this.map(function(){var b=this,h=!b.nodeName||$.inArray(b.nodeName.toLowerCase(),['iframe','#document','html','body'])!=-1;if(!h)return b;var f=(b.contentWindow||b).document||b.ownerDocument||b;return $.browser.safari||f.compatMode=='BackCompat'?f.body:f.documentElement})};$.fn.scrollTo=function(l,j,a){if(typeof j=='object'){a=j;j=0}if(typeof a=='function')a={onAfter:a};if(l=='max')l=9e9;a=$.extend({},m.defaults,a);j=j||a.speed||a.duration;a.queue=a.queue&&a.axis.length>1;if(a.queue)j/=2;a.offset=n(a.offset);a.over=n(a.over);return this.scrollable().each(function(){var k=this,o=$(k),d=l,p,g={},q=o.is('html,body');switch(typeof d){case'number':case'string':if(/^([+-]=)?\d+(\.\d+)?(px)?$/.test(d)){d=n(d);break}d=$(d,this);case'object':if(d.is||d.style)p=(d=$(d)).offset()}$.each(a.axis.split(''),function(b,h){var f=h=='x'?'Left':'Top',i=f.toLowerCase(),c='scroll'+f,r=k[c],s=h=='x'?'Width':'Height';if(p){g[c]=p[i]+(q?0:r-o.offset()[i]);if(a.margin){g[c]-=parseInt(d.css('margin'+f))||0;g[c]-=parseInt(d.css('border'+f+'Width'))||0}g[c]+=a.offset[i]||0;if(a.over[i])g[c]+=d[s.toLowerCase()]()*a.over[i]}else g[c]=d[i];if(/^\d+$/.test(g[c]))g[c]=g[c]<=0?0:Math.min(g[c],u(s));if(!b&&a.queue){if(r!=g[c])t(a.onAfterFirst);delete g[c]}});t(a.onAfter);function t(b){o.animate(g,j,a.easing,b&&function(){b.call(this,l,a)})};function u(b){var h='scroll'+b;if(!q)return k[h];var f='client'+b,i=k.ownerDocument.documentElement,c=k.ownerDocument.body;return Math.max(i[h],c[h])-Math.min(i[f],c[f])}}).end()};function n(b){return typeof b=='object'?b:{top:b,left:b}}})(jQuery);
\ No newline at end of file
diff --git a/pathod/libpathod/static/pathod.css b/pathod/libpathod/static/pathod.css
new file mode 100644
index 00000000..8b23b4d5
--- /dev/null
+++ b/pathod/libpathod/static/pathod.css
@@ -0,0 +1,56 @@
+
+
+.fronttable {
+}
+
+.bigtitle {
+    font-weight: bold;
+    font-size: 50px;
+    line-height: 55px;
+    text-align: center;
+    display: table;
+    height: 300px;
+}
+
+.bigtitle>div {
+    display: table-cell;
+    vertical-align: middle;
+}
+
+section {
+    margin-top: 50px;
+}
+
+.example {
+    margin-top: 10px;
+    margin-bottom: 10px;
+}
+
+.terminal {
+    margin-top: 10px;
+    margin-bottom: 10px;
+    background: #000;
+    color: #fff;
+}
+
+.innerlink {
+    text-decoration: none;
+    border-bottom:1px dotted;
+    margin-bottom: 15px;
+}
+
+.masthead {
+    padding: 50px 0 60px;
+    text-align: center;
+
+}
+
+.header {
+    font-size: 1.5em;
+}
+
+.page-header {
+    margin-top: 10px;
+
+
+}
diff --git a/pathod/libpathod/static/start_quote.png b/pathod/libpathod/static/start_quote.png
new file mode 100644
index 00000000..8090f6e8
--- /dev/null
+++ b/pathod/libpathod/static/start_quote.png
diff --git a/pathod/libpathod/static/syntax.css b/pathod/libpathod/static/syntax.css
new file mode 100644
index 00000000..e371658a
--- /dev/null
+++ b/pathod/libpathod/static/syntax.css
@@ -0,0 +1,120 @@
+.highlight  { background: #f8f8f8; }
+.highlight .c { color: #408080; font-style: italic } /* Comment */
+.highlight .err { border: 1px solid #FF0000 } /* Error */
+.highlight .k { color: #008000; font-weight: bold } /* Keyword */
+.highlight .o { color: #666666 } /* Operator */
+.highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */
+.highlight .cp { color: #BC7A00 } /* Comment.Preproc */
+.highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */
+.highlight .cs { color: #408080; font-style: italic } /* Comment.Special */
+.highlight .gd { color: #A00000 } /* Generic.Deleted */
+.highlight .ge { font-style: italic } /* Generic.Emph */
+.highlight .gr { color: #FF0000 } /* Generic.Error */
+.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
+.highlight .gi { color: #00A000 } /* Generic.Inserted */
+.highlight .go { color: #808080 } /* Generic.Output */
+.highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */
+.highlight .gs { font-weight: bold } /* Generic.Strong */
+.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
+.highlight .gt { color: #0040D0 } /* Generic.Traceback */
+.highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */
+.highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */
+.highlight .kp { color: #008000 } /* Keyword.Pseudo */
+.highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */
+.highlight .kt { color: #B00040 } /* Keyword.Type */
+.highlight .m { color: #666666 } /* Literal.Number */
+.highlight .s { color: #BA2121 } /* Literal.String */
+.highlight .na { color: #7D9029 } /* Name.Attribute */
+.highlight .nb { color: #008000 } /* Name.Builtin */
+.highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */
+.highlight .no { color: #880000 } /* Name.Constant */
+.highlight .nd { color: #AA22FF } /* Name.Decorator */
+.highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */
+.highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */
+.highlight .nf { color: #0000FF } /* Name.Function */
+.highlight .nl { color: #A0A000 } /* Name.Label */
+.highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */
+.highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */
+.highlight .nv { color: #19177C } /* Name.Variable */
+.highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */
+.highlight .w { color: #bbbbbb } /* Text.Whitespace */
+.highlight .mf { color: #666666 } /* Literal.Number.Float */
+.highlight .mh { color: #666666 } /* Literal.Number.Hex */
+.highlight .mi { color: #666666 } /* Literal.Number.Integer */
+.highlight .mo { color: #666666 } /* Literal.Number.Oct */
+.highlight .sb { color: #BA2121 } /* Literal.String.Backtick */
+.highlight .sc { color: #BA2121 } /* Literal.String.Char */
+.highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */
+.highlight .s2 { color: #BA2121 } /* Literal.String.Double */
+.highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */
+.highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */
+.highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */
+.highlight .sx { color: #008000 } /* Literal.String.Other */
+.highlight .sr { color: #BB6688 } /* Literal.String.Regex */
+.highlight .s1 { color: #BA2121 } /* Literal.String.Single */
+.highlight .ss { color: #19177C } /* Literal.String.Symbol */
+.highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */
+.highlight .vc { color: #19177C } /* Name.Variable.Class */
+.highlight .vg { color: #19177C } /* Name.Variable.Global */
+.highlight .vi { color: #19177C } /* Name.Variable.Instance */
+.highlight .il { color: #666666 } /* Literal.Number.Integer.Long */
+.grokdoc  { background: #f8f8f8; }
+.grokdoc .c { color: #408080; font-style: italic } /* Comment */
+.grokdoc .err { border: 1px solid #FF0000 } /* Error */
+.grokdoc .k { color: #008000; font-weight: bold } /* Keyword */
+.grokdoc .o { color: #666666 } /* Operator */
+.grokdoc .cm { color: #408080; font-style: italic } /* Comment.Multiline */
+.grokdoc .cp { color: #BC7A00 } /* Comment.Preproc */
+.grokdoc .c1 { color: #408080; font-style: italic } /* Comment.Single */
+.grokdoc .cs { color: #408080; font-style: italic } /* Comment.Special */
+.grokdoc .gd { color: #A00000 } /* Generic.Deleted */
+.grokdoc .ge { font-style: italic } /* Generic.Emph */
+.grokdoc .gr { color: #FF0000 } /* Generic.Error */
+.grokdoc .gh { color: #000080; font-weight: bold } /* Generic.Heading */
+.grokdoc .gi { color: #00A000 } /* Generic.Inserted */
+.grokdoc .go { color: #808080 } /* Generic.Output */
+.grokdoc .gp { color: #000080; font-weight: bold } /* Generic.Prompt */
+.grokdoc .gs { font-weight: bold } /* Generic.Strong */
+.grokdoc .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
+.grokdoc .gt { color: #0040D0 } /* Generic.Traceback */
+.grokdoc .kc { color: #008000; font-weight: bold } /* Keyword.Constant */
+.grokdoc .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */
+.grokdoc .kp { color: #008000 } /* Keyword.Pseudo */
+.grokdoc .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */
+.grokdoc .kt { color: #B00040 } /* Keyword.Type */
+.grokdoc .m { color: #666666 } /* Literal.Number */
+.grokdoc .s { color: #BA2121 } /* Literal.String */
+.grokdoc .na { color: #7D9029 } /* Name.Attribute */
+.grokdoc .nb { color: #008000 } /* Name.Builtin */
+.grokdoc .nc { color: #0000FF; font-weight: bold } /* Name.Class */
+.grokdoc .no { color: #880000 } /* Name.Constant */
+.grokdoc .nd { color: #AA22FF } /* Name.Decorator */
+.grokdoc .ni { color: #999999; font-weight: bold } /* Name.Entity */
+.grokdoc .ne { color: #D2413A; font-weight: bold } /* Name.Exception */
+.grokdoc .nf { color: #0000FF } /* Name.Function */
+.grokdoc .nl { color: #A0A000 } /* Name.Label */
+.grokdoc .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */
+.grokdoc .nt { color: #008000; font-weight: bold } /* Name.Tag */
+.grokdoc .nv { color: #19177C } /* Name.Variable */
+.grokdoc .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */
+.grokdoc .w { color: #bbbbbb } /* Text.Whitespace */
+.grokdoc .mf { color: #666666 } /* Literal.Number.Float */
+.grokdoc .mh { color: #666666 } /* Literal.Number.Hex */
+.grokdoc .mi { color: #666666 } /* Literal.Number.Integer */
+.grokdoc .mo { color: #666666 } /* Literal.Number.Oct */
+.grokdoc .sb { color: #BA2121 } /* Literal.String.Backtick */
+.grokdoc .sc { color: #BA2121 } /* Literal.String.Char */
+.grokdoc .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */
+.grokdoc .s2 { color: #BA2121 } /* Literal.String.Double */
+.grokdoc .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */
+.grokdoc .sh { color: #BA2121 } /* Literal.String.Heredoc */
+.grokdoc .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */
+.grokdoc .sx { color: #008000 } /* Literal.String.Other */
+.grokdoc .sr { color: #BB6688 } /* Literal.String.Regex */
+.grokdoc .s1 { color: #BA2121 } /* Literal.String.Single */
+.grokdoc .ss { color: #19177C } /* Literal.String.Symbol */
+.grokdoc .bp { color: #008000 } /* Name.Builtin.Pseudo */
+.grokdoc .vc { color: #19177C } /* Name.Variable.Class */
+.grokdoc .vg { color: #19177C } /* Name.Variable.Global */
+.grokdoc .vi { color: #19177C } /* Name.Variable.Instance */
+.grokdoc .il { color: #666666 } /* Literal.Number.Integer.Long */
diff --git a/pathod/libpathod/static/torture.png b/pathod/libpathod/static/torture.png
new file mode 100644
index 00000000..50e245ea
--- /dev/null
+++ b/pathod/libpathod/static/torture.png
diff --git a/pathod/libpathod/templates/about.html b/pathod/libpathod/templates/about.html
new file mode 100644
index 00000000..340dc386
--- /dev/null
+++ b/pathod/libpathod/templates/about.html
@@ -0,0 +1,22 @@
+{% extends "frame.html" %} {% block body %}
+<section>
+    <div class="page-header">
+        <h1>About</h1>
+    </div>
+    <div class="row">
+        <div class="span6">
+            <div>
+                <p>pathod is developed by <a href="http://corte.si">Aldo Cortesi</a>.</p>
+            </div>
+
+            <div>
+                <ul>
+                    <li>email: <a href="mailto:aldo@corte.si">aldo@corte.si</a></li>
+                    <li>twitter: <a href="http://twitter.com/cortesi">@cortesi</a></li>
+                    <li>github: <a href="https://github.com/cortesi">github.com/cortesi</a></li>
+                </ul>
+            </div>
+        </div>
+    </div>
+</section>
+{% endblock %}
diff --git a/pathod/libpathod/templates/docframe.html b/pathod/libpathod/templates/docframe.html
new file mode 100644
index 00000000..4cbdeebc
--- /dev/null
+++ b/pathod/libpathod/templates/docframe.html
@@ -0,0 +1,26 @@
+{% extends "layout.html" %}
+
+{% macro subs(s) %}
+    {% if subsection == s %}
+        class="active"
+    {% endif %}
+{% endmacro %}
+
+{% block content %}
+<div class="row">
+    <div class="span3">
+        <div class="well sidebar-nav">
+            <ul class="nav nav-list">
+                <li {{subs( "pathod")}}><a href="/docs/pathod">pathod</a></li>
+                <li {{subs( "pathoc")}}><a href="/docs/pathoc">pathoc</a></li>
+                <li {{subs( "lang")}}><a href="/docs/language">language</a></li>
+                <li {{subs( "libpathod")}}><a href="/docs/libpathod">libpathod</a></li>
+                <li {{subs( "test")}}><a href="/docs/test">libpathod.test</a></li>
+            </ul>
+        </div>
+    </div>
+    <div class="span9">
+        {% block body %} {% endblock %}
+    </div>
+</div>
+{% endblock %}
diff --git a/pathod/libpathod/templates/docs_lang.html b/pathod/libpathod/templates/docs_lang.html
new file mode 100644
index 00000000..a1d22aef
--- /dev/null
+++ b/pathod/libpathod/templates/docs_lang.html
@@ -0,0 +1,196 @@
+{% extends "docframe.html" %} {% block body %}
+<div class="page-header">
+    <h1>
+        Language Spec
+        <small>The mini-language at the heart of pathoc and pathod.</small>
+    </h1>
+</div>
+
+<ul class="nav nav-tabs">
+    <li class="active"><a href="#specifying_requests" data-toggle="tab">HTTP Requests</a></li>
+    <li><a href="#specifying_responses" data-toggle="tab">HTTP Responses</a></li>
+    <li><a href="#websockets" data-toggle="tab">Websocket Frames</a></li>
+</ul>
+
+<div class="tab-content">
+    <div class="tab-pane" id="specifying_responses">
+        {% include "docs_lang_responses.html" %}
+    </div>
+    <div class="tab-pane active" id="specifying_requests">
+        {% include "docs_lang_requests.html" %}
+    </div>
+    <div class="tab-pane" id="websockets">
+        {% include "docs_lang_websockets.html" %}
+    </div>
+</div>
+
+<section id="features">
+    <div class="page-header">
+        <h1>Features</h1>
+    </div>
+
+    <a id="offsetspec"></a>
+    <h2>OFFSET</h2>
+
+    <p>
+        Offsets are calculated relative to the base message, before any injections or other
+        transforms are applied. They have 3 flavors:
+    </p>
+
+    <ul>
+        <li>An integer byte offset </li>
+        <li><b>r</b> for a random location</li>
+        <li><b>a</b> for the end of the message</li>
+    </ul>
+
+    <a id="valuespec"></a>
+    <h2>VALUE</h2>
+
+    <h3>Literals</h3>
+
+    <p>Literal values are specified as a quoted strings: </p>
+
+    <pre class="example">"foo"</pre>
+
+    <p>
+        Either single or double quotes are accepted, and quotes can be escaped with backslashes
+        within the string:
+    </p>
+
+    <pre class="example">'fo\'o'</pre>
+
+    <p>Literal values can contain Python-style backslash escape sequences:</p>
+
+    <pre class="example">'foo\r\nbar'</pre>
+
+    <h3>Files</h3>
+
+    <p>
+        You can load a value from a specified file path. To do so, you have to specify a
+        _staticdir_ option to pathod on the command-line, like so:
+    </p>
+
+    <pre class="example">pathod -d ~/myassets</pre>
+
+    <p>
+        All paths are relative paths under this directory. File loads are indicated by starting
+        the value specifier with the left angle bracket:
+    </p>
+
+    <pre class="example">&lt;my/path</pre>
+
+    <p>The path value can also be a quoted string, with the same syntax as literals:</p>
+
+    <pre class="example">&lt;"my/path"</pre>
+
+
+    <h3>Generated values</h3>
+
+    <p>
+        An @-symbol lead-in specifies that generated data should be used. There are two components
+        to a generator specification - a size, and a data type. By default pathod
+        assumes a data type of "bytes".
+    </p>
+
+    <p>Here's a value specifier for generating 100 bytes:
+
+        <pre class="example">@100</pre>
+    </p>
+
+    <p>
+        You can use standard suffixes to indicate larger values. Here, for instance, is a
+        specifier for generating 100 megabytes:
+    </p>
+
+    <pre class="example">@100m</pre>
+
+    <p>
+        Data is generated and served efficiently - if you really want to send a terabyte
+        of data to a client, pathod can do it. The supported suffixes are:
+    </p>
+
+    <table class="table table-bordered">
+        <tbody>
+            <tr>
+                <td>b</td>
+                <td>1024**0 (bytes)</td>
+            </tr>
+            <tr>
+                <td>k</td>
+                <td>1024**1 (kilobytes)</td>
+            </tr>
+            <tr>
+                <td>m</td>
+                <td>1024**2 (megabytes)</td>
+            </tr>
+            <tr>
+                <td>g</td>
+                <td>1024**3 (gigabytes)</td>
+            </tr>
+            <tr>
+                <td>t</td>
+                <td>1024**4 (terabytes)</td>
+            </tr>
+        </tbody>
+    </table>
+
+    <p>
+        Data types are separated from the size specification by a comma. This specification
+        generates 100mb of ASCII:
+    </p>
+
+    <pre class="example">@100m,ascii</pre>
+
+    <p>Supported data types are:</p>
+
+    <table class="table table-bordered">
+        <tbody>
+            <tr>
+                <td>ascii</td>
+                <td>All ASCII characters</td>
+            </tr>
+            <tr>
+                <td>ascii_letters</td>
+                <td>A-Za-z</td>
+            </tr>
+            <tr>
+                <td>ascii_lowercase</td>
+                <td>a-z</td>
+            </tr>
+            <tr>
+                <td>ascii_uppercase</td>
+                <td>A-Z</td>
+            </tr>
+            <tr>
+                <td>bytes</td>
+                <td>All 256 byte values</td>
+            </tr>
+            <tr>
+                <td>digits</td>
+                <td>0-9</td>
+            </tr>
+            <tr>
+                <td>hexdigits</td>
+                <td>0-f</td>
+            </tr>
+            <tr>
+                <td>octdigits</td>
+                <td>0-7</td>
+            </tr>
+            <tr>
+                <td>punctuation</td>
+                <td>
+                    <pre>!"#$%&\'()*+,-./:;
+                        <=>?@[\\]^_`{|}~</pre>
+                </td>
+            </tr>
+            <tr>
+                <td>whitespace</td>
+                <td>
+                    <pre>\t\n\x0b\x0c\r and space</pre>
+                </td>
+            </tr>
+        </tbody>
+    </table>
+</section>
+{% endblock %}
diff --git a/pathod/libpathod/templates/docs_lang_requests.html b/pathod/libpathod/templates/docs_lang_requests.html
new file mode 100644
index 00000000..81aff535
--- /dev/null
+++ b/pathod/libpathod/templates/docs_lang_requests.html
@@ -0,0 +1,114 @@
+<pre class="example">method:path:[colon-separated list of features]</pre>
+</p>
+
+<table class="table table-bordered">
+    <tbody>
+        <tr>
+            <td>method</td>
+            <td>
+                <p>
+                    A <a href="#valuespec">VALUE</a> specifying the HTTP method to
+                    use. Standard methods do not need to be enclosed in quotes, while
+                    non-standard methods can be specified as quoted strings.
+                </p>
+
+                <p>
+                    The special method <b>ws</b> creates a valid websocket upgrade
+                    GET request, and signals to pathoc to switch to websocket recieve
+                    mode if the server responds correctly. Apart from that, websocket
+                    requests are just like any other, and all aspects of the request
+                    can be over-ridden.
+                </p>
+            </td>
+        </tr>
+
+        <tr>
+            <td>h<a href="#valuespec">VALUE</a>=<a href="#valuespec">VALUE</a></td>
+            <td>
+                Set a header.
+            </td>
+        </tr>
+
+        <tr>
+            <td>r</td>
+            <td>
+                Set the "raw" flag on this response. Pathod will not calculate a Content-Length header
+                if a body is set.
+            </td>
+        </tr>
+
+        <tr>
+            <td>c<a href="#valuespec">VALUE</a></td>
+            <td>
+                A shortcut for setting the Content-Type header. Equivalent to h"Content-Type"=VALUE
+            </td>
+        </tr>
+
+        <tr>
+            <td>u<a href="#valuespec">VALUE</a>
+                <br> uSHORTCUT
+            </td>
+
+            <td>
+                Set a User-Agent header on this request. You can specify either a complete
+                <a href="#valuespec">VALUE</a>, or a User-Agent shortcut:
+
+                <table class="table table-condensed">
+                    {% for i in uastrings %}
+                    <tr>
+                        <td><b>{{ i[1] }}</b></td>
+                        <td>{{ i[0] }}</td>
+                    </tr>
+                    {% endfor %}
+                </table>
+            </td>
+        </tr>
+
+        <tr>
+            <td>b<a href="#valuespec">VALUE</a></td>
+            <td>
+                Set the body. The appropriate Content-Length header is added automatically unless
+                the "r" flag is set.
+            </td>
+        </tr>
+
+        <tr>
+            <td>s<a href="#valuespec">VALUE</a></td>
+            <td>
+                An embedded Response specification, appended to the path of the request.
+            </td>
+        </tr>
+
+        <tr>
+            <td>x<a href="#valuespec">INTEGER</a></td>
+            <td>
+                Repeat this message N times.
+            </td>
+        </tr>
+
+        <tr>
+            <td>d<a href="#offsetspec">OFFSET</a></td>
+            <td>
+                <span class="badge badge-info">HTTP/1 only</span> Disconnect after
+                OFFSET bytes.
+            </td>
+        </tr>
+
+        <tr>
+            <td>i<a href="#offsetspec">OFFSET</a>,<a href="#valuespec">VALUE</a></td>
+            <td>
+                <span class="badge badge-info">HTTP/1 only</span> Inject the specified
+                value at the offset.
+            </td>
+        </tr>
+
+        <tr>
+            <td>p<a href="#offsetspec">OFFSET</a>,SECONDS</td>
+            <td>
+                <span class="badge badge-info">HTTP/1 only</span> Pause for SECONDS
+                seconds after OFFSET bytes. SECONDS can be an integer or "f" to pause
+                forever.
+            </td>
+        </tr>
+    </tbody>
+</table>
diff --git a/pathod/libpathod/templates/docs_lang_responses.html b/pathod/libpathod/templates/docs_lang_responses.html
new file mode 100644
index 00000000..9a85ff1a
--- /dev/null
+++ b/pathod/libpathod/templates/docs_lang_responses.html
@@ -0,0 +1,88 @@
+<pre class="example">code:[colon-separated list of features]</pre>
+
+<table class="table table-bordered">
+    <tbody>
+        <tr>
+            <td>code</td>
+            <td>
+                <p>An integer specifying the HTTP response code.</p>
+                <p>
+                    The special method <b>ws</b> creates a valid websocket upgrade
+                    response (code 101), and moves pathod to websocket mode. Apart
+                    from that, websocket responses are just like any other, and all
+                    aspects of the response can be over-ridden.
+                </p>
+            </td>
+        </tr>
+
+        <tr>
+            <td>m<a href="#valuespec">VALUE</a></td>
+            <td>
+                <span class="badge badge-info">HTTP/1 only</span> HTTP Reason message.
+                Automatically chosen according to the response code if not specified.
+            </td>
+        </tr>
+
+        <tr>
+            <td>h<a href="#valuespec">VALUE</a>=<a href="#valuespec">VALUE</a></td>
+            <td>
+                Set a header.
+            </td>
+        </tr>
+
+        <tr>
+            <td>r</td>
+            <td>
+                Set the "raw" flag on this response. Pathod will not calculate a Content-Length header
+                if a body is set, or add a Date header to the response.
+            </td>
+        </tr>
+
+        <tr>
+            <td>l<a href="#valuespec">VALUE</a></td>
+            <td>
+                A shortcut for setting the Location header. Equivalent to h"Location"=VALUE
+            </td>
+        </tr>
+
+        <tr>
+            <td>c<a href="#valuespec">VALUE</a></td>
+            <td>
+                A shortcut for setting the Content-Type header. Equivalent to h"Content-Type"=VALUE
+            </td>
+        </tr>
+
+        <tr>
+            <td>b<a href="#valuespec">VALUE</a></td>
+            <td>
+                Set the body. The appropriate Content-Length header is added automatically unless
+                the "r" flag is set.
+            </td>
+        </tr>
+
+        <tr>
+            <td>d<a href="#offsetspec">OFFSET</a></td>
+            <td>
+                <span class="badge badge-info">HTTP/1 only</span> Disconnect after
+                OFFSET bytes.
+            </td>
+        </tr>
+
+        <tr>
+            <td>i<a href="#offsetspec">OFFSET</a>,<a href="#valuespec">VALUE</a></td>
+            <td>
+                <span class="badge badge-info">HTTP/1 only</span> Inject the specified
+                value at the offset.
+            </td>
+        </tr>
+
+        <tr>
+            <td>p<a href="#offsetspec">OFFSET</a>,SECONDS</td>
+            <td>
+                <span class="badge badge-info">HTTP/1 only</span> Pause for SECONDS
+                seconds after OFFSET bytes. SECONDS can be an integer or "f" to pause
+                forever.
+            </td>
+        </tr>
+    </tbody>
+</table>
diff --git a/pathod/libpathod/templates/docs_lang_websockets.html b/pathod/libpathod/templates/docs_lang_websockets.html
new file mode 100644
index 00000000..dd318e0b
--- /dev/null
+++ b/pathod/libpathod/templates/docs_lang_websockets.html
@@ -0,0 +1,115 @@
+<pre class="example">wf:[colon-separated list of features]</pre>
+</p>
+
+<table class="table table-bordered">
+    <tbody>
+
+        <tr>
+            <td> b<a href="#valuespec">VALUE</a> </td>
+            <td>
+                Set the frame payload. If a masking key is present, the value is encoded automatically.
+            </td>
+        </tr>
+
+        <tr>
+            <td> c<a href="#valuespec">INTEGER</a> </td>
+            <td>
+
+                Set the op code. This can either be an integer from 0-15, or be one of the following
+                opcode names: <b>text</b> (the default),
+                <b>continue</b>, <b>binary</b>, <b>close</b>, <b>ping</b>,
+                <b>pong</b>.
+
+            </td>
+        </tr>
+
+        <tr>
+            <td> d<a href="#offsetspec">OFFSET</a> </td>
+            <td>
+                Disconnect after OFFSET bytes.
+            </td>
+        </tr>
+
+        <tr>
+            <td> [-]fin </td>
+            <td>
+                Set or un-set the <b>fin</b> bit.
+            </td>
+        </tr>
+
+        <tr>
+            <td> i<a href="#offsetspec">OFFSET</a>,<a href="#valuespec">VALUE</a> </td>
+            <td>
+                Inject the specified value at the offset.
+            </td>
+        </tr>
+
+        <tr>
+            <td> k<a href="#valuespec">VALUE</a> </td>
+            <td>
+                Set the masking key. The resulting value must be exactly 4 bytes long. The special
+                form
+                <b>knone</b> specifies that no key should be set, even if the mask
+                bit is on.
+            </td>
+        </tr>
+
+        <tr>
+            <td> l<a href="#valuespec">INTEGER</a> </td>
+            <td>
+                Set the payload length in the frame header, regardless of the actual body length.
+            </td>
+        </tr>
+
+        <tr>
+            <td> [-]mask </td>
+            <td>
+                Set or un-set the <b>mask</b> bit.
+            </td>
+        </tr>
+
+        <tr>
+            <td> p<a href="#offsetspec">OFFSET</a>,SECONDS </td>
+            <td>
+                Pause for SECONDS seconds after OFFSET bytes. SECONDS can be an integer or "f" to
+                pause forever.
+            </td>
+        </tr>
+
+        <tr>
+            <td> r<a href="#valuespec">VALUE</a> </td>
+            <td>
+                Set the raw frame payload. This disables masking, even if the key is present.
+            </td>
+        </tr>
+
+        <tr>
+            <td> [-]rsv1 </td>
+            <td>
+                Set or un-set the <b>rsv1</b> bit.
+            </td>
+        </tr>
+
+        <tr>
+            <td> [-]rsv2 </td>
+            <td>
+                Set or un-set the <b>rsv2</b> bit.
+            </td>
+        </tr>
+
+        <tr>
+            <td> [-]rsv3 </td>
+            <td>
+                Set or un-set the <b>rsv3</b> bit.
+            </td>
+        </tr>
+
+        <tr>
+            <td> x<a href="#valuespec">INTEGER</a> </td>
+            <td>
+                Repeat this message N times.
+            </td>
+        </tr>
+
+    </tbody>
+</table>
diff --git a/pathod/libpathod/templates/docs_libpathod.html b/pathod/libpathod/templates/docs_libpathod.html
new file mode 100644
index 00000000..6d504fe5
--- /dev/null
+++ b/pathod/libpathod/templates/docs_libpathod.html
@@ -0,0 +1,23 @@
+{% extends "docframe.html" %} {% block body %}
+<div class="page-header">
+    <h1>
+        libpathod
+        <small>Using pathod and pathoc in code.</small>
+    </h1>
+</div>
+
+<div class="row">
+    <div class="span6">
+        <p>
+            Behind the pathod and pathoc command-line tools lurks <b>libpathod</b>,
+            a powerful library for manipulating and serving HTTP requests and responses.
+            The canonical documentation for the library is in the code, and can be
+            accessed using pydoc.
+        </p>
+    </div>
+    <div class="span6">
+        <h1>pathoc</h1>
+        {% include "libpathod_pathoc.html" %}
+    </div>
+</div>
+{% endblock %}
diff --git a/pathod/libpathod/templates/docs_pathoc.html b/pathod/libpathod/templates/docs_pathoc.html
new file mode 100644
index 00000000..d38c3a77
--- /dev/null
+++ b/pathod/libpathod/templates/docs_pathoc.html
@@ -0,0 +1,211 @@
+{% extends "docframe.html" %} {% block body %}
+<div class="page-header">
+    <h1>
+        pathoc
+        <small>A perverse HTTP client.</small>
+    </h1>
+</div>
+
+<p>
+    Pathoc is a perverse HTTP daemon designed to let you craft almost any conceivable
+    HTTP request, including ones that creatively violate the standards. HTTP requests
+    are specified using a
+    <a href="/docs/language">small, terse language</a>, which pathod shares with
+    its server-side twin <a href="/docs/pathod">pathod</a>. To view pathoc's complete
+    range of options, use the command-line help:
+</p>
+
+<pre class="terminal">pathoc --help</pre>
+
+<section>
+    <div class="page-header">
+        <h1>Getting Started</h1>
+    </div>
+
+    <p>The basic pattern for pathoc commands is as follows: </p>
+
+    <pre class="terminal">pathoc hostname request [request ...]</pre>
+
+    <p>
+        That is, we specify the hostname to connect to, followed by one or more requests.
+        Lets start with a simple example:
+    </p>
+
+    <pre class="terminal">
+        &gt; pathoc google.com get:/ &lt;&lt; 301 Moved Permanently: 219 bytes
+    </pre>
+
+    <p>
+        Here, we make a GET request to the path / on port 80 of google.com. Pathoc's output
+        tells us that the server responded with a 301. We can tell pathoc to connect
+        using SSL, in which case the default port is changed to 443 (you can over-ride
+        the default port with the <b>-p</b> command-line option):
+    </p>
+
+    <pre class="terminal">
+        &gt; pathoc -s google.com get:/ &lt;&lt; 301 Moved Permanently: 219 bytes
+    </pre>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>Multiple Requests</h1>
+    </div>
+
+    <p>
+        There are two ways to tell pathoc to issue multiple requests. The first is to specify
+        them on the command-line, like so:
+    </p>
+
+    <pre class="terminal">
+        &gt; pathoc google.com get:/ get:/ &lt;&lt; 301 Moved Permanently: 219 bytes &lt;&lt;
+        301 Moved Permanently: 219 bytes
+    </pre>
+
+    <p>
+        In this case, pathoc issues the specified requests over the same TCP connection -
+        so in the above example only one connection is made to google.com
+    </p>
+
+    <p>The other way to issue multiple requets is to use the <b>-n</b> flag:</p>
+
+    <pre class="terminal">
+        &gt; pathoc -n 2 google.com get:/ &lt;&lt; 301 Moved Permanently: 219 bytes &lt;&lt; 301
+        Moved Permanently: 219 bytes
+    </pre>
+
+    <p>
+        The output is identical, but two separate TCP connections are made to the upstream
+        server. These two specification styles can be combined:
+    </p>
+
+    <pre class="terminal">
+        &gt; pathoc -n 2 google.com get:/ get:/ &lt;&lt; 301 Moved Permanently: 219 bytes &lt;&lt;
+        301 Moved Permanently: 219 bytes &lt;&lt; 301 Moved Permanently: 219 bytes &lt;&lt;
+        301 Moved Permanently: 219 bytes
+    </pre>
+
+    <p>Here, two distinct TCP connections are made, with two requests issued over each.</p>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>Basic Fuzzing</h1>
+    </div>
+
+    <p>
+        The combination of pathoc's powerful request specification language and a few of
+        its command-line options makes for quite a powerful basic fuzzer. Here's
+        an example:
+    </p>
+
+    <pre class="terminal">
+        &gt; pathoc -e -I 200 -t 2 -n 1000 localhost get:/:b@10:ir,@1
+    </pre>
+
+    <p>
+        The request specified here is a valid GET with a body consisting of 10 random bytes,
+        but with 1 random byte inserted in a random place. This could be in the headers,
+        in the initial request line, or in the body itself. There are a few things
+        to note here:
+    </p>
+
+    <ul>
+        <li>
+            Corrupting the request in this way will often make the server enter a state where
+            it's awaiting more input from the client. This is where the
+            <b>-t</b> option comes in, which sets a timeout that causes pathoc to
+            disconnect after two seconds.
+        </li>
+
+        <li>
+            The <b>-n</b> option tells pathoc to repeat the request 1000 times.
+        </li>
+
+        <li>
+            The <b>-I</b> option tells pathoc to ignore HTTP 200 response codes.
+            You can use this to fine-tune what pathoc considers to be an exceptional
+            condition, and therefore log-worthy.
+        </li>
+
+        <li>
+            The <b>-e</b> option tells pathoc to print an explanation of each logged
+            request, in the form of an expanded pathoc specification with all random
+            portions and automatic header additions resolved. This lets you precisely
+            replay a request that triggered an error.
+        </li>
+    </ul>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>Interacting with Proxies</h1>
+    </div>
+
+    <p>
+        Pathoc has a reasonably sophisticated suite of features for interacting with proxies.
+        The proxy request syntax very closely mirrors that of straight HTTP, which
+        means that it is possible to make proxy-style requests using pathoc without
+        any additional syntax, by simply specifying a full URL instead of a simple
+        path:
+    </p>
+
+    <pre class="terminal">&gt; pathoc -p 8080 localhost "get:'http://google.com'"</pre>
+
+    <p>
+        Another common use case is to use an HTTP CONNECT request to probe remote servers
+        via a proxy. This is done with the <b>-c</b> command-line option,
+        which allows you to specify a remote host and port pair:
+    </p>
+
+    <pre class="terminal">&gt; pathoc -c google.com:80 -p 8080 localhost get:/</pre>
+
+    <p>
+        Note that pathoc does <b>not</b> negotiate SSL without being explictly instructed
+        to do so. If you're making a CONNECT request to an SSL-protected resource,
+        you must also pass the <b>-s</b> flag:
+    </p>
+
+    <pre class="terminal">&gt; pathoc -sc google.com:443 -p 8080 localhost get:/</pre>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>Embedded response specification</h1>
+    </div>
+
+    <p>
+        One interesting feature of the Request sppecification language is that you can embed
+        a response specifcation in it, which is then added to the request path. Here's
+        an example:
+    </p>
+
+    <pre class="terminal">&gt; pathoc localhost:9999 "get:/p/:s'401:ir,@1'"</pre>
+
+    <p>
+        This crafts a request that connects to the pathod server, and which then crafts a
+        response that generates a 401, with one random byte embedded at a random
+        point. The response specification is parsed and expanded by pathoc, so you
+        see syntax errors immediately. This really becomes handy when combined with
+        the <b>-e</b> flag to show the expanded request:
+    </p>
+
+    <pre class="terminal">
+        &gt; > pathoc -e localhost:9999 "get:/p/:s'401:ir,@1'" >> Spec: get:/p/:s'401:i15,\'o\':h\'Content-Length\'=\'0\'':h'Content-Length'='0'
+        << 401 Unoauthorized: 0 bytes </pre>
+
+    <p>
+        Note that the embedded response has been resolved <i>before</i> being sent
+        to the server, so that "ir,@1" (embed a random byte at a random location)
+        has become "i15,\'o\'" (embed the character "o" at offset 15). You now have
+        a pathoc request specification that is precisely reproducable, even with
+        random components. This feature comes in terribly handy when testing a proxy,
+        since you can now drive the server repsonse completely from the client, and
+        have a complete log of reproducible requests to analyse afterwards.
+    </p>
+</section>
+{% endblock %}
diff --git a/pathod/libpathod/templates/docs_pathod.html b/pathod/libpathod/templates/docs_pathod.html
new file mode 100644
index 00000000..0d0ae933
--- /dev/null
+++ b/pathod/libpathod/templates/docs_pathod.html
@@ -0,0 +1,172 @@
+{% extends "docframe.html" %} {% block body %}
+<div class="page-header">
+    <h1>
+        pathod
+        <small>A pathological web daemon.</small>
+    </h1>
+</div>
+
+<p>
+    Pathod is a pathological HTTP daemon designed to let you craft almost any conceivable
+    HTTP response, including ones that creatively violate the standards. HTTP responses
+    are specified using a
+    <a href="/docs/language">small, terse language</a>, which pathod shares with
+    its evil twin <a href="/docs/pathoc">pathoc</a>.
+</p>
+
+<section>
+    <div class="page-header">
+        <h1>Getting started</h1>
+    </div>
+
+    <p>To start playing with pathod, simply fire up the daemon:</p>
+
+    <pre class="terminal">./pathod</pre>
+
+    <p>
+        By default, the service listens on port 9999 of localhost. Pathod's documentation
+        is self-hosting, and the pathod daemon exposes an interface that lets you
+        play with the specifciation language, preview what responses and requests
+        would look like on the wire, and view internal logs. To access all of this,
+        just fire up your browser, and point it to the following URL:
+    </p>
+
+    <pre class="example">http://localhost:9999</pre>
+
+    <p>
+        The default crafting anchor point is the path <b>/p/</b>. Anything after
+        this URL prefix is treated as a response specifier. So, hitting the following
+        URL will generate an HTTP 200 response with 100 bytes of random data:
+    </p>
+
+    <pre class="example">http://localhost:9999/p/200:b@100</pre>
+
+    <p>
+        See the <a href="/docs/language">language documentation</a> to get (much)
+        fancier. The pathod daemon also takes a range of configuration options. To
+        view those, use the command-line help:
+    </p>
+
+    <pre class="terminal">./pathod --help</pre>
+
+</section>
+
+<section>
+    <div class="page-header">
+        <h1>Acting as a proxy</h1>
+    </div>
+
+    <p>
+        Pathod automatically responds to both straight HTTP and proxy requests. For proxy
+        requests, the upstream host is ignored, and the path portion of the URL is
+        used to match anchors. This lets you test software that supports a proxy
+        configuration by spoofing responses from upstream servers.
+    </p>
+
+    <p>
+        By default, we treat all proxy CONNECT requests as HTTPS traffic, serving the response
+        using either pathod's built-in certificates, or the cert/key pair specified
+        by the user. You can over-ride this behaviour if you're testing a client
+        that makes a non-SSL CONNECT request using the -C command-line option.
+    </p>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>Anchors</h1>
+    </div>
+
+    <p>
+        Anchors provide an alternative to specifying the response in the URL. Instead, you
+        attach a response to a pre-configured anchor point, specified with a regex.
+        When a URL matching the regex is requested, the specified response is served.
+    </p>
+
+    <pre class="terminal">./pathod -a "/foo=200"</pre>
+
+    <p>
+        Here, "/foo" is the regex specifying the anchor path, and the part after the "="
+        is a response specifier.
+    </p>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>File Access</h1>
+    </div>
+
+    <p>
+        There are two operators in the <a href="/docs/language">language</a> that
+        load contents from file - the <b>+</b> operator to load an entire request
+        specification from file, and the <b>&gt;</b> value specifier. In pathod,
+        both of these operators are restricted to a directory specified at startup,
+        or disabled if no directory is specified:</p>
+    <pre class="terminal">./pathod -d ~/staticdir"</pre>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>Internal Error Responses</h1>
+    </div>
+
+    <p>
+        Pathod uses the non-standard 800 response code to indicate internal errors, to distinguish
+        them from crafted responses. For example, a request to:
+    </p>
+
+    <pre class="example">http://localhost:9999/p/foo</pre>
+
+    <p>
+        ... will return an 800 response because "foo" is not a valid page specifier.
+    </p>
+</section>
+
+
+<section>
+    <div class="page-header">
+        <h1>API</h1>
+    </div>
+
+    <p>
+        pathod exposes a simple API, intended to make it possible to drive and inspect the
+        daemon remotely for use in unit testing and the like.
+    </p>
+
+    <table class="table table-bordered">
+        <tbody>
+            <tr>
+                <td>
+                    /api/clear_log
+                </td>
+                <td>
+                    A POST to this URL clears the log buffer.
+                </td>
+            </tr>
+            <tr>
+                <td>
+                    /api/info
+                </td>
+                <td>
+                    Basic version and configuration info.
+                </td>
+            </tr>
+            <tr>
+                <td>
+                    /api/log
+                </td>
+                <td>
+                    Returns the current log buffer. At the moment the buffer size is 500 entries - when
+                    the log grows larger than this, older entries are discarded.
+                    The returned data is a JSON dictionary, with the form:
+
+                    <pre>{ 'log': [ ENTRIES ] } </pre> You can preview the JSON data
+                    returned for a log entry through the built-in web interface.
+                </td>
+            </tr>
+        </tbody>
+    </table>
+</section>
+{% endblock %}
diff --git a/pathod/libpathod/templates/docs_test.html b/pathod/libpathod/templates/docs_test.html
new file mode 100644
index 00000000..0502c984
--- /dev/null
+++ b/pathod/libpathod/templates/docs_test.html
@@ -0,0 +1,50 @@
+{% extends "docframe.html" %} {% block body %}
+<div class="page-header">
+    <h1>
+        libpathod.test
+        <small>Using libpathod in unit tests.</small>
+    </h1>
+</div>
+
+<p>The <b>libpathod.test</b> module is a light, flexible testing layer for HTTP clients.
+    It works by firing up a Pathod instance in a separate thread, letting you use
+    Pathod's full abilities to generate responses, and then query Pathod's internal
+    logs to establish what happened. All the mechanics of startup, shutdown, finding
+    free ports and so forth are taken care of for you.
+</p>
+
+<p>The canonical docs can be accessed using pydoc: </p>
+
+<pre class="terminal">pydoc libpathod.test</pre>
+
+<p>
+    The remainder of this page demonstrates some common interaction patterns using
+    <a href="http://nose.readthedocs.org/en/latest/">nose</a>. These examples are
+    also applicable with only minor modification to most commonly used Python testing
+    engines.
+</p>
+
+<section>
+    <div class="page-header">
+        <h1>Context Manager</h1>
+    </div>
+
+    {% include "examples_context.html" %}
+</section>
+
+<section>
+    <div class="page-header">
+        <h1>One instance per test</h1>
+    </div>
+
+    {% include "examples_setup.html" %}
+</section>
+
+<section>
+    <div class="page-header">
+        <h1>One instance per suite</h1>
+    </div>
+
+    {% include "examples_setupall.html" %}
+</section>
+{% endblock %}
diff --git a/pathod/libpathod/templates/download.html b/pathod/libpathod/templates/download.html
new file mode 100644
index 00000000..bd8950e8
--- /dev/null
+++ b/pathod/libpathod/templates/download.html
@@ -0,0 +1,39 @@
+{% extends "frame.html" %} {% block body %}
+<section>
+    <div class="page-header">
+        <h1>pip</h1>
+    </div>
+
+    <p>The easiest way to install pathod is to use pip:</p>
+
+    <pre>pip install pathod</pre>
+
+    <p>
+        This will automatically pull in all the dependencies, and you should be good to go.
+    </p>
+</section>
+
+<section>
+    <div class="page-header">
+        <h1>github</h1>
+    </div>
+
+    <p>You can find the project source on GitHub:</p>
+
+    <div style="margin-top: 20px; margin-bottom: 20px">
+        <a class="btn btn-primary btn-large" href="https://github.com/mitmproxy/pathod">github.com/mitmproxy/pathod</a>
+    </div>
+
+    <p>Please also use the <a href="https://github.com/mitmproxy/pathod/issues">github issue tracker</a>        to report bugs.</p>
+</section>
+
+<section>
+    <div class="page-header">
+        <h1>tarball</h1>
+    </div>
+
+    <div style="margin-top: 20px; margin-bottom: 20px">
+        <a class="btn btn-primary btn-large" href="https://github.com/downloads/mitmproxy/pathod/pathod-{{version}}.tar.gz">pathod-{{version}}.tar.gz</a>
+    </div>
+</section>
+{% endblock %}
diff --git a/pathod/libpathod/templates/examples_context.html b/pathod/libpathod/templates/examples_context.html
new file mode 100644
index 00000000..afb3bd48
--- /dev/null
+++ b/pathod/libpathod/templates/examples_context.html
@@ -0,0 +1,24 @@
+<div class="highlight"><pre><span class="kn">import</span> <span class="nn">requests</span>
+<span class="kn">from</span> <span class="nn">libpathod</span> <span class="kn">import</span> <span class="n">test</span>
+
+
+<span class="k">def</span> <span class="nf">test_simple</span><span class="p">():</span>
+    <span class="sd">&quot;&quot;&quot;</span>
+<span class="sd">        Testing the requests module with</span>
+<span class="sd">        a pathod context manager.</span>
+<span class="sd">    &quot;&quot;&quot;</span>
+    <span class="c"># Start pathod in a separate thread</span>
+    <span class="k">with</span> <span class="n">test</span><span class="o">.</span><span class="n">Daemon</span><span class="p">()</span> <span class="k">as</span> <span class="n">d</span><span class="p">:</span>
+        <span class="c"># Get a URL for a pathod spec</span>
+        <span class="n">url</span> <span class="o">=</span> <span class="n">d</span><span class="o">.</span><span class="n">p</span><span class="p">(</span><span class="s">&quot;200:b@100&quot;</span><span class="p">)</span>
+        <span class="c"># ... and request it</span>
+        <span class="n">r</span> <span class="o">=</span> <span class="n">requests</span><span class="o">.</span><span class="n">put</span><span class="p">(</span><span class="n">url</span><span class="p">)</span>
+
+        <span class="c"># Check the returned data</span>
+        <span class="k">assert</span> <span class="n">r</span><span class="o">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span>
+        <span class="k">assert</span> <span class="nb">len</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">content</span><span class="p">)</span> <span class="o">==</span> <span class="mi">100</span>
+
+        <span class="c"># Check pathod&#39;s internal log</span>
+        <span class="n">log</span> <span class="o">=</span> <span class="n">d</span><span class="o">.</span><span class="n">last_log</span><span class="p">()[</span><span class="s">&quot;request&quot;</span><span class="p">]</span>
+        <span class="k">assert</span> <span class="n">log</span><span class="p">[</span><span class="s">&quot;method&quot;</span><span class="p">]</span> <span class="o">==</span> <span class="s">&quot;PUT&quot;</span>
+</pre></div>
diff --git a/pathod/libpathod/templates/examples_setup.html b/pathod/libpathod/templates/examples_setup.html
new file mode 100644
index 00000000..c2da1cd1
--- /dev/null
+++ b/pathod/libpathod/templates/examples_setup.html
@@ -0,0 +1,32 @@
+<div class="highlight"><pre><span class="kn">import</span> <span class="nn">requests</span>
+<span class="kn">from</span> <span class="nn">libpathod</span> <span class="kn">import</span> <span class="n">test</span>
+
+
+<span class="k">class</span> <span class="nc">Test</span><span class="p">:</span>
+
+    <span class="sd">&quot;&quot;&quot;</span>
+<span class="sd">        Testing the requests module with</span>
+<span class="sd">        a pathod instance started for</span>
+<span class="sd">        each test.</span>
+<span class="sd">    &quot;&quot;&quot;</span>
+
+    <span class="k">def</span> <span class="nf">setUp</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
+        <span class="bp">self</span><span class="o">.</span><span class="n">d</span> <span class="o">=</span> <span class="n">test</span><span class="o">.</span><span class="n">Daemon</span><span class="p">()</span>
+
+    <span class="k">def</span> <span class="nf">tearDown</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
+        <span class="bp">self</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">shutdown</span><span class="p">()</span>
+
+    <span class="k">def</span> <span class="nf">test_simple</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
+        <span class="c"># Get a URL for a pathod spec</span>
+        <span class="n">url</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">p</span><span class="p">(</span><span class="s">&quot;200:b@100&quot;</span><span class="p">)</span>
+        <span class="c"># ... and request it</span>
+        <span class="n">r</span> <span class="o">=</span> <span class="n">requests</span><span class="o">.</span><span class="n">put</span><span class="p">(</span><span class="n">url</span><span class="p">)</span>
+
+        <span class="c"># Check the returned data</span>
+        <span class="k">assert</span> <span class="n">r</span><span class="o">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span>
+        <span class="k">assert</span> <span class="nb">len</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">content</span><span class="p">)</span> <span class="o">==</span> <span class="mi">100</span>
+
+        <span class="c"># Check pathod&#39;s internal log</span>
+        <span class="n">log</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">last_log</span><span class="p">()[</span><span class="s">&quot;request&quot;</span><span class="p">]</span>
+        <span class="k">assert</span> <span class="n">log</span><span class="p">[</span><span class="s">&quot;method&quot;</span><span class="p">]</span> <span class="o">==</span> <span class="s">&quot;PUT&quot;</span>
+</pre></div>
diff --git a/pathod/libpathod/templates/examples_setupall.html b/pathod/libpathod/templates/examples_setupall.html
new file mode 100644
index 00000000..629d11e0
--- /dev/null
+++ b/pathod/libpathod/templates/examples_setupall.html
@@ -0,0 +1,40 @@
+<div class="highlight"><pre><span class="kn">import</span> <span class="nn">requests</span>
+<span class="kn">from</span> <span class="nn">libpathod</span> <span class="kn">import</span> <span class="n">test</span>
+
+
+<span class="k">class</span> <span class="nc">Test</span><span class="p">:</span>
+
+    <span class="sd">&quot;&quot;&quot;</span>
+<span class="sd">        Testing the requests module with</span>
+<span class="sd">        a single pathod instance started</span>
+<span class="sd">        for the test suite.</span>
+<span class="sd">    &quot;&quot;&quot;</span>
+    <span class="nd">@classmethod</span>
+    <span class="k">def</span> <span class="nf">setUpAll</span><span class="p">(</span><span class="n">cls</span><span class="p">):</span>
+        <span class="n">cls</span><span class="o">.</span><span class="n">d</span> <span class="o">=</span> <span class="n">test</span><span class="o">.</span><span class="n">Daemon</span><span class="p">()</span>
+
+    <span class="nd">@classmethod</span>
+    <span class="k">def</span> <span class="nf">tearDownAll</span><span class="p">(</span><span class="n">cls</span><span class="p">):</span>
+        <span class="n">cls</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">shutdown</span><span class="p">()</span>
+
+    <span class="k">def</span> <span class="nf">setUp</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
+        <span class="c"># Clear the pathod logs between tests</span>
+        <span class="bp">self</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">clear_log</span><span class="p">()</span>
+
+    <span class="k">def</span> <span class="nf">test_simple</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
+        <span class="c"># Get a URL for a pathod spec</span>
+        <span class="n">url</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">p</span><span class="p">(</span><span class="s">&quot;200:b@100&quot;</span><span class="p">)</span>
+        <span class="c"># ... and request it</span>
+        <span class="n">r</span> <span class="o">=</span> <span class="n">requests</span><span class="o">.</span><span class="n">put</span><span class="p">(</span><span class="n">url</span><span class="p">)</span>
+
+        <span class="c"># Check the returned data</span>
+        <span class="k">assert</span> <span class="n">r</span><span class="o">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span>
+        <span class="k">assert</span> <span class="nb">len</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">content</span><span class="p">)</span> <span class="o">==</span> <span class="mi">100</span>
+
+        <span class="c"># Check pathod&#39;s internal log</span>
+        <span class="n">log</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">last_log</span><span class="p">()[</span><span class="s">&quot;request&quot;</span><span class="p">]</span>
+        <span class="k">assert</span> <span class="n">log</span><span class="p">[</span><span class="s">&quot;method&quot;</span><span class="p">]</span> <span class="o">==</span> <span class="s">&quot;PUT&quot;</span>
+
+    <span class="k">def</span> <span class="nf">test_two</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
+        <span class="k">assert</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">d</span><span class="o">.</span><span class="n">log</span><span class="p">()</span>
+</pre></div>
diff --git a/pathod/libpathod/templates/frame.html b/pathod/libpathod/templates/frame.html
new file mode 100644
index 00000000..4223458d
--- /dev/null
+++ b/pathod/libpathod/templates/frame.html
@@ -0,0 +1,7 @@
+{% extends "layout.html" %} {% block content %}
+<div class="row">
+    <div class="span12">
+        {% block body %} {% endblock %}
+    </div>
+</div>
+{% endblock %}
diff --git a/pathod/libpathod/templates/index.html b/pathod/libpathod/templates/index.html
new file mode 100644
index 00000000..a85a4040
--- /dev/null
+++ b/pathod/libpathod/templates/index.html
@@ -0,0 +1,60 @@
+{% extends "frame.html" %} {% block body %}
+<div class="masthead">
+    <div class="container">
+        <h1>pathod: pathological HTTP</h1>
+
+        <p>Crafted malice for tormenting HTTP clients and servers</p>
+
+        <img src="/static/torture.png">
+    </div>
+</div>
+
+<div class="row">
+    <div class="span6">
+        <div>
+            <h2><a href="/docs/pathod">pathod</a></h2>
+
+            <p>A pathological web daemon.</p>
+
+            {% include "response_previewform.html" %}
+            <br>
+        </div>
+    </div>
+
+    <div class="span6">
+        <div>
+            <h2><a href="/docs/pathoc">pathoc</a></h2>
+
+            <p>A perverse HTTP client.</p>
+
+            {% include "request_previewform.html" %}
+        </div>
+    </div>
+</div>
+
+<section>
+    <div class="page-header">
+        <h1>Install</h1>
+    </div>
+    <div class="row">
+        <div class="span6">
+            <div>
+                <h2>pip</h2>
+
+                <pre>pip install pathod</pre>
+            </div>
+        </div>
+
+        <div class="span6">
+            <div>
+                <h2>source</h2>
+
+                <ul>
+                    <li>Current release: <a href="http://mitmproxy.org/download/pathod-{{version}}.tar.gz">pathod {{version}}</a></li>
+                    <li>GitHub: <a href="https://github.com/mitmproxy/pathod">github.com/mitmproxy/pathod</a></li>
+                </ul>
+            </div>
+        </div>
+    </div>
+</section>
+{% endblock %}
diff --git a/pathod/libpathod/templates/layout.html b/pathod/libpathod/templates/layout.html
new file mode 100644
index 00000000..af2857b1
--- /dev/null
+++ b/pathod/libpathod/templates/layout.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <title>pathod</title>
+    <link href="/static/bootstrap.min.css" rel="stylesheet">
+    <link href="/static/pathod.css" rel="stylesheet">
+    <link href="/static/syntax.css" rel="stylesheet">
+    <script src="/static/jquery-1.7.2.min.js"></script>
+    <script src="/static/jquery.scrollTo-min.js"></script>
+    <script src="/static/jquery.localscroll-min.js"></script>
+    <script src="/static/bootstrap.min.js"></script>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <style type="text/css">
+        body {
+            padding-top: 60px;
+            padding-bottom: 40px;
+        }
+
+    </style>
+    <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
+    <!--[if lt IE 9]>
+      <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
+</head>
+
+<body>
+    <div class="navbar navbar-fixed-top">
+        <div class="navbar-inner">
+            <div class="container">
+                <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </a>
+                <a class="brand" href="/index.html">pathod</a>
+                <div class="nav-collapse">
+                    <ul class="nav">
+                        <li {% if section=="main" %} class="active" {% endif %}><a href="/">home</a></li>
+                        {% if not noapi %}
+                        <li {% if section=="log" %} class="active" {% endif %}><a href="/log">log</a></li>
+                        {% endif %}
+                        <li {% if section=="docs" %} class="active" {% endif %}><a href="/docs/pathod">docs</a></li>
+                        <li {% if section=="about" %} class="active" {% endif %}><a href="/about">about</a></li>
+                    </ul>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <div class="container">
+        {% block content %} {% endblock %}
+        <hr>
+        <footer>
+            <span>&copy; Aldo Cortesi 2015</span>
+            <span class="pull-right">[served with pathod]</span>
+        </footer>
+    </div>
+</body>
+<script>
+    $(function() {
+        $.localScroll({
+            duration: 300,
+            offset: {
+                top: -45
+            }
+        });
+    });
+
+</script>
+
+</html>
diff --git a/pathod/libpathod/templates/libpathod_pathoc.html b/pathod/libpathod/templates/libpathod_pathoc.html
new file mode 100644
index 00000000..f5871b16
--- /dev/null
+++ b/pathod/libpathod/templates/libpathod_pathoc.html
@@ -0,0 +1,8 @@
+<div class="highlight"><pre><span class="c">#!/usr/bin/env python</span>
+<span class="kn">from</span> <span class="nn">libpathod</span> <span class="kn">import</span> <span class="n">pathoc</span>
+
+<span class="n">p</span> <span class="o">=</span> <span class="n">pathoc</span><span class="o">.</span><span class="n">Pathoc</span><span class="p">((</span><span class="s">&quot;google.com&quot;</span><span class="p">,</span> <span class="mi">80</span><span class="p">))</span>
+<span class="n">p</span><span class="o">.</span><span class="n">connect</span><span class="p">()</span>
+<span class="k">print</span> <span class="n">p</span><span class="o">.</span><span class="n">request</span><span class="p">(</span><span class="s">&quot;get:/&quot;</span><span class="p">)</span>
+<span class="k">print</span> <span class="n">p</span><span class="o">.</span><span class="n">request</span><span class="p">(</span><span class="s">&quot;get:/foo&quot;</span><span class="p">)</span>
+</pre></div>
diff --git a/pathod/libpathod/templates/log.html b/pathod/libpathod/templates/log.html
new file mode 100644
index 00000000..b0484cb8
--- /dev/null
+++ b/pathod/libpathod/templates/log.html
@@ -0,0 +1,31 @@
+{% extends "frame.html" %} {% block body %}
+<form style="float: right" method="POST" action="/log/clear">
+    <button type="submit" class="btn">clear</button>
+</form>
+
+<h1>Logs</h1>
+<hr>
+
+<table class="table table-striped table-condensed">
+    <thead>
+        <tr>
+            <th>id</th>
+            <th>method</th>
+            <th>path</th>
+        </tr>
+    </thead>
+    <tbody>
+        {% for i in log %}
+        <tr>
+            {% if i["type"] == 'error' %}
+            <td colspan="3">ERROR: {{ i["msg"] }}</td>
+            {% else %}
+            <td>{{ i["id"] }}</td>
+            <td>{{ i["request"]["method"] }}</td>
+            <td><a href="/log/{{ i[" id "] }}">{{ i["request"]["path"] }}</a></td>
+            {% endif %}
+        </tr>
+        {% endfor %}
+    </tbody>
+</table>
+{% endblock %}
diff --git a/pathod/libpathod/templates/onelog.html b/pathod/libpathod/templates/onelog.html
new file mode 100644
index 00000000..c222ad60
--- /dev/null
+++ b/pathod/libpathod/templates/onelog.html
@@ -0,0 +1,8 @@
+{% extends "frame.html" %} {% block body %}
+<h2>Log entry {{ lid }}</h2>
+<hr>
+
+<pre>
+    {{ alog }}
+</pre>
+{% endblock %}
diff --git a/pathod/libpathod/templates/request_preview.html b/pathod/libpathod/templates/request_preview.html
new file mode 100644
index 00000000..25d73679
--- /dev/null
+++ b/pathod/libpathod/templates/request_preview.html
@@ -0,0 +1,44 @@
+{% extends "frame.html" %} {% block body %}
+<div class="page-header">
+    <h1>pathoc preview</h1>
+</div>
+
+<div style="margin-bottom: 20px" class="row">
+    <div class="span2 header">
+        Specification:
+    </div>
+    <div class="span10">
+        {% include "request_previewform.html" %}
+    </div>
+</div>
+
+{% if syntaxerror %}
+<div class="row">
+    <div class="span2 header">
+        Error:
+    </div>
+    <div class="span10">
+        <p style="color: #ff0000">{{ syntaxerror }}</p>
+        <pre>{{ marked }}</pre>
+    </div>
+</div>
+{% elif error %}
+<div class="row">
+    <div class="span2 header">
+        Error:
+    </div>
+    <div class="span10">
+        <p style="color: #ff0000">{{ error }}</p>
+    </div>
+</div>
+{% else %}
+<div class="row">
+    <div class="span2 header">
+        Request:
+    </div>
+    <div class="span10">
+        <pre>{{ output }}</pre>
+        <p>Note: pauses are skipped when generating previews!</p>
+    </div>
+</div>
+{% endif %} {% endblock %}
diff --git a/pathod/libpathod/templates/request_previewform.html b/pathod/libpathod/templates/request_previewform.html
new file mode 100644
index 00000000..91b5598a
--- /dev/null
+++ b/pathod/libpathod/templates/request_previewform.html
@@ -0,0 +1,53 @@
+<form style="margin-bottom: 0" class="form-inline" method="GET" action="/request_preview">
+    <input style="width: 18em" id="spec" name="spec" class="input-medium" value="{{spec}}"
+    placeholder="method:path:[features]">
+    <input type="submit" class="btn" value="preview">
+</form>
+
+<a class="innerlink" data-toggle="collapse" data-target="#requestexamples">examples</a>
+
+<div id="requestexamples" class="collapse">
+    <p>
+        Check out the <a href="/docs/language">complete language docs</a>. Here are
+        some examples to get you started:
+    </p>
+
+    <table class="table table-bordered">
+        <tbody>
+            <tr>
+                <td><a href="/request_preview?spec=get:/">get:/</a></td>
+                <td>Get path /</td>
+            </tr>
+            <tr>
+                <td><a href="/request_preview?spec=get:/:b@100">get:/:b@100</a></td>
+                <td>100 random bytes as the body</td>
+            </tr>
+            <tr>
+                <td><a href='/request_preview?spec=get:/:h"Etag"="&apos;;drop table browsers;"'>get:/:h"Etag"="';drop table browsers;"</a></td>
+                <td>Add a header</td>
+            </tr>
+            <tr>
+                <td><a href='/request_preview?spec=get:/:u"&apos;;drop table browsers;"'>get:/:u"';drop table browsers;"</a></td>
+                <td>Add a User-Agent header</td>
+            </tr>
+            <tr>
+                <td><a href="/request_preview?spec=get:/:b@100:dr">get:/:b@100:dr</a></td>
+                <td>Drop the connection randomly</td>
+            </tr>
+            <tr>
+                <td>
+                    <a href="/request_preview?spec="></a>
+                </td>
+                <td></td>
+            </tr>
+            <tr>
+                <td><a href="/request_preview?spec=get:/:b@100,ascii:ir,@1">get:/:b@100,ascii:ir,@1</a></td>
+                <td>100 ASCII bytes as the body, and randomly inject a random byte</td>
+            </tr>
+            <tr>
+                <td><a href="/request_preview?spec=ws:/">ws:/</a></td>
+                <td>Initiate a websocket handshake.</td>
+            </tr>
+        </tbody>
+    </table>
+</div>
diff --git a/pathod/libpathod/templates/response_preview.html b/pathod/libpathod/templates/response_preview.html
new file mode 100644
index 00000000..bbce6d6c
--- /dev/null
+++ b/pathod/libpathod/templates/response_preview.html
@@ -0,0 +1,44 @@
+{% extends "frame.html" %} {% block body %}
+<div class="page-header">
+    <h1>pathod preview</h1>
+</div>
+
+<div style="margin-bottom: 20px" class="row">
+    <div class="span2 header">
+        Specification:
+    </div>
+    <div class="span10">
+        {% include "response_previewform.html" %}
+    </div>
+</div>
+
+{% if syntaxerror %}
+<div class="row">
+    <div class="span2 header">
+        Error:
+    </div>
+    <div class="span10">
+        <p style="color: #ff0000">{{ syntaxerror }}</p>
+        <pre>{{ marked }}</pre>
+    </div>
+</div>
+{% elif error %}
+<div class="row">
+    <div class="span2 header">
+        Error:
+    </div>
+    <div class="span10">
+        <p style="color: #ff0000">{{ error }}</p>
+    </div>
+</div>
+{% else %}
+<div class="row">
+    <div class="span2 header">
+        Response:
+    </div>
+    <div class="span10">
+        <pre>{{ output }}</pre>
+        <p>Note: pauses are skipped when generating previews!</p>
+    </div>
+</div>
+{% endif %} {% endblock %}
diff --git a/pathod/libpathod/templates/response_previewform.html b/pathod/libpathod/templates/response_previewform.html
new file mode 100644
index 00000000..d46043f3
--- /dev/null
+++ b/pathod/libpathod/templates/response_previewform.html
@@ -0,0 +1,87 @@
+<form style="margin-bottom: 0" class="form-inline" method="GET" action="/response_preview">
+    <input style="width: 18em" id="spec" name="spec" class="input-medium" value="{{spec}}"
+    placeholder="code:[features]">
+    <input type="submit" class="btn" value="preview">
+    {% if not nocraft %}
+    <a href="#" id="submitspec" class="btn">go</a>
+    {% endif %}
+</form>
+
+<a class="innerlink" data-toggle="collapse" data-target="#responseexamples">examples</a>
+
+<div id="responseexamples" class="collapse">
+    <p>
+        Check out the <a href="/docs/language">complete language docs</a>. Here are
+        some examples to get you started:
+    </p>
+
+    <table class="table table-bordered">
+        <tbody>
+            <tr>
+                <td><a href="/response_preview?spec=200">200</a></td>
+                <td>A basic HTTP 200 response.</td>
+            </tr>
+            <tr>
+                <td><a href="/response_preview?spec=200:r">200:r</a></td>
+                <td>A basic HTTP 200 response with no Content-Length header. This will
+                    hang.
+                </td>
+            </tr>
+            <tr>
+                <td><a href="/response_preview?spec=200:da">200:da</a></td>
+                <td>Server-side disconnect after all content has been sent.</td>
+            </tr>
+            <tr>
+                <td><a href="/response_preview?spec=200:b@100">200:b@100</a></td>
+                <td>
+                    100 random bytes as the body. A Content-Lenght header is added, so the disconnect
+                    is no longer needed.
+                </td>
+            </tr>
+            <tr>
+                <td><a href='/response_preview?spec=200:b@100:h"Server"="&apos;;drop table servers;"'>200:b@100:h"Etag"="';drop table servers;"</a></td>
+                <td>Add a Server header</td>
+            </tr>
+            <tr>
+                <td><a href="/response_preview?spec=200:b@100:dr">200:b@100:dr</a></td>
+                <td>Drop the connection randomly</td>
+            </tr>
+            <tr>
+                <td><a href="/response_preview?spec=200:b@100,ascii:ir,@1">200:b@100,ascii:ir,@1</a></td>
+                <td>100 ASCII bytes as the body, and randomly inject a random byte</td>
+            </tr>
+            <tr>
+                <td><a href='/response_preview?spec=200:b@1k:c"text/json"'>200:b@1k:c"text/json"</a></td>
+                <td>1k of random bytes, with a text/json content type</td>
+            </tr>
+            <tr>
+                <td><a href='/response_preview?spec=200:b@1k:p50,120'>200:b@1k:p50,120</a></td>
+                <td>1k of random bytes, pause for 120 seconds after 50 bytes</td>
+            </tr>
+            <tr>
+                <td><a href='/response_preview?spec=200:b@1k:pr,f'>200:b@1k:pr,f</a></td>
+                <td>1k of random bytes, but hang forever at a random location</td>
+            </tr>
+            <tr>
+                <td>
+                    <a href="/response_preview?spec=200:b@100:h@1k,ascii_letters='foo'">200:b@100:h@1k,ascii_letters='foo'</a>
+                </td>
+                <td>
+                    100 ASCII bytes as the body, randomly generated 100k header name, with the value
+                    'foo'.
+                </td>
+            </tr>
+        </tbody>
+    </table>
+</div>
+
+{% if not nocraft %}
+<script>
+    $(function() {
+        $("#submitspec").click(function() {
+            document.location = "{{craftanchor}}" + $("#spec").val()
+        });
+    });
+
+</script>
+{% endif %}
diff --git a/pathod/libpathod/test.py b/pathod/libpathod/test.py
new file mode 100644
index 00000000..33a6b763
--- /dev/null
+++ b/pathod/libpathod/test.py
@@ -0,0 +1,103 @@
+import cStringIO
+import threading
+import Queue
+
+import requests
+import requests.packages.urllib3
+from . import pathod
+
+requests.packages.urllib3.disable_warnings()
+
+
+class Daemon:
+    IFACE = "127.0.0.1"
+
+    def __init__(self, ssl=None, **daemonargs):
+        self.q = Queue.Queue()
+        self.logfp = cStringIO.StringIO()
+        daemonargs["logfp"] = self.logfp
+        self.thread = _PaThread(self.IFACE, self.q, ssl, daemonargs)
+        self.thread.start()
+        self.port = self.q.get(True, 5)
+        self.urlbase = "%s://%s:%s" % (
+            "https" if ssl else "http",
+            self.IFACE,
+            self.port
+        )
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, type, value, traceback):
+        self.logfp.truncate(0)
+        self.shutdown()
+        return False
+
+    def p(self, spec):
+        """
+            Return a URL that will render the response in spec.
+        """
+        return "%s/p/%s" % (self.urlbase, spec)
+
+    def info(self):
+        """
+            Return some basic info about the remote daemon.
+        """
+        resp = requests.get("%s/api/info" % self.urlbase, verify=False)
+        return resp.json()
+
+    def text_log(self):
+        return self.logfp.getvalue()
+
+    def last_log(self):
+        """
+            Returns the last logged request, or None.
+        """
+        l = self.log()
+        if not l:
+            return None
+        return l[0]
+
+    def log(self):
+        """
+            Return the log buffer as a list of dictionaries.
+        """
+        resp = requests.get("%s/api/log" % self.urlbase, verify=False)
+        return resp.json()["log"]
+
+    def clear_log(self):
+        """
+            Clear the log.
+        """
+        self.logfp.truncate(0)
+        resp = requests.get("%s/api/clear_log" % self.urlbase, verify=False)
+        return resp.ok
+
+    def shutdown(self):
+        """
+            Shut the daemon down, return after the thread has exited.
+        """
+        self.thread.server.shutdown()
+        self.thread.join()
+
+
+class _PaThread(threading.Thread):
+
+    def __init__(self, iface, q, ssl, daemonargs):
+        threading.Thread.__init__(self)
+        self.name = "PathodThread"
+        self.iface, self.q, self.ssl = iface, q, ssl
+        self.daemonargs = daemonargs
+
+    def run(self):
+        self.server = pathod.Pathod(
+            (self.iface, 0),
+            ssl=self.ssl,
+            **self.daemonargs
+        )
+        self.name = "PathodThread (%s:%s)" % (
+            self.server.address.host,
+            self.server.address.port
+        )
+        self.q.put(self.server.address.port)
+        self.server.serve_forever()
diff --git a/pathod/libpathod/utils.py b/pathod/libpathod/utils.py
new file mode 100644
index 00000000..a1109a3c
--- /dev/null
+++ b/pathod/libpathod/utils.py
@@ -0,0 +1,124 @@
+import os
+import sys
+
+
+SIZE_UNITS = dict(
+    b=1024 ** 0,
+    k=1024 ** 1,
+    m=1024 ** 2,
+    g=1024 ** 3,
+    t=1024 ** 4,
+)
+
+
+class MemBool(object):
+
+    """
+        Truth-checking with a memory, for use in chained if statements.
+    """
+
+    def __init__(self):
+        self.v = None
+
+    def __call__(self, v):
+        self.v = v
+        return bool(v)
+
+
+def parse_size(s):
+    try:
+        return int(s)
+    except ValueError:
+        pass
+    for i in SIZE_UNITS.keys():
+        if s.endswith(i):
+            try:
+                return int(s[:-1]) * SIZE_UNITS[i]
+            except ValueError:
+                break
+    raise ValueError("Invalid size specification.")
+
+
+def parse_anchor_spec(s):
+    """
+        Return a tuple, or None on error.
+    """
+    if "=" not in s:
+        return None
+    return tuple(s.split("=", 1))
+
+
+def xrepr(s):
+    return repr(s)[1:-1]
+
+
+def inner_repr(s):
+    """
+        Returns the inner portion of a string or unicode repr (i.e. without the
+        quotes)
+    """
+    if isinstance(s, unicode):
+        return repr(s)[2:-1]
+    else:
+        return repr(s)[1:-1]
+
+
+def escape_unprintables(s):
+    """
+        Like inner_repr, but preserves line breaks.
+    """
+    s = s.replace("\r\n", "PATHOD_MARKER_RN")
+    s = s.replace("\n", "PATHOD_MARKER_N")
+    s = inner_repr(s)
+    s = s.replace("PATHOD_MARKER_RN", "\n")
+    s = s.replace("PATHOD_MARKER_N", "\n")
+    return s
+
+
+class Data(object):
+
+    def __init__(self, name):
+        m = __import__(name)
+        dirname, _ = os.path.split(m.__file__)
+        self.dirname = os.path.abspath(dirname)
+
+    def path(self, path):
+        """
+            Returns a path to the package data housed at 'path' under this
+            module.Path can be a path to a file, or to a directory.
+
+            This function will raise ValueError if the path does not exist.
+        """
+        fullpath = os.path.join(self.dirname, path)
+        if not os.path.exists(fullpath):
+            raise ValueError("dataPath: %s does not exist." % fullpath)
+        return fullpath
+
+
+data = Data(__name__)
+
+
+def daemonize(stdin='/dev/null', stdout='/dev/null', stderr='/dev/null'):  # pragma: nocover
+    try:
+        pid = os.fork()
+        if pid > 0:
+            sys.exit(0)
+    except OSError as e:
+        sys.stderr.write("fork #1 failed: (%d) %s\n" % (e.errno, e.strerror))
+        sys.exit(1)
+    os.chdir("/")
+    os.umask(0)
+    os.setsid()
+    try:
+        pid = os.fork()
+        if pid > 0:
+            sys.exit(0)
+    except OSError as e:
+        sys.stderr.write("fork #2 failed: (%d) %s\n" % (e.errno, e.strerror))
+        sys.exit(1)
+    si = open(stdin, 'rb')
+    so = open(stdout, 'a+b')
+    se = open(stderr, 'a+b', 0)
+    os.dup2(si.fileno(), sys.stdin.fileno())
+    os.dup2(so.fileno(), sys.stdout.fileno())
+    os.dup2(se.fileno(), sys.stderr.fileno())
diff --git a/pathod/libpathod/version.py b/pathod/libpathod/version.py
new file mode 100644
index 00000000..63f60a8d
--- /dev/null
+++ b/pathod/libpathod/version.py
@@ -0,0 +1,3 @@
+from __future__ import (absolute_import, print_function, division)
+
+from netlib.version import *
\ No newline at end of file
diff --git a/pathod/pathoc b/pathod/pathoc
new file mode 100755
index 00000000..b3121611
--- /dev/null
+++ b/pathod/pathoc
@@ -0,0 +1,6 @@
+#!/usr/bin/env python
+
+from libpathod import pathoc_cmdline as cmdline
+
+if __name__ == "__main__":
+    cmdline.go_pathoc()
diff --git a/pathod/pathod b/pathod/pathod
new file mode 100755
index 00000000..a79becf1
--- /dev/null
+++ b/pathod/pathod
@@ -0,0 +1,6 @@
+#!/usr/bin/env python
+
+from libpathod import pathod_cmdline as cmdline
+
+if __name__ == "__main__":
+    cmdline.go_pathod()
diff --git a/pathod/setup.py b/pathod/setup.py
new file mode 100644
index 00000000..ba329eda
--- /dev/null
+++ b/pathod/setup.py
@@ -0,0 +1,66 @@
+from setuptools import setup, find_packages
+from codecs import open
+import os
+import sys
+
+# Based on https://github.com/pypa/sampleproject/blob/master/setup.py
+# and https://python-packaging-user-guide.readthedocs.org/
+
+here = os.path.abspath(os.path.dirname(__file__))
+
+sys.path.append(os.path.join(here, "..", "netlib"))
+from libpathod import version
+
+with open(os.path.join(here, 'README.rst'), encoding='utf-8') as f:
+    long_description = f.read()
+
+setup(
+    name="pathod",
+    version=version.VERSION,
+    description="A pathological HTTP/S daemon for testing and stressing clients.",
+    long_description=long_description,
+    url="http://pathod.net",
+    author="Aldo Cortesi",
+    author_email="aldo@corte.si",
+    license="MIT",
+    classifiers=[
+        "License :: OSI Approved :: MIT License",
+        "Development Status :: 5 - Production/Stable",
+        "Operating System :: POSIX",
+        "Programming Language :: Python",
+        "Programming Language :: Python :: 2",
+        "Programming Language :: Python :: 2.7",
+        "Programming Language :: Python :: Implementation :: CPython",
+        "Programming Language :: Python :: Implementation :: PyPy",
+        "Topic :: Internet",
+        "Topic :: Internet :: WWW/HTTP",
+        "Topic :: Internet :: WWW/HTTP :: HTTP Servers",
+        "Topic :: Software Development :: Testing",
+        "Topic :: Software Development :: Testing :: Traffic Generation",
+    ],
+
+    packages=find_packages(exclude=["test", "test.*"]),
+    include_package_data=True,
+    entry_points={
+        'console_scripts': [
+            "pathod = libpathod.pathod_cmdline:go_pathod",
+            "pathoc = libpathod.pathoc_cmdline:go_pathoc"
+        ]
+    },
+    install_requires=[
+        "netlib>=%s, <%s" % (version.MINORVERSION, version.NEXT_MINORVERSION),
+        "requests>=2.9.1, <2.10",
+        "Flask>=0.10.1, <0.11",
+        "pyparsing>=2.1,<2.2"
+    ],
+    extras_require={
+        'dev': [
+            "mock>=1.3.0, <1.4",
+            "pytest>=2.8.0",
+            "pytest-xdist>=1.14, <1.15",
+            "pytest-cov>=2.2.1, <2.3",
+            "pytest-timeout>=1.0.0, <1.1",
+            "coveralls>=1.1, <1.2"
+        ]
+    }
+)
diff --git a/release/.env b/release/.env
new file mode 100644
index 00000000..69ac3f05
--- /dev/null
+++ b/release/.env
@@ -0,0 +1,6 @@
+DIR="$( dirname "${BASH_SOURCE[0]}" )"
+ACTIVATE_DIR="$(if [ -f "$DIR/../venv.mitmproxy/bin/activate" ]; then echo 'bin'; else echo 'Scripts'; fi;)"
+if [ -z "$VIRTUAL_ENV" ] && [ -f "$DIR/../venv.mitmproxy/$ACTIVATE_DIR/activate" ]; then
+    echo "Activating mitmproxy virtualenv..."
+    source "$DIR/../venv.mitmproxy/$ACTIVATE_DIR/activate"
+fi
diff --git a/release/.gitignore b/release/.gitignore
new file mode 100644
index 00000000..c062fb3b
--- /dev/null
+++ b/release/.gitignore
@@ -0,0 +1,9 @@
+.DS_Store
+MANIFEST
+*.py[cdo]
+*.swp
+*.swo
+
+/build
+/dist
+/mitmproxy_rtool.egg-info
\ No newline at end of file
diff --git a/release/README.mkd b/release/README.mkd
new file mode 100644
index 00000000..7754125d
--- /dev/null
+++ b/release/README.mkd
@@ -0,0 +1,83 @@
+
+General build and release utilities for the mitmproxy, netlib and pathod
+projects. These tools assume a directory structure with all repositories at the
+same level, for example:
+
+    /src
+        /mitmproxy
+        /netlib
+        /pathod
+        /release
+
+
+# Release policies
+
+  - By default, every release is a new minor (`0.x`) release and it will be
+    pushed for all three projects.
+
+  - Only if an emergency bugfix is needed, we push a new `0.x.y` bugfix release
+    for a single project. This matches with what we do in `setup.py`:
+
+        "netlib>=%s, <%s" % (version.MINORVERSION, version.NEXT_MINORVERSION)
+
+
+
+# Release Checklist
+
+## Check out release versions
+
+  - Check out the versions of pathod, netlib and mitmproxy due to be released
+
+  - Verify that repositories are in a clean state:
+
+        `./build git status`
+
+  - Ensure that the website style assets have been compiled for production, and
+    synced to the docs.
+
+  - Render the docs, update CONTRIBUTORS file:
+
+        ./build docs contributors
+
+
+## Test
+
+  - Test the source distributions:
+
+        ./build test
+
+    This does the following:
+     - creates a venv in release/venv
+     - creates source distributions in release/release
+     - installs the source distributions in the venv
+     - and runs all installed tools
+
+
+## Release
+
+  - Make a release commit for all projects, tag and push it:
+
+        ./build git commit -am "Release v0.13"
+        ./build git tag v0.13
+        ./build git push --tags
+
+  - Build the OSX binaries
+    - Follow instructions in osx-binaries
+    - Move to download dir:
+
+          mv ./tmp/osx-mitmproxy-VERSION.tar.gz ~/mitmproxy/www.mitmproxy.org/src/download
+
+  - Move all source distributions from `./dist` to the server:
+
+        mv ./dist/* ~/mitmproxy/www.mitmproxy.org/src/download
+
+  - Upload distributions in `./dist` to PyPI:
+
+        ./build upload
+
+    You can test with [testpypi.python.org](https://testpypi.python.org/pypi) by passing `--repository test`.
+    ([more info](https://tom-christie.github.io/articles/pypi/))
+
+  - Now bump the version number to be ready for the next cycle
+
+    `./build set-version 0.13`
diff --git a/release/pathoc.spec b/release/pathoc.spec
new file mode 100644
index 00000000..22649076
--- /dev/null
+++ b/release/pathoc.spec
@@ -0,0 +1,22 @@
+# -*- mode: python -*-
+
+from PyInstaller.utils.hooks import collect_data_files
+
+a = Analysis(['../pathoc'],
+             binaries=None,
+             datas=None,
+             hiddenimports=['_cffi_backend'],
+             hookspath=None,
+             runtime_hooks=None,
+             excludes=None)
+pyz = PYZ(a.pure, a.zipped_data)
+exe = EXE(pyz,
+          a.scripts,
+          a.binaries,
+          a.zipfiles,
+          a.datas,
+          name='pathoc',
+          debug=False,
+          strip=None,
+          upx=True,
+          console=True )
diff --git a/release/pathod.spec b/release/pathod.spec
new file mode 100644
index 00000000..706b6b68
--- /dev/null
+++ b/release/pathod.spec
@@ -0,0 +1,22 @@
+# -*- mode: python -*-
+
+from PyInstaller.utils.hooks import collect_data_files
+
+a = Analysis(['../pathod'],
+             binaries=None,
+             datas=collect_data_files("libpathod"),
+             hiddenimports=['_cffi_backend'],
+             hookspath=None,
+             runtime_hooks=None,
+             excludes=None)
+pyz = PYZ(a.pure, a.zipped_data)
+exe = EXE(pyz,
+          a.scripts,
+          a.binaries,
+          a.zipfiles,
+          a.datas,
+          name='pathod',
+          debug=False,
+          strip=None,
+          upx=True,
+          console=True )
diff --git a/release/rtool.pem b/release/rtool.pem
new file mode 100644
index 00000000..097dff1a
--- /dev/null
+++ b/release/rtool.pem
@@ -0,0 +1,68 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7A4E07094E1AC0B74BB3D172A73A62DB
+
+0H4otaU3/McUviuQh/6L1tQM/gUjAc0nn1QESZ/n2R/VOlmLGwYPlMxHLXcs6a+y
+byfQc/wcy1taPHSIVbEH1bYUfrFucLhlOq8jINPfsMqhPRGbH7DwTfAFNljZTGLU
+V9zMXedIGujOdbJ29gClbYkaNbHB7wd+7icpRMJ/buEC5W9lZXpt5kspsG9Ueu6Z
+T6rljxOQ5lyLun9E0y8H/f/RLViEyeEBSGK3UAHzz7+OJjKkKzVLfAFF2It4rfIh
+PdFBhfyp3ihfs4Dy+eG2LzVSZC+D01uj0WkhGwIGzpB4XAgNjtbUeaz9o8649lLl
+w4QuoX2cxbcLj4KVqSCml8aHA18oNtBdGx/s/+26bopmapcLwp01G51T/MMJTVpD
+P+6GoFvHxE7YKasJV2fxQW70U3B8Ruu5ImZkKa9Dw7VI1XL0DY/WvQ46tYZqllyt
+JeHxg21z0MeH6RiU7aT79tYB1KNcuuq9ujPFOSAED0C7TUEycvN4tyySPxqBAnBE
+yHT0UU3AE1VpQJaYDlQWrZPC813WoPI8pjLw+v99f918TWOOQkRNfobLqjgOe/Km
+cLT80vpaAjcwIZO9LTVYJ+gH/MDNLdgkIICAXL1MmgYBkhwuOw4+SxgfyK5gS4Pe
+hkJjoc3oxkFUA7uZ/X4xY0t+vwPfXcdp3oDgYMWfjTH3NenFaa78+7u/udEVrzJ8
+jtLDOM7XmJk+8EWu4KOiCct2pAhbYHAXzGx8X+5gZRNgPhBBDpg5I0+YERgy08nx
+QcBBBTxKEuOzgO+R1+9bucNzQYI61CRb+V4Sg2HjRsUP04J7TQDAeHZtpDbpIwey
+OKqXaf4874Mi3CYktbO5ZP9VxlTHdb6cagxkzLpnFwIkEBAKI5MOMxmYyK+7vwrL
+kn4dcNSReOLJaiLiMA9J3lswBPuVRRobnWCbLeHEq3a8j21JNZRBsZeKJCP1uPDR
+AZbnk4DxXZVlSaISGhpj7dpPqIuGnMP4FnMORSBxssdB9F6q03Bh2Vl59U184Lvc
+sbE5QvsSzJTQZc8790DTW90lwM3nfkJ+OePR4DwtTx1LdK8Z/mm6vll42Thwgsko
+SKm6n47xgnVBm6Kmbl8G248RAsRbG/f1TQYKBlU8iBKeFocW2LDCIuftzgUqjgcz
+5L/GlTbTzNPUT8VZ6WLtHBK6OBjebbE2zZ+W8mwlaVC+Z9Rush5Op4CO10Y1jK0P
+cwAsG6G16h5nxtGVz/C028BG1sJS+2XPel12+CrN2rrb6qP41YyLtWJVzhj5jFBk
+kAvf5g1w227Lt1CuRnICuPdP68MtzWuY5vQOE57eN/jVsuqmEHNwi8K0ZmtEwf5/
+Vq1QH/Nz/WP5vaIQGivtganAcTgdFD+HXmT0QS1qBot87w9LOU0JkMyBvaa5aXS9
+3QsVppnCn/x3OuE8SlujWvndJKb172u+0iR2mJ+OUuVMSjpfrSo5LQq03tmLOdD4
+mBg7WNuJOrjfyOq51S4zMrCqA2hoKL1lxE10RB+4RoHbpfpiblvlBVnY+cj6ic6t
+8MuiXtKFcV4KwujKgB0aS2smLSkaA8tXa4k3vhgIm68FZRGpCMuT6J+dEWiRgY8j
+FIWVlndlRustHN2qHyBipFm0Ei1iVK4qxcsLBhBI02ceXrcP5cFq8k3uuKJexKcf
+EPXPEDy5AJKxjIKdhEiPZmMyvSQuN1Nwu97b+QG685IfMpB/18WBYwFrTJOEU7pP
+a9uowuTaKXGugJIGhL6ziy5HN2zkKO2nZMp05/+nSXt4/j+C+pldG+rBNZF1SCPR
+AmB5YySQHUDey3SZGZhHrTdGN85M6A2PnfWzdsxoOSE9pfag8nx1AUm5CJhyQTH+
+m2OgUNALXJczOot0v0hHxL0XFHxXmMobbqCbtveufwaiRlDdihQeEXK3obIvEs3P
+bsb3OcKHPHFmmWluevX0wGsV9ZY+uSBvZaBRzmv5ij3n4CTpt+CVPn/IJq25E50Q
+QZ4nkGGQyX5yQtHhIGjagfKCFRrnpuwgmVegWLCSVx3Rev+blpLygpz77D447CCx
+uzAqTpAUiagv/U0av1B9U6fXwN5N8rN/qpbwQ/94nh+ELCuyBSEQHj6c9hIuy9pq
+yPU5hKY7InYcNkI9U2lS2ZtEZsm/NEzeG3oIBdoPC0NlFUjDeWZkEXi1Vt9rlk7K
+u3bOhqIVzxkeJIhde2D4CWMS9Kg8RFGhzB8nPOvCcU7vKukR5Ok/Q2bVtzPR3jRK
+MZrARlCJTtCnkWhkYQlCuFpafuzrItITA4M8L1ZwjcVcvJNamq9b/URQfbOfsDY0
+8Igu/zuGGnb0DecPHX9DUVws/tk1HXpIC6RFiZFNfH7Pb63TyqF1dc+9oHbqRqfq
+y05xekHY87Uzwyvn8Uch5j8dfoa3MvOWy/gEoK4ZMrsXyzywzLTHusaWnN172Oaz
+G3IljaBijzzwMGkEXmPiO+4WM/mp8dv29GpNj0/Dr8L/hYGcZ87CzWGnSu93yToi
+o1paUjM1zmK0CKHKda8FxaVUchIHEmi4DGxY1Ywj0NjeV5U3VQpLQawGm88aqdkq
+2aF5annHPNfp5tncL3eySrZxy6Yy9hI1/CCxV9r/31JZdRofqwftgKyxrTN0TzXL
+5fpvzZQly1B46yVzUUjPkez+t18Rr9i7Js/Dxop2+IHx1EDAlkeoz4OIDa6fUssp
+30eVjsy4QTV65HUS2vIraoqvKHwiabqz+QU/k6EVmln5cM6fuqN4m9HBiGVVLTac
+7WAzuW7D5mmIGXtl4JdoLXW9NuKAn7MIBixhlWY8/rdvBGRJ4zHQxM3RTmcAlaEA
+1/BoQUNXundypyFO/dYH01N4N4TNJDXTpOslmJHc78c09w4PN6/MjQMF8SkTHCJ8
+eKPXxQOh7arK/ibyhT6cVE29BmBS2OAeIYxRpqVOxndnSv+dpH02L5NjgDi97YIB
+bb2zMqyy+0ajQexov+PH1X2bxMLgY7GZ9zJ3GEyrq3MXYCLkR7IKm6R45xNMhFPO
+VWx0CLZCFIiHbdUg1YPWhaqHK5fqIAlQSDgdurnWvvz3Y9gnbZxuzMQt4sAwiN/+
+2XM5ekMi50JEtiUyIggtLJl/0HAiGeAEld9Gbtl1uTQjngC1i6fLzvvBwUCQQ175
+-----END RSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs0xeGx+bc+NCLGRJDr6y
+qv825685l1Tb6lhLvYVYUFJfcxL1V79ML13CO09TPxGTbmKw7iI33ef9N2mUHHVe
+24EjcSnYZ2Zx5zYIY4ejnDKCzM0md9XA3RpfTI9F3zGsJPt72veyHy6alCbF4NgX
+FgAvp2UJmWwTLnJj3oIEwfGJeEcQRKjCFjSJlHGxbB6L0MSCgRtDxwlBfinzkriZ
+0C8YyVv6u+DidHtobbZvwk/4uV3+KhoDfkpT2VE57a2KXr4c9Fekzr6szduFMkcI
+KPqKouOOnaiNjOoKofbZ5I6cB6qoMkh+ebJvfPuEYBwhHmDDhpdjdk5v3LkeD5kt
+0GtOaF5A3LbdZhgsC+1v1dHrL6Vndrb9KhO8ATHvlzJOonV73AoJFygp6upCvIt+
+tPUuy3VE0kjc2mJDDJr5V28pSBJ5r9uz1rXZWP+9aduR3M+RUGzHS7cUdsl+lHyQ
+TFQAQIDhWXyokMGqVZBm9xJ2KcDiQAEr5+kP0BrhPmBtfHSnLA1tIXlFcOqakvyQ
+q1cACMvwbkZpupTqMhCr2S4V9dKxnlO5EIWYJmme9moU/zu1KA0mcwqfnNeDOR2J
+6c3/x3E+AqBoFzDQb6LQ2Iw+9bkKWKgDml4paLPu/ot8vA2ZB9/mujFUvp/1MLuD
+5I1jQDXFbjAgAnaSyqyW368CAwEAAQ==
+-----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/release/rtool.py b/release/rtool.py
new file mode 100644
index 00000000..136b3066
--- /dev/null
+++ b/release/rtool.py
@@ -0,0 +1,439 @@
+#!/usr/bin/env python
+from __future__ import absolute_import, print_function, division
+from os.path import join
+import contextlib
+import os
+import shutil
+import subprocess
+import re
+import shlex
+import runpy
+import zipfile
+import tarfile
+import platform
+import click
+import pysftp
+import fnmatch
+from six.moves import shlex_quote
+
+# https://virtualenv.pypa.io/en/latest/userguide.html#windows-notes
+# scripts and executables on Windows go in ENV\Scripts\ instead of ENV/bin/
+if platform.system() == "Windows":
+    VENV_BIN = "Scripts"
+else:
+    VENV_BIN = "bin"
+
+if platform.system() == "Windows":
+    def Archive(name):
+        a = zipfile.ZipFile(name, "w")
+        a.add = a.write
+        return a
+else:
+    def Archive(name):
+        return tarfile.open(name, "w:gz")
+
+RELEASE_DIR = join(os.path.dirname(os.path.realpath(__file__)))
+DIST_DIR = join(RELEASE_DIR, "dist")
+ROOT_DIR = join(RELEASE_DIR, "..")
+
+BUILD_DIR = join(RELEASE_DIR, "build")
+PYINSTALLER_TEMP = join(BUILD_DIR, "pyinstaller")
+PYINSTALLER_DIST = join(BUILD_DIR, "binaries")
+
+VENV_DIR = join(BUILD_DIR, "venv")
+VENV_PIP = join(VENV_DIR, VENV_BIN, "pip")
+VENV_PYINSTALLER = join(VENV_DIR, VENV_BIN, "pyinstaller")
+
+ALL_PROJECTS = {
+    "netlib": {
+        "tools": [],
+        "vfile": join(ROOT_DIR, "netlib/netlib/version.py"),
+        "dir": join(ROOT_DIR, "netlib"),
+        "python_version": "py2.py3"  # this is the format in wheel filenames
+    },
+    "pathod": {
+        "tools": ["pathod", "pathoc"],
+        "vfile": join(ROOT_DIR, "pathod/libpathod/version.py"),
+        "dir": join(ROOT_DIR, "pathod"),
+        "python_version": "py2"
+    },
+    "mitmproxy": {
+        "tools": ["mitmproxy", "mitmdump", "mitmweb"],
+        "vfile": join(ROOT_DIR, "mitmproxy/libmproxy/version.py"),
+        "dir": join(ROOT_DIR, "mitmproxy"),
+        "python_version": "py2"
+    }
+}
+if platform.system() == "Windows":
+    ALL_PROJECTS["mitmproxy"]["tools"].remove("mitmproxy")
+
+projects = {}
+
+
+def get_version(project):
+    return runpy.run_path(projects[project]["vfile"])["VERSION"]
+
+
+def get_snapshot_version(project):
+    last_tag, tag_dist, commit = subprocess.check_output(
+        ["git", "describe", "--tags", "--long"],
+        cwd=projects[project]["dir"]
+    ).strip().rsplit("-", 2)
+    tag_dist = int(tag_dist)
+    if tag_dist == 0:
+        return get_version(project)
+    else:
+        return "{version}dev{tag_dist:04}-{commit}".format(
+            version=get_version(project),  # this should already be the next version
+            tag_dist=tag_dist,
+            commit=commit
+        )
+
+
+def archive_name(project):
+    platform_tag = {
+        "Darwin": "osx",
+        "Windows": "win32",
+        "Linux": "linux"
+    }.get(platform.system(), platform.system())
+    if platform.system() == "Windows":
+        ext = "zip"
+    else:
+        ext = "tar.gz"
+    return "{project}-{version}-{platform}.{ext}".format(
+        project=project,
+        version=get_version(project),
+        platform=platform_tag,
+        ext=ext
+    )
+
+
+def sdist_name(project):
+    return "{project}-{version}.tar.gz".format(
+        project=project,
+        version=get_version(project)
+    )
+
+
+def wheel_name(project):
+    return "{project}-{version}-{py_version}-none-any.whl".format(
+        project=project,
+        version=get_version(project),
+        py_version=projects[project]["python_version"]
+    )
+
+
+@contextlib.contextmanager
+def empty_pythonpath():
+    """
+    Make sure that the regular python installation is not on the python path,
+    which would give us access to modules installed outside of our virtualenv.
+    """
+    pythonpath = os.environ.get("PYTHONPATH", "")
+    os.environ["PYTHONPATH"] = ""
+    yield
+    os.environ["PYTHONPATH"] = pythonpath
+
+
+@contextlib.contextmanager
+def chdir(path):
+    old_dir = os.getcwd()
+    os.chdir(path)
+    yield
+    os.chdir(old_dir)
+
+
+@click.group(chain=True)
+@click.option(
+    '--project', '-p',
+    multiple=True, type=click.Choice(ALL_PROJECTS.keys()), default=ALL_PROJECTS.keys()
+)
+def cli(project):
+    """
+    mitmproxy build tool
+    """
+    for name in project:
+        projects[name] = ALL_PROJECTS[name]
+
+
+@cli.command("contributors")
+def contributors():
+    """
+    Update CONTRIBUTORS.md
+    """
+    for project, conf in projects.items():
+        with chdir(conf["dir"]):
+            print("Updating %s/CONTRIBUTORS..." % project)
+            contributors_data = subprocess.check_output(
+                shlex.split("git shortlog -n -s")
+            )
+            with open("CONTRIBUTORS", "w") as f:
+                f.write(contributors_data)
+
+
+@cli.command("set-version")
+@click.argument('version')
+def set_version(version):
+    """
+    Update version information
+    """
+    print("Update versions...")
+    version = ", ".join(version.split("."))
+    for p, conf in projects.items():
+        print("Update %s..." % os.path.normpath(conf["vfile"]))
+        with open(conf["vfile"], "rb") as f:
+            content = f.read()
+        new_content = re.sub(
+            r"IVERSION\s*=\s*\([\d,\s]+\)", "IVERSION = (%s)" % version,
+            content
+        )
+        with open(conf["vfile"], "wb") as f:
+            f.write(new_content)
+
+
+def _git(project, args):
+    print("%s> %s..." % (project, " ".join(shlex_quote(a) for a in args)))
+    subprocess.check_call(
+        ["git"] + list(args),
+        cwd=projects[project]["dir"]
+    )
+
+
+@cli.command("git")
+@click.argument('args', nargs=-1, required=True)
+def git(args):
+    """
+    Run a git command on every project
+    """
+    for project, conf in projects.items():
+        _git(project, args)
+        print("")
+
+
+@cli.command("sdist")
+def sdist():
+    """
+    Build a source distribution
+    """
+    with empty_pythonpath():
+        print("Building release...")
+        if os.path.exists(DIST_DIR):
+            shutil.rmtree(DIST_DIR)
+        for project, conf in projects.items():
+            print("Creating %s source distribution..." % project)
+            subprocess.check_call(
+                [
+                    "python", "./setup.py", "-q",
+                    "sdist", "--dist-dir", DIST_DIR, "--formats=gztar",
+                    "bdist_wheel", "--dist-dir", DIST_DIR,
+                ],
+                cwd=conf["dir"]
+            )
+
+        print("Creating virtualenv for test install...")
+        if os.path.exists(VENV_DIR):
+            shutil.rmtree(VENV_DIR)
+        subprocess.check_call(["virtualenv", "-q", VENV_DIR])
+
+        with chdir(DIST_DIR):
+            for project, conf in projects.items():
+                print("Installing %s..." % project)
+                subprocess.check_call([VENV_PIP, "install", "-q", sdist_name(project)])
+
+            print("Running binaries...")
+            for project, conf in projects.items():
+                for tool in conf["tools"]:
+                    tool = join(VENV_DIR, VENV_BIN, tool)
+                    print("> %s --version" % tool)
+                    print(subprocess.check_output([tool, "--version"]))
+
+            print("Virtualenv available for further testing:")
+            print("source %s" % os.path.normpath(join(VENV_DIR, VENV_BIN, "activate")))
+
+
+@cli.command("bdist")
+@click.option("--use-existing-sdist/--no-use-existing-sdist", default=False)
+@click.argument("pyinstaller_version", envvar="PYINSTALLER_VERSION", default="PyInstaller~=3.1.1")
+@click.pass_context
+def bdist(ctx, use_existing_sdist, pyinstaller_version):
+    """
+    Build a binary distribution
+    """
+    if os.path.exists(PYINSTALLER_TEMP):
+        shutil.rmtree(PYINSTALLER_TEMP)
+    if os.path.exists(PYINSTALLER_DIST):
+        shutil.rmtree(PYINSTALLER_DIST)
+
+    if not use_existing_sdist:
+        ctx.invoke(sdist)
+
+    print("Installing PyInstaller...")
+    subprocess.check_call([VENV_PIP, "install", "-q", pyinstaller_version])
+
+    for p, conf in projects.items():
+        if conf["tools"]:
+            with Archive(join(DIST_DIR, archive_name(p))) as archive:
+                for tool in conf["tools"]:
+                    spec = join(conf["dir"], "release", "%s.spec" % tool)
+                    print("Building %s binary..." % tool)
+                    subprocess.check_call(
+                        [
+                            VENV_PYINSTALLER,
+                            "--clean",
+                            "--workpath", PYINSTALLER_TEMP,
+                            "--distpath", PYINSTALLER_DIST,
+                            # This is PyInstaller, so setting a 
+                            # different log level obviously breaks it :-)
+                            # "--log-level", "WARN",
+                            spec
+                        ]
+                    )
+
+                    # Test if it works at all O:-)
+                    executable = join(PYINSTALLER_DIST, tool)
+                    if platform.system() == "Windows":
+                        executable += ".exe"
+                    print("> %s --version" % executable)
+                    subprocess.check_call([executable, "--version"])
+
+                    archive.add(executable, os.path.basename(executable))
+            print("Packed {}.".format(archive_name(p)))
+
+
+@cli.command("upload-release")
+@click.option('--username', prompt=True)
+@click.password_option(confirmation_prompt=False)
+@click.option('--repository', default="pypi")
+@click.option("--sdist/--no-sdist", default=True)
+@click.option("--wheel/--no-wheel", default=True)
+def upload_release(username, password, repository, sdist, wheel):
+    """
+    Upload source distributions to PyPI
+    """
+    for project in projects.keys():
+        files = []
+        if sdist:
+            files.append(sdist_name(project))
+        if wheel:
+            files.append(wheel_name(project))
+        for f in files:
+            print("Uploading {} to {}...".format(f, repository))
+            subprocess.check_call([
+                "twine",
+                "upload",
+                "-u", username,
+                "-p", password,
+                "-r", repository,
+                join(DIST_DIR, f)
+            ])
+
+
+@cli.command("upload-snapshot")
+@click.option("--host", envvar="SNAPSHOT_HOST", prompt=True)
+@click.option("--port", envvar="SNAPSHOT_PORT", type=int, default=22)
+@click.option("--user", envvar="SNAPSHOT_USER", prompt=True)
+@click.option("--private-key", default=join(RELEASE_DIR, "rtool.pem"))
+@click.option("--private-key-password", envvar="SNAPSHOT_PASS", prompt=True, hide_input=True)
+@click.option("--sdist/--no-sdist", default=False)
+@click.option("--wheel/--no-wheel", default=False)
+@click.option("--bdist/--no-bdist", default=False)
+def upload_snapshot(host, port, user, private_key, private_key_password, sdist, wheel, bdist):
+    """
+    Upload snapshot to snapshot server
+    """
+    with pysftp.Connection(host=host,
+                           port=port,
+                           username=user,
+                           private_key=private_key,
+                           private_key_pass=private_key_password) as sftp:
+        for project, conf in projects.items():
+            dir_name = "snapshots/v{}".format(get_version(project))
+            sftp.makedirs(dir_name)
+            with sftp.cd(dir_name):
+                files = []
+                if sdist:
+                    files.append(sdist_name(project))
+                if wheel:
+                    files.append(wheel_name(project))
+                if bdist and conf["tools"]:
+                    files.append(archive_name(project))
+
+                for f in files:
+                    local_path = join(DIST_DIR, f)
+                    remote_filename = f.replace(get_version(project), get_snapshot_version(project))
+                    symlink_path = "../{}".format(f.replace(get_version(project), "latest"))
+
+                    old_version = f.replace(get_version(project), "*")
+                    for f in sftp.listdir():
+                        if fnmatch.fnmatch(f, old_version):
+                            print("Removing {}...".format(f))
+                            sftp.remove(f)
+
+                    print("Uploading {} as {}...".format(f, remote_filename))
+                    with click.progressbar(length=os.stat(local_path).st_size) as bar:
+                        sftp.put(
+                            local_path,
+                            "." + remote_filename,
+                            callback=lambda done, total: bar.update(done - bar.pos)
+                        )
+                        # We hide the file during upload.
+                        sftp.rename("." + remote_filename, remote_filename)
+
+                    # add symlink
+                    if sftp.lexists(symlink_path):
+                        print("Removing {}...".format(symlink_path))
+                        sftp.remove(symlink_path)
+                    sftp.symlink("v{}/{}".format(get_version(project), remote_filename), symlink_path)
+
+
+@cli.command("wizard")
+@click.option('--next-version', prompt=True)
+@click.option('--username', prompt="PyPI Username")
+@click.password_option(confirmation_prompt=False, prompt="PyPI Password")
+@click.option('--repository', default="pypi")
+@click.pass_context
+def wizard(ctx, next_version, username, password, repository):
+    """
+    Interactive Release Wizard
+    """
+    for project, conf in projects.items():
+        is_dirty = subprocess.check_output(["git", "status", "--porcelain"], cwd=conf["dir"])
+        if is_dirty:
+            raise RuntimeError("%s repository is not clean." % project)
+
+    # update contributors file
+    ctx.invoke(contributors)
+
+    # Build test release
+    ctx.invoke(bdist)
+
+    try:
+        click.confirm("Please test the release now. Is it ok?", abort=True)
+    except click.Abort:
+        # undo changes
+        ctx.invoke(git, args=["checkout", "CONTRIBUTORS"])
+        raise
+
+    # Everything ok - let's ship it!
+    for p in projects.keys():
+        _git(p, ["tag", "v" + get_version(p)])
+    ctx.invoke(git, args=["push", "--tags"])
+    ctx.invoke(
+        upload_release,
+        username=username, password=password, repository=repository
+    )
+
+    click.confirm("Now please wait until CI has built binaries. Finished?")
+
+    # version bump commit
+    ctx.invoke(set_version, version=next_version)
+    ctx.invoke(
+        git, args=["commit", "-a", "-m", "bump version"]
+    )
+    ctx.invoke(git, args=["push"])
+
+    click.echo("All done!")
+
+
+if __name__ == "__main__":
+    cli()
diff --git a/release/setup.py b/release/setup.py
new file mode 100644
index 00000000..9876af0a
--- /dev/null
+++ b/release/setup.py
@@ -0,0 +1,20 @@
+from setuptools import setup
+
+setup(
+    name='mitmproxy-rtool',
+    version="1.0",
+    py_modules=["rtool"],
+    install_requires=[
+        "click>=6.2, <7.0",
+        "twine>=1.6.5, <1.7",
+        "virtualenv>=14.0.5, <14.1",
+        "wheel>=0.29.0, <0.30",
+        "six>=1.10.0, <1.11",
+        "pysftp>=0.2.8, <0.3",
+    ],
+    entry_points={
+        "console_scripts": [
+            "rtool=rtool:cli",
+        ],
+    },
+)
diff --git a/requirements.txt b/requirements.txt
index 49f86b9a..e8b49f2f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
--e git+https://github.com/mitmproxy/netlib.git#egg=netlib
--e git+https://github.com/mitmproxy/pathod.git#egg=pathod
--e .[dev,examples,contentviews]
+-e ./netlib[dev]
+-e ./pathod[dev]
+-e ./mitmproxy[dev,examples,contentviews]
+-e ./release
\ No newline at end of file
diff --git a/test/__init__.py b/test/__init__.py
index 61d03152..e69de29b 100644
--- a/test/__init__.py
+++ b/test/__init__.py
@@ -1,9 +0,0 @@
-from __future__ import (print_function, absolute_import, division)
-
-# Silence third-party modules
-import logging
-logging.getLogger("hyper").setLevel(logging.WARNING)
-logging.getLogger("requests").setLevel(logging.WARNING)
-logging.getLogger("passlib").setLevel(logging.WARNING)
-logging.getLogger("PIL").setLevel(logging.WARNING)
-logging.getLogger("tornado").setLevel(logging.WARNING)
diff --git a/test/mitmproxy/__init__.py b/test/mitmproxy/__init__.py
new file mode 100644
index 00000000..61d03152
--- /dev/null
+++ b/test/mitmproxy/__init__.py
@@ -0,0 +1,9 @@
+from __future__ import (print_function, absolute_import, division)
+
+# Silence third-party modules
+import logging
+logging.getLogger("hyper").setLevel(logging.WARNING)
+logging.getLogger("requests").setLevel(logging.WARNING)
+logging.getLogger("passlib").setLevel(logging.WARNING)
+logging.getLogger("PIL").setLevel(logging.WARNING)
+logging.getLogger("tornado").setLevel(logging.WARNING)
diff --git a/test/completion/aab b/test/mitmproxy/completion/aaa
index e69de29b..e69de29b 100644
--- a/test/completion/aab
+++ b/test/mitmproxy/completion/aaa
diff --git a/test/completion/aac b/test/mitmproxy/completion/aab
index e69de29b..e69de29b 100644
--- a/test/completion/aac
+++ b/test/mitmproxy/completion/aab
diff --git a/test/mitmproxy/completion/aac b/test/mitmproxy/completion/aac
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/mitmproxy/completion/aac
diff --git a/test/data/1.css b/test/mitmproxy/data/1.css
index 33387ca7..33387ca7 100644
--- a/test/data/1.css
+++ b/test/mitmproxy/data/1.css
diff --git a/test/data/amf01 b/test/mitmproxy/data/amf01
index c8fc261d..c8fc261d 100644
--- a/test/data/amf01
+++ b/test/mitmproxy/data/amf01
diff --git a/test/data/amf02 b/test/mitmproxy/data/amf02
index ba69f130..ba69f130 100644
--- a/test/data/amf02
+++ b/test/mitmproxy/data/amf02
diff --git a/test/data/amf03 b/test/mitmproxy/data/amf03
index d9fa736a..d9fa736a 100644
--- a/test/data/amf03
+++ b/test/mitmproxy/data/amf03
diff --git a/test/data/clientcert/.gitignore b/test/mitmproxy/data/clientcert/.gitignore
index 07bc53d2..07bc53d2 100644
--- a/test/data/clientcert/.gitignore
+++ b/test/mitmproxy/data/clientcert/.gitignore
diff --git a/test/data/clientcert/127.0.0.1.pem b/test/mitmproxy/data/clientcert/127.0.0.1.pem
index d7093b76..d7093b76 100644
--- a/test/data/clientcert/127.0.0.1.pem
+++ b/test/mitmproxy/data/clientcert/127.0.0.1.pem
diff --git a/test/data/clientcert/client.cnf b/test/mitmproxy/data/clientcert/client.cnf
index 5046a944..5046a944 100644
--- a/test/data/clientcert/client.cnf
+++ b/test/mitmproxy/data/clientcert/client.cnf
diff --git a/test/data/clientcert/client.pem b/test/mitmproxy/data/clientcert/client.pem
index 322e07e0..322e07e0 100644
--- a/test/data/clientcert/client.pem
+++ b/test/mitmproxy/data/clientcert/client.pem
diff --git a/test/data/clientcert/make b/test/mitmproxy/data/clientcert/make
index e829952d..e829952d 100755..100644
--- a/test/data/clientcert/make
+++ b/test/mitmproxy/data/clientcert/make
diff --git a/test/data/confdir/mitmproxy-ca-cert.cer b/test/mitmproxy/data/confdir/mitmproxy-ca-cert.cer
index cc7f8f19..cc7f8f19 100644
--- a/test/data/confdir/mitmproxy-ca-cert.cer
+++ b/test/mitmproxy/data/confdir/mitmproxy-ca-cert.cer
diff --git a/test/data/confdir/mitmproxy-ca-cert.p12 b/test/mitmproxy/data/confdir/mitmproxy-ca-cert.p12
index d4cec0d4..d4cec0d4 100644
--- a/test/data/confdir/mitmproxy-ca-cert.p12
+++ b/test/mitmproxy/data/confdir/mitmproxy-ca-cert.p12
diff --git a/test/data/confdir/mitmproxy-ca-cert.pem b/test/mitmproxy/data/confdir/mitmproxy-ca-cert.pem
index cc7f8f19..cc7f8f19 100644
--- a/test/data/confdir/mitmproxy-ca-cert.pem
+++ b/test/mitmproxy/data/confdir/mitmproxy-ca-cert.pem
diff --git a/test/data/confdir/mitmproxy-ca.pem b/test/mitmproxy/data/confdir/mitmproxy-ca.pem
index 2a2343a6..2a2343a6 100644
--- a/test/data/confdir/mitmproxy-ca.pem
+++ b/test/mitmproxy/data/confdir/mitmproxy-ca.pem
diff --git a/test/data/dercert b/test/mitmproxy/data/dercert
index 370252af..370252af 100644
--- a/test/data/dercert
+++ b/test/mitmproxy/data/dercert
diff --git a/test/data/dumpfile-012 b/test/mitmproxy/data/dumpfile-012
index 49c2350d..49c2350d 100644
--- a/test/data/dumpfile-012
+++ b/test/mitmproxy/data/dumpfile-012
diff --git a/test/data/dumpfile-013 b/test/mitmproxy/data/dumpfile-013
index ede06f23..ede06f23 100644
--- a/test/data/dumpfile-013
+++ b/test/mitmproxy/data/dumpfile-013
diff --git a/test/data/htpasswd b/test/mitmproxy/data/htpasswd
index 54c95b8c..54c95b8c 100644
--- a/test/data/htpasswd
+++ b/test/mitmproxy/data/htpasswd
diff --git a/test/data/htpasswd.invalid b/test/mitmproxy/data/htpasswd.invalid
index 257cc564..257cc564 100644
--- a/test/data/htpasswd.invalid
+++ b/test/mitmproxy/data/htpasswd.invalid
diff --git a/test/data/image-err1.jpg b/test/mitmproxy/data/image-err1.jpg
index 1b251e6e..1b251e6e 100644
--- a/test/data/image-err1.jpg
+++ b/test/mitmproxy/data/image-err1.jpg
diff --git a/test/data/image.gif b/test/mitmproxy/data/image.gif
index 91c53284..91c53284 100644
--- a/test/data/image.gif
+++ b/test/mitmproxy/data/image.gif
diff --git a/test/data/image.ico b/test/mitmproxy/data/image.ico
index 4a8421dc..4a8421dc 100644
--- a/test/data/image.ico
+++ b/test/mitmproxy/data/image.ico
diff --git a/test/data/image.jpg b/test/mitmproxy/data/image.jpg
index 6cbe081e..6cbe081e 100644
--- a/test/data/image.jpg
+++ b/test/mitmproxy/data/image.jpg
diff --git a/test/data/image.png b/test/mitmproxy/data/image.png
index 33143e77..33143e77 100644
--- a/test/data/image.png
+++ b/test/mitmproxy/data/image.png
diff --git a/test/data/no_common_name.pem b/test/mitmproxy/data/no_common_name.pem
index fc271a0e..fc271a0e 100644
--- a/test/data/no_common_name.pem
+++ b/test/mitmproxy/data/no_common_name.pem
diff --git a/test/data/pf01 b/test/mitmproxy/data/pf01
index 3139a289..3139a289 100644
--- a/test/data/pf01
+++ b/test/mitmproxy/data/pf01
diff --git a/test/data/pf02 b/test/mitmproxy/data/pf02
index e4dc18b3..e4dc18b3 100644
--- a/test/data/pf02
+++ b/test/mitmproxy/data/pf02
diff --git a/test/data/protobuf01 b/test/mitmproxy/data/protobuf01
index fbfdbff3..fbfdbff3 100644
--- a/test/data/protobuf01
+++ b/test/mitmproxy/data/protobuf01
diff --git a/test/data/replace b/test/mitmproxy/data/replace
index ad8e760a..ad8e760a 100644
--- a/test/data/replace
+++ b/test/mitmproxy/data/replace
diff --git a/test/data/testkey.pem b/test/mitmproxy/data/testkey.pem
index af8d9d8f..af8d9d8f 100644
--- a/test/data/testkey.pem
+++ b/test/mitmproxy/data/testkey.pem
diff --git a/test/data/trusted-cadir/8117bdb9.0 b/test/mitmproxy/data/trusted-cadir/8117bdb9.0
index ae78b546..ae78b546 100644
--- a/test/data/trusted-cadir/8117bdb9.0
+++ b/test/mitmproxy/data/trusted-cadir/8117bdb9.0
diff --git a/test/data/trusted-cadir/9d45e6a9.0 b/test/mitmproxy/data/trusted-cadir/9d45e6a9.0
index ae78b546..ae78b546 100644
--- a/test/data/trusted-cadir/9d45e6a9.0
+++ b/test/mitmproxy/data/trusted-cadir/9d45e6a9.0
diff --git a/test/data/trusted-cadir/trusted-ca.pem b/test/mitmproxy/data/trusted-cadir/trusted-ca.pem
index ae78b546..ae78b546 100644
--- a/test/data/trusted-cadir/trusted-ca.pem
+++ b/test/mitmproxy/data/trusted-cadir/trusted-ca.pem
diff --git a/test/data/trusted-server.crt b/test/mitmproxy/data/trusted-server.crt
index 76f8559a..76f8559a 100644
--- a/test/data/trusted-server.crt
+++ b/test/mitmproxy/data/trusted-server.crt
diff --git a/test/data/untrusted-server.crt b/test/mitmproxy/data/untrusted-server.crt
index 62e58601..62e58601 100644
--- a/test/data/untrusted-server.crt
+++ b/test/mitmproxy/data/untrusted-server.crt
diff --git a/test/fuzzing/.env b/test/mitmproxy/fuzzing/.env
index 82ae6a8d..82ae6a8d 100644
--- a/test/fuzzing/.env
+++ b/test/mitmproxy/fuzzing/.env
diff --git a/test/fuzzing/README b/test/mitmproxy/fuzzing/README
index 2760506f..2760506f 100644
--- a/test/fuzzing/README
+++ b/test/mitmproxy/fuzzing/README
diff --git a/test/fuzzing/client_patterns b/test/mitmproxy/fuzzing/client_patterns
index 83457b6f..83457b6f 100644
--- a/test/fuzzing/client_patterns
+++ b/test/mitmproxy/fuzzing/client_patterns
diff --git a/test/fuzzing/go_proxy b/test/mitmproxy/fuzzing/go_proxy
index ea29400f..ea29400f 100755..100644
--- a/test/fuzzing/go_proxy
+++ b/test/mitmproxy/fuzzing/go_proxy
diff --git a/test/fuzzing/reverse_patterns b/test/mitmproxy/fuzzing/reverse_patterns
index 8d1d76a2..8d1d76a2 100644
--- a/test/fuzzing/reverse_patterns
+++ b/test/mitmproxy/fuzzing/reverse_patterns
diff --git a/test/fuzzing/straight_stream b/test/mitmproxy/fuzzing/straight_stream
index 41e2a6e1..41e2a6e1 100644
--- a/test/fuzzing/straight_stream
+++ b/test/mitmproxy/fuzzing/straight_stream
diff --git a/test/fuzzing/straight_stream_patterns b/test/mitmproxy/fuzzing/straight_stream_patterns
index 93a066e6..93a066e6 100644
--- a/test/fuzzing/straight_stream_patterns
+++ b/test/mitmproxy/fuzzing/straight_stream_patterns
diff --git a/test/fuzzing/straight_stream_ssl b/test/mitmproxy/fuzzing/straight_stream_ssl
index 708ff0b3..708ff0b3 100644
--- a/test/fuzzing/straight_stream_ssl
+++ b/test/mitmproxy/fuzzing/straight_stream_ssl
diff --git a/test/mock_urwid.py b/test/mitmproxy/mock_urwid.py
index 191210bf..191210bf 100644
--- a/test/mock_urwid.py
+++ b/test/mitmproxy/mock_urwid.py
diff --git a/test/scripts/a.py b/test/mitmproxy/scripts/a.py
index d4272ac8..d4272ac8 100644
--- a/test/scripts/a.py
+++ b/test/mitmproxy/scripts/a.py
diff --git a/test/scripts/a_helper.py b/test/mitmproxy/scripts/a_helper.py
index e1f1c649..e1f1c649 100644
--- a/test/scripts/a_helper.py
+++ b/test/mitmproxy/scripts/a_helper.py
diff --git a/test/scripts/all.py b/test/mitmproxy/scripts/all.py
index dad2aade..dad2aade 100644
--- a/test/scripts/all.py
+++ b/test/mitmproxy/scripts/all.py
diff --git a/test/scripts/concurrent_decorator.py b/test/mitmproxy/scripts/concurrent_decorator.py
index f6feda1d..f6feda1d 100644
--- a/test/scripts/concurrent_decorator.py
+++ b/test/mitmproxy/scripts/concurrent_decorator.py
diff --git a/test/scripts/concurrent_decorator_err.py b/test/mitmproxy/scripts/concurrent_decorator_err.py
index 00fd8dad..00fd8dad 100644
--- a/test/scripts/concurrent_decorator_err.py
+++ b/test/mitmproxy/scripts/concurrent_decorator_err.py
diff --git a/test/scripts/duplicate_flow.py b/test/mitmproxy/scripts/duplicate_flow.py
index e13af786..e13af786 100644
--- a/test/scripts/duplicate_flow.py
+++ b/test/mitmproxy/scripts/duplicate_flow.py
diff --git a/test/scripts/loaderr.py b/test/mitmproxy/scripts/loaderr.py
index 8dc4d56d..8dc4d56d 100644
--- a/test/scripts/loaderr.py
+++ b/test/mitmproxy/scripts/loaderr.py
diff --git a/test/scripts/reqerr.py b/test/mitmproxy/scripts/reqerr.py
index e7c503a8..e7c503a8 100644
--- a/test/scripts/reqerr.py
+++ b/test/mitmproxy/scripts/reqerr.py
diff --git a/test/scripts/starterr.py b/test/mitmproxy/scripts/starterr.py
index b217bdfe..b217bdfe 100644
--- a/test/scripts/starterr.py
+++ b/test/mitmproxy/scripts/starterr.py
diff --git a/test/scripts/stream_modify.py b/test/mitmproxy/scripts/stream_modify.py
index e26d83f1..e26d83f1 100644
--- a/test/scripts/stream_modify.py
+++ b/test/mitmproxy/scripts/stream_modify.py
diff --git a/test/scripts/syntaxerr.py b/test/mitmproxy/scripts/syntaxerr.py
index 219d6b84..219d6b84 100644
--- a/test/scripts/syntaxerr.py
+++ b/test/mitmproxy/scripts/syntaxerr.py
diff --git a/test/scripts/tcp_stream_modify.py b/test/mitmproxy/scripts/tcp_stream_modify.py
index 93b0d5c8..93b0d5c8 100644
--- a/test/scripts/tcp_stream_modify.py
+++ b/test/mitmproxy/scripts/tcp_stream_modify.py
diff --git a/test/scripts/unloaderr.py b/test/mitmproxy/scripts/unloaderr.py
index fba02734..fba02734 100644
--- a/test/scripts/unloaderr.py
+++ b/test/mitmproxy/scripts/unloaderr.py
diff --git a/test/test_app.py b/test/mitmproxy/test_app.py
index 577a70a5..577a70a5 100644
--- a/test/test_app.py
+++ b/test/mitmproxy/test_app.py
diff --git a/test/test_cmdline.py b/test/mitmproxy/test_cmdline.py
index 9b3317aa..9b3317aa 100644
--- a/test/test_cmdline.py
+++ b/test/mitmproxy/test_cmdline.py
diff --git a/test/test_console.py b/test/mitmproxy/test_console.py
index e64ed44a..e64ed44a 100644
--- a/test/test_console.py
+++ b/test/mitmproxy/test_console.py
diff --git a/test/test_console_common.py b/test/mitmproxy/test_console_common.py
index deba5f6c..deba5f6c 100644
--- a/test/test_console_common.py
+++ b/test/mitmproxy/test_console_common.py
diff --git a/test/test_console_help.py b/test/mitmproxy/test_console_help.py
index f1a71faf..f1a71faf 100644
--- a/test/test_console_help.py
+++ b/test/mitmproxy/test_console_help.py
diff --git a/test/test_console_palettes.py b/test/mitmproxy/test_console_palettes.py
index ac33f83d..ac33f83d 100644
--- a/test/test_console_palettes.py
+++ b/test/mitmproxy/test_console_palettes.py
diff --git a/test/test_console_pathedit.py b/test/mitmproxy/test_console_pathedit.py
index 940351f5..940351f5 100644
--- a/test/test_console_pathedit.py
+++ b/test/mitmproxy/test_console_pathedit.py
diff --git a/test/test_contentview.py b/test/mitmproxy/test_contentview.py
index af80d63a..af80d63a 100644
--- a/test/test_contentview.py
+++ b/test/mitmproxy/test_contentview.py
diff --git a/test/test_controller.py b/test/mitmproxy/test_controller.py
index ffc7d433..ffc7d433 100644
--- a/test/test_controller.py
+++ b/test/mitmproxy/test_controller.py
diff --git a/test/test_custom_contentview.py b/test/mitmproxy/test_custom_contentview.py
index adc4109b..adc4109b 100644
--- a/test/test_custom_contentview.py
+++ b/test/mitmproxy/test_custom_contentview.py
diff --git a/test/test_dump.py b/test/mitmproxy/test_dump.py
index dbd0c653..dbd0c653 100644
--- a/test/test_dump.py
+++ b/test/mitmproxy/test_dump.py
diff --git a/test/test_examples.py b/test/mitmproxy/test_examples.py
index bb7c596b..bb7c596b 100644
--- a/test/test_examples.py
+++ b/test/mitmproxy/test_examples.py
diff --git a/test/test_filt.py b/test/mitmproxy/test_filt.py
index e6873c7d..e6873c7d 100644
--- a/test/test_filt.py
+++ b/test/mitmproxy/test_filt.py
diff --git a/test/test_flow.py b/test/mitmproxy/test_flow.py
index b122489f..b122489f 100644
--- a/test/test_flow.py
+++ b/test/mitmproxy/test_flow.py
diff --git a/test/test_flow_export.py b/test/mitmproxy/test_flow_export.py
index e5e9c0a3..e5e9c0a3 100644
--- a/test/test_flow_export.py
+++ b/test/mitmproxy/test_flow_export.py
diff --git a/test/test_flow_format_compat.py b/test/mitmproxy/test_flow_format_compat.py
index 232f5473..232f5473 100644
--- a/test/test_flow_format_compat.py
+++ b/test/mitmproxy/test_flow_format_compat.py
diff --git a/test/test_fuzzing.py b/test/mitmproxy/test_fuzzing.py
index cec64f58..cec64f58 100644
--- a/test/test_fuzzing.py
+++ b/test/mitmproxy/test_fuzzing.py
diff --git a/test/test_platform_pf.py b/test/mitmproxy/test_platform_pf.py
index 8994ee0d..8994ee0d 100644
--- a/test/test_platform_pf.py
+++ b/test/mitmproxy/test_platform_pf.py
diff --git a/test/test_protocol_http1.py b/test/mitmproxy/test_protocol_http1.py
index 13e0eabe..13e0eabe 100644
--- a/test/test_protocol_http1.py
+++ b/test/mitmproxy/test_protocol_http1.py
diff --git a/test/test_protocol_http2.py b/test/mitmproxy/test_protocol_http2.py
index c2c736af..6d3bb43f 100644
--- a/test/test_protocol_http2.py
+++ b/test/mitmproxy/test_protocol_http2.py
@@ -26,7 +26,7 @@ import h2
 from . import tservers
 
 requires_alpn = pytest.mark.skipif(
-    not OpenSSL._util.lib.Cryptography_HAS_ALPN,
+    not netlib.tcp.HAS_ALPN,
     reason="requires OpenSSL with ALPN support")
 
 
diff --git a/test/test_proxy.py b/test/mitmproxy/test_proxy.py
index 27ae70a8..27ae70a8 100644
--- a/test/test_proxy.py
+++ b/test/mitmproxy/test_proxy.py
diff --git a/test/test_script.py b/test/mitmproxy/test_script.py
index f3a6499e..f3a6499e 100644
--- a/test/test_script.py
+++ b/test/mitmproxy/test_script.py
diff --git a/test/test_server.py b/test/mitmproxy/test_server.py
index 1b7e6966..1b7e6966 100644
--- a/test/test_server.py
+++ b/test/mitmproxy/test_server.py
diff --git a/test/test_utils.py b/test/mitmproxy/test_utils.py
index 17bf3dbf..17bf3dbf 100644
--- a/test/test_utils.py
+++ b/test/mitmproxy/test_utils.py
diff --git a/test/tools/1024example b/test/mitmproxy/tools/1024example
index 78af7ed0..78af7ed0 100644
--- a/test/tools/1024example
+++ b/test/mitmproxy/tools/1024example
diff --git a/test/tools/ab.exe b/test/mitmproxy/tools/ab.exe
index d68ed0f3..d68ed0f3 100644
--- a/test/tools/ab.exe
+++ b/test/mitmproxy/tools/ab.exe
diff --git a/test/tools/bench.py b/test/mitmproxy/tools/bench.py
index 8127d083..8127d083 100644
--- a/test/tools/bench.py
+++ b/test/mitmproxy/tools/bench.py
diff --git a/test/tools/benchtool.py b/test/mitmproxy/tools/benchtool.py
index a1d80697..a1d80697 100644
--- a/test/tools/benchtool.py
+++ b/test/mitmproxy/tools/benchtool.py
diff --git a/test/tools/getcert b/test/mitmproxy/tools/getcert
index 3bd2bec8..3bd2bec8 100755..100644
--- a/test/tools/getcert
+++ b/test/mitmproxy/tools/getcert
diff --git a/test/tools/inspect_dumpfile.py b/test/mitmproxy/tools/inspect_dumpfile.py
index d15e9e8a..d15e9e8a 100644
--- a/test/tools/inspect_dumpfile.py
+++ b/test/mitmproxy/tools/inspect_dumpfile.py
diff --git a/test/tools/memoryleak.py b/test/mitmproxy/tools/memoryleak.py
index 259309a6..259309a6 100644
--- a/test/tools/memoryleak.py
+++ b/test/mitmproxy/tools/memoryleak.py
diff --git a/test/tools/passive_close.py b/test/mitmproxy/tools/passive_close.py
index 5b1bd451..5b1bd451 100644
--- a/test/tools/passive_close.py
+++ b/test/mitmproxy/tools/passive_close.py
diff --git a/test/tools/testpatt b/test/mitmproxy/tools/testpatt
index b41011c0..b41011c0 100755..100644
--- a/test/tools/testpatt
+++ b/test/mitmproxy/tools/testpatt
diff --git a/test/tservers.py b/test/mitmproxy/tservers.py
index dbc9f7d0..dbc9f7d0 100644
--- a/test/tservers.py
+++ b/test/mitmproxy/tservers.py
diff --git a/test/tutils.py b/test/mitmproxy/tutils.py
index 2ce0884d..2ce0884d 100644
--- a/test/tutils.py
+++ b/test/mitmproxy/tutils.py
diff --git a/test/netlib/__init__.py b/test/netlib/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/netlib/__init__.py
diff --git a/test/netlib/data/clientcert/.gitignore b/test/netlib/data/clientcert/.gitignore
new file mode 100644
index 00000000..07bc53d2
--- /dev/null
+++ b/test/netlib/data/clientcert/.gitignore
@@ -0,0 +1,3 @@
+client.crt
+client.key
+client.req
diff --git a/test/netlib/data/clientcert/client.cnf b/test/netlib/data/clientcert/client.cnf
new file mode 100644
index 00000000..5046a944
--- /dev/null
+++ b/test/netlib/data/clientcert/client.cnf
@@ -0,0 +1,5 @@
+[ ssl_client ]
+basicConstraints = CA:FALSE
+nsCertType = client
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth
diff --git a/test/netlib/data/clientcert/client.pem b/test/netlib/data/clientcert/client.pem
new file mode 100644
index 00000000..4927bca2
--- /dev/null
+++ b/test/netlib/data/clientcert/client.pem
@@ -0,0 +1,42 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzCpoRjSTfIN24kkNap/GYmP9zVWj0Gk8R5BB/PvvN0OB1Zk0
+EEYPsWCcuhEdK0ehiDZX030doF0DOncKKa6mop/d0x2o+ts42peDhZM6JNUrm6d+
+ZWQVtio33mpp77UMhR093vaA+ExDnmE26kBTVijJ1+fRAVDXG/cmQINEri91Kk/G
+3YJ5e45UrohGI5seBZ4vV0xbHtmczFRhYFlGOvYsoIe4Lvz/eFS2pIrTIpYQ2VM/
+SQQl+JFy+NlQRsWG2NrxtKOzMnnDE7YN4I3z5D5eZFo1EtwZ48LNCeSwrEOdfuzP
+G5q5qbs5KpE/x85H9umuRwSCIArbMwBYV8a8JwIDAQABAoIBAFE3FV/IDltbmHEP
+iky93hbJm+6QgKepFReKpRVTyqb7LaygUvueQyPWQMIriKTsy675nxo8DQr7tQsO
+y3YlSZgra/xNMikIB6e82c7K8DgyrDQw/rCqjZB3Xt4VCqsWJDLXnQMSn98lx0g7
+d7Lbf8soUpKWXqfdVpSDTi4fibSX6kshXyfSTpcz4AdoncEpViUfU1xkEEmZrjT8
+1GcCsDC41xdNmzCpqRuZX7DKSFRoB+0hUzsC1oiqM7FD5kixonRd4F5PbRXImIzt
+6YCsT2okxTA04jX7yByis7LlOLTlkmLtKQYuc3erOFvwx89s4vW+AeFei+GGNitn
+tHfSwbECgYEA7SzV+nN62hAERHlg8cEQT4TxnsWvbronYWcc/ev44eHSPDWL5tPi
+GHfSbW6YAq5Wa0I9jMWfXyhOYEC3MZTC5EEeLOB71qVrTwcy/sY66rOrcgjFI76Q
+5JFHQ4wy3SWU50KxE0oWJO9LIowprG+pW1vzqC3VF0T7q0FqESrY4LUCgYEA3F7Z
+80ndnCUlooJAb+Hfotv7peFf1o6+m1PTRcz1lLnVt5R5lXj86kn+tXEpYZo1RiGR
+2rE2N0seeznWCooakHcsBN7/qmFIhhooJNF7yW+JP2I4P2UV5+tJ+8bcs/voUkQD
+1x+rGOuMn8nvHBd2+Vharft8eGL2mgooPVI2XusCgYEAlMZpO3+w8pTVeHaDP2MR
+7i/AuQ3cbCLNjSX3Y7jgGCFllWspZRRIYXzYPNkA9b2SbBnTLjjRLgnEkFBIGgvs
+7O2EFjaCuDRvydUEQhjq4ErwIsopj7B8h0QyZcbOKTbn3uFQ3n68wVJx2Sv/ADHT
+FIHrp/WIE96r19Niy34LKXkCgYB2W59VsuOKnMz01l5DeR5C+0HSWxS9SReIl2IO
+yEFSKullWyJeLIgyUaGy0990430feKI8whcrZXYumuah7IDN/KOwzhCk8vEfzWao
+N7bzfqtJVrh9HA7C7DVlO+6H4JFrtcoWPZUIomJ549w/yz6EN3ckoMC+a/Ck1TW9
+ka1QFwKBgQCywG6TrZz0UmOjyLQZ+8Q4uvZklSW5NAKBkNnyuQ2kd5rzyYgMPE8C
+Er8T88fdVIKvkhDyHhwcI7n58xE5Gr7wkwsrk/Hbd9/ZB2GgAPY3cATskK1v1McU
+YeX38CU0fUS4aoy26hWQXkViB47IGQ3jWo3ZCtzIJl8DI9/RsBWTnw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICYDCCAckCAQEwDQYJKoZIhvcNAQEFBQAwKDESMBAGA1UEAxMJbWl0bXByb3h5
+MRIwEAYDVQQKEwltaXRtcHJveHkwHhcNMTMwMTIwMDEwODEzWhcNMTUxMDE3MDEw
+ODEzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UE
+ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAzCpoRjSTfIN24kkNap/GYmP9zVWj0Gk8R5BB/PvvN0OB1Zk0
+EEYPsWCcuhEdK0ehiDZX030doF0DOncKKa6mop/d0x2o+ts42peDhZM6JNUrm6d+
+ZWQVtio33mpp77UMhR093vaA+ExDnmE26kBTVijJ1+fRAVDXG/cmQINEri91Kk/G
+3YJ5e45UrohGI5seBZ4vV0xbHtmczFRhYFlGOvYsoIe4Lvz/eFS2pIrTIpYQ2VM/
+SQQl+JFy+NlQRsWG2NrxtKOzMnnDE7YN4I3z5D5eZFo1EtwZ48LNCeSwrEOdfuzP
+G5q5qbs5KpE/x85H9umuRwSCIArbMwBYV8a8JwIDAQABMA0GCSqGSIb3DQEBBQUA
+A4GBAFvI+cd47B85PQ970n2dU/PlA2/Hb1ldrrXh2guR4hX6vYx/uuk5yRI/n0Rd
+KOXJ3czO0bd2Fpe3ZoNpkW0pOSDej/Q+58ScuJd0gWCT/Sh1eRk6ZdC0kusOuWoY
+bPOPMkG45LPgUMFOnZEsfJP6P5mZIxlbCvSMFC25nPHWlct7
+-----END CERTIFICATE-----
diff --git a/test/netlib/data/clientcert/make b/test/netlib/data/clientcert/make
new file mode 100644
index 00000000..d1caea81
--- /dev/null
+++ b/test/netlib/data/clientcert/make
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+openssl genrsa -out client.key 2048
+openssl req -key client.key -new -out client.req
+openssl x509 -req -days 365 -in client.req -signkey client.key -out client.crt -extfile client.cnf -extensions ssl_client
+openssl x509 -req -days 1000 -in client.req -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -set_serial 00001 -out client.crt -extensions ssl_client
+cat client.key client.crt > client.pem
+openssl x509 -text -noout -in client.pem
diff --git a/test/netlib/data/dercert b/test/netlib/data/dercert
new file mode 100644
index 00000000..370252af
--- /dev/null
+++ b/test/netlib/data/dercert
diff --git a/test/netlib/data/dhparam.pem b/test/netlib/data/dhparam.pem
new file mode 100644
index 00000000..afb41672
--- /dev/null
+++ b/test/netlib/data/dhparam.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAyT6LzpwVFS3gryIo29J5icvgxCnCebcdSe/NHMkD8dKJf8suFCg3
+O2+dguLakSVif/t6dhImxInJk230HmfC8q93hdcg/j8rLGJYDKu3ik6H//BAHKIv
+j5O9yjU3rXCfmVJQic2Nne39sg3CreAepEts2TvYHhVv3TEAzEqCtOuTjgDv0ntJ
+Gwpj+BJBRQGG9NvprX1YGJ7WOFBP/hWU7d6tgvE6Xa7T/u9QIKpYHMIkcN/l3ZFB
+chZEqVlyrcngtSXCROTPcDOQ6Q8QzhaBJS+Z6rcsd7X+haiQqvoFcmaJ08Ks6LQC
+ZIL2EtYJw8V8z7C0igVEBIADZBI6OTbuuhDwRw//zU1uq52Oc48CIZlGxTYG/Evq
+o9EWAXUYVzWkDSTeBH1r4z/qLPE2cnhtMxbFxuvK53jGB0emy2y1Ei6IhKshJ5qX
+IB/aE7SSHyQ3MDHHkCmQJCsOd4Mo26YX61NZ+n501XjqpCBQ2+DfZCBh8Va2wDyv
+A2Ryg9SUz8j0AXViRNMJgJrr446yro/FuJZwnQcO3WQnXeqSBnURqKjmqkeFP+d8
+6mk2tqJaY507lRNqtGlLnj7f5RNoBFJDCLBNurVgfvq9TCVWKDIFD4vZRjCrnl6I
+rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
+-----END DH PARAMETERS-----
diff --git a/test/netlib/data/htpasswd b/test/netlib/data/htpasswd
new file mode 100644
index 00000000..54c95b8c
--- /dev/null
+++ b/test/netlib/data/htpasswd
@@ -0,0 +1 @@
+test:$apr1$/LkYxy3x$WI4.YbiJlu537jLGEW2eu1
diff --git a/test/netlib/data/server.crt b/test/netlib/data/server.crt
new file mode 100644
index 00000000..68f61bac
--- /dev/null
+++ b/test/netlib/data/server.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICOzCCAaQCCQDC7f5GsEpo9jANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJO
+WjEOMAwGA1UECBMFT3RhZ28xEDAOBgNVBAcTB0R1bmVkaW4xDzANBgNVBAoTBm5l
+dGxpYjEPMA0GA1UECxMGbmV0bGliMQ8wDQYDVQQDEwZuZXRsaWIwHhcNMTIwNjI0
+MjI0MTU0WhcNMjIwNjIyMjI0MTU0WjBiMQswCQYDVQQGEwJOWjEOMAwGA1UECBMF
+T3RhZ28xEDAOBgNVBAcTB0R1bmVkaW4xDzANBgNVBAoTBm5ldGxpYjEPMA0GA1UE
+CxMGbmV0bGliMQ8wDQYDVQQDEwZuZXRsaWIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBALJSVEl9y3QUSYuXTH0UjBOPQgS0nHmNWej9hjqnA0KWvEnGY+c6yQeP
+/rmwswlKw1iVV5o8kRK9Wej88YWQl/hl/xruyeJgGic0+yqY/FcueZxRudwBcWu2
+7+46aEftwLLRF0GwHZxX/HwWME+TcCXGpXGSG2qs921M4iVeBn5hAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADgYEAODZCihEv2yr8zmmQZDrfqg2ChxAoOXWF5+W2F/0LAUBf
+2bHP+K4XE6BJWmadX1xKngj7SWrhmmTDp1gBAvXURoDaScOkB1iOCOHoIyalscTR
+0FvSHKqFF8fgSlfqS6eYaSbXU3zQolvwP+URzIVnGDqgQCWPtjMqLD3Kd5tuwos=
+-----END CERTIFICATE-----
diff --git a/test/netlib/data/server.key b/test/netlib/data/server.key
new file mode 100644
index 00000000..b1b658ab
--- /dev/null
+++ b/test/netlib/data/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCyUlRJfct0FEmLl0x9FIwTj0IEtJx5jVno/YY6pwNClrxJxmPn
+OskHj/65sLMJSsNYlVeaPJESvVno/PGFkJf4Zf8a7sniYBonNPsqmPxXLnmcUbnc
+AXFrtu/uOmhH7cCy0RdBsB2cV/x8FjBPk3AlxqVxkhtqrPdtTOIlXgZ+YQIDAQAB
+AoGAQEpGcSiVTYhy64zk2sOprPOdTa0ALSK1I7cjycmk90D5KXAJXLho+f0ETVZT
+dioqO6m8J7NmamcyHznyqcDzyNRqD2hEBDGVRJWmpOjIER/JwWLNNbpeVjsMHV8I
+40P5rZMOhBPYlwECSC5NtMwaN472fyGNNze8u37IZKiER/ECQQDe1iY5AG3CgkP3
+tEZB3Vtzcn4PoOr3Utyn1YER34lPqAmeAsWUhmAVEfR3N1HDe1VFD9s2BidhBn1a
+/Bgqxz4DAkEAzNw0m+uO0WkD7aEYRBW7SbXCX+3xsbVToIWC1jXFG+XDzSWn++c1
+DMXEElzEJxPDA+FzQUvRTml4P92bTAbGywJAS9H7wWtm7Ubbj33UZfbGdhqfz/uF
+109naufXedhgZS0c0JnK1oV+Tc0FLEczV9swIUaK5O/lGDtYDcw3AN84NwJBAIw5
+/1jrOOtm8uVp6+5O4dBmthJsEZEPCZtLSG/Qhoe+EvUN3Zq0fL+tb7USAsKs6ERz
+wizj9PWzhDhTPMYhrVkCQGIponZHx6VqiFyLgYUH9+gDTjBhYyI+6yMTYzcRweyL
+9Suc2NkS3X2Lp+wCjvVZdwGtStp6Vo8z02b3giIsAIY=
+-----END RSA PRIVATE KEY-----
diff --git a/test/netlib/data/text_cert b/test/netlib/data/text_cert
new file mode 100644
index 00000000..36ca33b9
--- /dev/null
+++ b/test/netlib/data/text_cert
@@ -0,0 +1,145 @@
+-----BEGIN CERTIFICATE-----
+MIIadTCCGd6gAwIBAgIGR09PUAFtMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu
+ZXQgQXV0aG9yaXR5MB4XDTEyMDExNzEyNTUwNFoXDTEzMDExNzEyNTUwNFowTDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAoTCkdvb2ds
+ZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBALofcxR2fud5cyFIeld9pj2vGB5GH0y9tmAYa5t33xbJguKKX/el3tXA
+KMNiT1SZzu8ELJ1Ey0GcBAgHA9jVPQd0LGdbEtNIxjblAsWAD/FZlSt8X87h7C5w
+2JSefOani0qgQqU6sTdsaCUGZ+Eu7D0lBfT5/Vnl2vV+zI3YmDlpAgMBAAGjghhm
+MIIYYjAdBgNVHQ4EFgQUL3+JeC/oL9jZhTp3F550LautzV8wHwYDVR0jBBgwFoAU
+v8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQoE6gTIZKaHR0cDovL3d3
+dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS9Hb29nbGVJbnRl
+cm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBYMFYGCCsGAQUFBzAChkpo
+dHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVybmV0QXV0aG9yaXR5L0dv
+b2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCCF1kGA1UdEQSCF1AwghdMggpnb29n
+bGUuY29tggwqLmdvb2dsZS5jb22CCyouZ29vZ2xlLmFjggsqLmdvb2dsZS5hZIIL
+Ki5nb29nbGUuYWWCCyouZ29vZ2xlLmFmggsqLmdvb2dsZS5hZ4ILKi5nb29nbGUu
+YW2CCyouZ29vZ2xlLmFzggsqLmdvb2dsZS5hdIILKi5nb29nbGUuYXqCCyouZ29v
+Z2xlLmJhggsqLmdvb2dsZS5iZYILKi5nb29nbGUuYmaCCyouZ29vZ2xlLmJnggsq
+Lmdvb2dsZS5iaYILKi5nb29nbGUuYmqCCyouZ29vZ2xlLmJzggsqLmdvb2dsZS5i
+eYILKi5nb29nbGUuY2GCDCouZ29vZ2xlLmNhdIILKi5nb29nbGUuY2OCCyouZ29v
+Z2xlLmNkggsqLmdvb2dsZS5jZoILKi5nb29nbGUuY2eCCyouZ29vZ2xlLmNoggsq
+Lmdvb2dsZS5jaYILKi5nb29nbGUuY2yCCyouZ29vZ2xlLmNtggsqLmdvb2dsZS5j
+boIOKi5nb29nbGUuY28uYW+CDiouZ29vZ2xlLmNvLmJ3gg4qLmdvb2dsZS5jby5j
+a4IOKi5nb29nbGUuY28uY3KCDiouZ29vZ2xlLmNvLmh1gg4qLmdvb2dsZS5jby5p
+ZIIOKi5nb29nbGUuY28uaWyCDiouZ29vZ2xlLmNvLmltgg4qLmdvb2dsZS5jby5p
+boIOKi5nb29nbGUuY28uamWCDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby5r
+ZYIOKi5nb29nbGUuY28ua3KCDiouZ29vZ2xlLmNvLmxzgg4qLmdvb2dsZS5jby5t
+YYIOKi5nb29nbGUuY28ubXqCDiouZ29vZ2xlLmNvLm56gg4qLmdvb2dsZS5jby50
+aIIOKi5nb29nbGUuY28udHqCDiouZ29vZ2xlLmNvLnVngg4qLmdvb2dsZS5jby51
+a4IOKi5nb29nbGUuY28udXqCDiouZ29vZ2xlLmNvLnZlgg4qLmdvb2dsZS5jby52
+aYIOKi5nb29nbGUuY28uemGCDiouZ29vZ2xlLmNvLnptgg4qLmdvb2dsZS5jby56
+d4IPKi5nb29nbGUuY29tLmFmgg8qLmdvb2dsZS5jb20uYWeCDyouZ29vZ2xlLmNv
+bS5haYIPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xl
+LmNvbS5iZIIPKi5nb29nbGUuY29tLmJogg8qLmdvb2dsZS5jb20uYm6CDyouZ29v
+Z2xlLmNvbS5ib4IPKi5nb29nbGUuY29tLmJygg8qLmdvb2dsZS5jb20uYnmCDyou
+Z29vZ2xlLmNvbS5ieoIPKi5nb29nbGUuY29tLmNugg8qLmdvb2dsZS5jb20uY2+C
+DyouZ29vZ2xlLmNvbS5jdYIPKi5nb29nbGUuY29tLmN5gg8qLmdvb2dsZS5jb20u
+ZG+CDyouZ29vZ2xlLmNvbS5lY4IPKi5nb29nbGUuY29tLmVngg8qLmdvb2dsZS5j
+b20uZXSCDyouZ29vZ2xlLmNvbS5maoIPKi5nb29nbGUuY29tLmdlgg8qLmdvb2ds
+ZS5jb20uZ2iCDyouZ29vZ2xlLmNvbS5naYIPKi5nb29nbGUuY29tLmdygg8qLmdv
+b2dsZS5jb20uZ3SCDyouZ29vZ2xlLmNvbS5oa4IPKi5nb29nbGUuY29tLmlxgg8q
+Lmdvb2dsZS5jb20uam2CDyouZ29vZ2xlLmNvbS5qb4IPKi5nb29nbGUuY29tLmto
+gg8qLmdvb2dsZS5jb20ua3eCDyouZ29vZ2xlLmNvbS5sYoIPKi5nb29nbGUuY29t
+Lmx5gg8qLmdvb2dsZS5jb20ubXSCDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUu
+Y29tLm15gg8qLmdvb2dsZS5jb20ubmGCDyouZ29vZ2xlLmNvbS5uZoIPKi5nb29n
+bGUuY29tLm5ngg8qLmdvb2dsZS5jb20ubmmCDyouZ29vZ2xlLmNvbS5ucIIPKi5n
+b29nbGUuY29tLm5ygg8qLmdvb2dsZS5jb20ub22CDyouZ29vZ2xlLmNvbS5wYYIP
+Ki5nb29nbGUuY29tLnBlgg8qLmdvb2dsZS5jb20ucGiCDyouZ29vZ2xlLmNvbS5w
+a4IPKi5nb29nbGUuY29tLnBsgg8qLmdvb2dsZS5jb20ucHKCDyouZ29vZ2xlLmNv
+bS5weYIPKi5nb29nbGUuY29tLnFhgg8qLmdvb2dsZS5jb20ucnWCDyouZ29vZ2xl
+LmNvbS5zYYIPKi5nb29nbGUuY29tLnNigg8qLmdvb2dsZS5jb20uc2eCDyouZ29v
+Z2xlLmNvbS5zbIIPKi5nb29nbGUuY29tLnN2gg8qLmdvb2dsZS5jb20udGqCDyou
+Z29vZ2xlLmNvbS50boIPKi5nb29nbGUuY29tLnRygg8qLmdvb2dsZS5jb20udHeC
+DyouZ29vZ2xlLmNvbS51YYIPKi5nb29nbGUuY29tLnV5gg8qLmdvb2dsZS5jb20u
+dmOCDyouZ29vZ2xlLmNvbS52ZYIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5j
+doILKi5nb29nbGUuY3qCCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5kaoILKi5nb29n
+bGUuZGuCCyouZ29vZ2xlLmRtggsqLmdvb2dsZS5keoILKi5nb29nbGUuZWWCCyou
+Z29vZ2xlLmVzggsqLmdvb2dsZS5maYILKi5nb29nbGUuZm2CCyouZ29vZ2xlLmZy
+ggsqLmdvb2dsZS5nYYILKi5nb29nbGUuZ2WCCyouZ29vZ2xlLmdnggsqLmdvb2ds
+ZS5nbIILKi5nb29nbGUuZ22CCyouZ29vZ2xlLmdwggsqLmdvb2dsZS5ncoILKi5n
+b29nbGUuZ3mCCyouZ29vZ2xlLmhrggsqLmdvb2dsZS5oboILKi5nb29nbGUuaHKC
+CyouZ29vZ2xlLmh0ggsqLmdvb2dsZS5odYILKi5nb29nbGUuaWWCCyouZ29vZ2xl
+Lmltgg0qLmdvb2dsZS5pbmZvggsqLmdvb2dsZS5pcYILKi5nb29nbGUuaXOCCyou
+Z29vZ2xlLml0gg4qLmdvb2dsZS5pdC5hb4ILKi5nb29nbGUuamWCCyouZ29vZ2xl
+Lmpvgg0qLmdvb2dsZS5qb2JzggsqLmdvb2dsZS5qcIILKi5nb29nbGUua2eCCyou
+Z29vZ2xlLmtpggsqLmdvb2dsZS5reoILKi5nb29nbGUubGGCCyouZ29vZ2xlLmxp
+ggsqLmdvb2dsZS5sa4ILKi5nb29nbGUubHSCCyouZ29vZ2xlLmx1ggsqLmdvb2ds
+ZS5sdoILKi5nb29nbGUubWSCCyouZ29vZ2xlLm1lggsqLmdvb2dsZS5tZ4ILKi5n
+b29nbGUubWuCCyouZ29vZ2xlLm1sggsqLmdvb2dsZS5tboILKi5nb29nbGUubXOC
+CyouZ29vZ2xlLm11ggsqLmdvb2dsZS5tdoILKi5nb29nbGUubXeCCyouZ29vZ2xl
+Lm5lgg4qLmdvb2dsZS5uZS5qcIIMKi5nb29nbGUubmV0ggsqLmdvb2dsZS5ubIIL
+Ki5nb29nbGUubm+CCyouZ29vZ2xlLm5yggsqLmdvb2dsZS5udYIPKi5nb29nbGUu
+b2ZmLmFpggsqLmdvb2dsZS5wa4ILKi5nb29nbGUucGyCCyouZ29vZ2xlLnBuggsq
+Lmdvb2dsZS5wc4ILKi5nb29nbGUucHSCCyouZ29vZ2xlLnJvggsqLmdvb2dsZS5y
+c4ILKi5nb29nbGUucnWCCyouZ29vZ2xlLnJ3ggsqLmdvb2dsZS5zY4ILKi5nb29n
+bGUuc2WCCyouZ29vZ2xlLnNoggsqLmdvb2dsZS5zaYILKi5nb29nbGUuc2uCCyou
+Z29vZ2xlLnNtggsqLmdvb2dsZS5zboILKi5nb29nbGUuc2+CCyouZ29vZ2xlLnN0
+ggsqLmdvb2dsZS50ZIILKi5nb29nbGUudGeCCyouZ29vZ2xlLnRrggsqLmdvb2ds
+ZS50bIILKi5nb29nbGUudG2CCyouZ29vZ2xlLnRuggsqLmdvb2dsZS50b4ILKi5n
+b29nbGUudHCCCyouZ29vZ2xlLnR0ggsqLmdvb2dsZS51c4ILKi5nb29nbGUudXqC
+CyouZ29vZ2xlLnZnggsqLmdvb2dsZS52dYILKi5nb29nbGUud3OCCWdvb2dsZS5h
+Y4IJZ29vZ2xlLmFkgglnb29nbGUuYWWCCWdvb2dsZS5hZoIJZ29vZ2xlLmFnggln
+b29nbGUuYW2CCWdvb2dsZS5hc4IJZ29vZ2xlLmF0gglnb29nbGUuYXqCCWdvb2ds
+ZS5iYYIJZ29vZ2xlLmJlgglnb29nbGUuYmaCCWdvb2dsZS5iZ4IJZ29vZ2xlLmJp
+gglnb29nbGUuYmqCCWdvb2dsZS5ic4IJZ29vZ2xlLmJ5gglnb29nbGUuY2GCCmdv
+b2dsZS5jYXSCCWdvb2dsZS5jY4IJZ29vZ2xlLmNkgglnb29nbGUuY2aCCWdvb2ds
+ZS5jZ4IJZ29vZ2xlLmNogglnb29nbGUuY2mCCWdvb2dsZS5jbIIJZ29vZ2xlLmNt
+gglnb29nbGUuY26CDGdvb2dsZS5jby5hb4IMZ29vZ2xlLmNvLmJ3ggxnb29nbGUu
+Y28uY2uCDGdvb2dsZS5jby5jcoIMZ29vZ2xlLmNvLmh1ggxnb29nbGUuY28uaWSC
+DGdvb2dsZS5jby5pbIIMZ29vZ2xlLmNvLmltggxnb29nbGUuY28uaW6CDGdvb2ds
+ZS5jby5qZYIMZ29vZ2xlLmNvLmpwggxnb29nbGUuY28ua2WCDGdvb2dsZS5jby5r
+coIMZ29vZ2xlLmNvLmxzggxnb29nbGUuY28ubWGCDGdvb2dsZS5jby5teoIMZ29v
+Z2xlLmNvLm56ggxnb29nbGUuY28udGiCDGdvb2dsZS5jby50eoIMZ29vZ2xlLmNv
+LnVnggxnb29nbGUuY28udWuCDGdvb2dsZS5jby51eoIMZ29vZ2xlLmNvLnZlggxn
+b29nbGUuY28udmmCDGdvb2dsZS5jby56YYIMZ29vZ2xlLmNvLnptggxnb29nbGUu
+Y28ueneCDWdvb2dsZS5jb20uYWaCDWdvb2dsZS5jb20uYWeCDWdvb2dsZS5jb20u
+YWmCDWdvb2dsZS5jb20uYXKCDWdvb2dsZS5jb20uYXWCDWdvb2dsZS5jb20uYmSC
+DWdvb2dsZS5jb20uYmiCDWdvb2dsZS5jb20uYm6CDWdvb2dsZS5jb20uYm+CDWdv
+b2dsZS5jb20uYnKCDWdvb2dsZS5jb20uYnmCDWdvb2dsZS5jb20uYnqCDWdvb2ds
+ZS5jb20uY26CDWdvb2dsZS5jb20uY2+CDWdvb2dsZS5jb20uY3WCDWdvb2dsZS5j
+b20uY3mCDWdvb2dsZS5jb20uZG+CDWdvb2dsZS5jb20uZWOCDWdvb2dsZS5jb20u
+ZWeCDWdvb2dsZS5jb20uZXSCDWdvb2dsZS5jb20uZmqCDWdvb2dsZS5jb20uZ2WC
+DWdvb2dsZS5jb20uZ2iCDWdvb2dsZS5jb20uZ2mCDWdvb2dsZS5jb20uZ3KCDWdv
+b2dsZS5jb20uZ3SCDWdvb2dsZS5jb20uaGuCDWdvb2dsZS5jb20uaXGCDWdvb2ds
+ZS5jb20uam2CDWdvb2dsZS5jb20uam+CDWdvb2dsZS5jb20ua2iCDWdvb2dsZS5j
+b20ua3eCDWdvb2dsZS5jb20ubGKCDWdvb2dsZS5jb20ubHmCDWdvb2dsZS5jb20u
+bXSCDWdvb2dsZS5jb20ubXiCDWdvb2dsZS5jb20ubXmCDWdvb2dsZS5jb20ubmGC
+DWdvb2dsZS5jb20ubmaCDWdvb2dsZS5jb20ubmeCDWdvb2dsZS5jb20ubmmCDWdv
+b2dsZS5jb20ubnCCDWdvb2dsZS5jb20ubnKCDWdvb2dsZS5jb20ub22CDWdvb2ds
+ZS5jb20ucGGCDWdvb2dsZS5jb20ucGWCDWdvb2dsZS5jb20ucGiCDWdvb2dsZS5j
+b20ucGuCDWdvb2dsZS5jb20ucGyCDWdvb2dsZS5jb20ucHKCDWdvb2dsZS5jb20u
+cHmCDWdvb2dsZS5jb20ucWGCDWdvb2dsZS5jb20ucnWCDWdvb2dsZS5jb20uc2GC
+DWdvb2dsZS5jb20uc2KCDWdvb2dsZS5jb20uc2eCDWdvb2dsZS5jb20uc2yCDWdv
+b2dsZS5jb20uc3aCDWdvb2dsZS5jb20udGqCDWdvb2dsZS5jb20udG6CDWdvb2ds
+ZS5jb20udHKCDWdvb2dsZS5jb20udHeCDWdvb2dsZS5jb20udWGCDWdvb2dsZS5j
+b20udXmCDWdvb2dsZS5jb20udmOCDWdvb2dsZS5jb20udmWCDWdvb2dsZS5jb20u
+dm6CCWdvb2dsZS5jdoIJZ29vZ2xlLmN6gglnb29nbGUuZGWCCWdvb2dsZS5kaoIJ
+Z29vZ2xlLmRrgglnb29nbGUuZG2CCWdvb2dsZS5keoIJZ29vZ2xlLmVlgglnb29n
+bGUuZXOCCWdvb2dsZS5maYIJZ29vZ2xlLmZtgglnb29nbGUuZnKCCWdvb2dsZS5n
+YYIJZ29vZ2xlLmdlgglnb29nbGUuZ2eCCWdvb2dsZS5nbIIJZ29vZ2xlLmdtggln
+b29nbGUuZ3CCCWdvb2dsZS5ncoIJZ29vZ2xlLmd5gglnb29nbGUuaGuCCWdvb2ds
+ZS5oboIJZ29vZ2xlLmhygglnb29nbGUuaHSCCWdvb2dsZS5odYIJZ29vZ2xlLmll
+gglnb29nbGUuaW2CC2dvb2dsZS5pbmZvgglnb29nbGUuaXGCCWdvb2dsZS5pc4IJ
+Z29vZ2xlLml0ggxnb29nbGUuaXQuYW+CCWdvb2dsZS5qZYIJZ29vZ2xlLmpvggtn
+b29nbGUuam9ic4IJZ29vZ2xlLmpwgglnb29nbGUua2eCCWdvb2dsZS5raYIJZ29v
+Z2xlLmt6gglnb29nbGUubGGCCWdvb2dsZS5saYIJZ29vZ2xlLmxrgglnb29nbGUu
+bHSCCWdvb2dsZS5sdYIJZ29vZ2xlLmx2gglnb29nbGUubWSCCWdvb2dsZS5tZYIJ
+Z29vZ2xlLm1ngglnb29nbGUubWuCCWdvb2dsZS5tbIIJZ29vZ2xlLm1ugglnb29n
+bGUubXOCCWdvb2dsZS5tdYIJZ29vZ2xlLm12gglnb29nbGUubXeCCWdvb2dsZS5u
+ZYIMZ29vZ2xlLm5lLmpwggpnb29nbGUubmV0gglnb29nbGUubmyCCWdvb2dsZS5u
+b4IJZ29vZ2xlLm5ygglnb29nbGUubnWCDWdvb2dsZS5vZmYuYWmCCWdvb2dsZS5w
+a4IJZ29vZ2xlLnBsgglnb29nbGUucG6CCWdvb2dsZS5wc4IJZ29vZ2xlLnB0ggln
+b29nbGUucm+CCWdvb2dsZS5yc4IJZ29vZ2xlLnJ1gglnb29nbGUucneCCWdvb2ds
+ZS5zY4IJZ29vZ2xlLnNlgglnb29nbGUuc2iCCWdvb2dsZS5zaYIJZ29vZ2xlLnNr
+gglnb29nbGUuc22CCWdvb2dsZS5zboIJZ29vZ2xlLnNvgglnb29nbGUuc3SCCWdv
+b2dsZS50ZIIJZ29vZ2xlLnRngglnb29nbGUudGuCCWdvb2dsZS50bIIJZ29vZ2xl
+LnRtgglnb29nbGUudG6CCWdvb2dsZS50b4IJZ29vZ2xlLnRwgglnb29nbGUudHSC
+CWdvb2dsZS51c4IJZ29vZ2xlLnV6gglnb29nbGUudmeCCWdvb2dsZS52dYIJZ29v
+Z2xlLndzMA0GCSqGSIb3DQEBBQUAA4GBAJmZ9RyqpUzrP0UcJnHXoLu/AjIEsIvZ
+Y9hq/9bLry8InfmvERYHr4hNetkOYlW0FeDZtCpWxdPUgJjmWgKAK6j0goOFavTV
+GptkL8gha4p1QUsdLkd36/cvBXeBYSle787veo46N1k4V6Uv2gaDVkre786CNsHv
+Q6MYZ5ClQ+kS
+-----END CERTIFICATE-----
+
diff --git a/test/netlib/data/text_cert_2 b/test/netlib/data/text_cert_2
new file mode 100644
index 00000000..ffe8faae
--- /dev/null
+++ b/test/netlib/data/text_cert_2
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGujCCBaKgAwIBAgIDAQlEMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
+TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
+MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTAwMTExMTkyNzM2
+WhcNMTEwMTEyMDkxNDU1WjCBtDEgMB4GA1UEDRMXMTI2ODMyLU1DeExzWTZUbjFn
+bTdvOTAxCzAJBgNVBAYTAk5aMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0
+ZWQxKTAnBgNVBAsTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMRgw
+FgYDVQQDEw93d3cuaW5vZGUuY28ubnoxHjAcBgkqhkiG9w0BCQEWD2ppbUBpbm9k
+ZS5jby5uejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6ghWlGhqg+
+V0P58R3SvLRiO9OrdekDxzmQbKwQcc05frnF5Z9vT6ga7YOuXVeXxhYCAo0nr6KI
++y/Lx+QHvP5W0nKbs+svzUQErq2ZZFwhh1e1LbVccrNwkHUzKOq0TTaVdU4k8kDQ
+zzYF9tTZb+G5Hv1BJjpwYwe8P4cAiPJPrFFOKTySzHqiYsXlx+vR1l1e3zKavhd+
+LVSoLWWXb13yKODq6vnuiHjUJXl8CfVlBhoGotXU4JR5cbuGoW/8+rkwEdX+YoCv
+VCqgdx9IkRFB6uWfN6ocUiFvhA0eknO+ewuVfRLiIaSDB8pNyUWVqu4ngFWtWO1O
+YZg0I/32BkcCAwEAAaOCAvkwggL1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQfaL2Rj6r8iRlBTgppgE7ZZ5WT
+UzAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAnBgNVHREEIDAegg93
+d3cuaW5vZGUuY28ubnqCC2lub2RlLmNvLm56MIIBQgYDVR0gBIIBOTCCATUwggEx
+BgsrBgEEAYG1NwECATCCASAwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRz
+c2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
+c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgbcGCCsGAQUFBwICMIGqMBQWDVN0YXJ0
+Q29tIEx0ZC4wAwIBARqBkUxpbWl0ZWQgTGlhYmlsaXR5LCBzZWUgc2VjdGlvbiAq
+TGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRz
+c2wuY29tL3BvbGljeS5wZGYwYQYDVR0fBFowWDAqoCigJoYkaHR0cDovL3d3dy5z
+dGFydHNzbC5jb20vY3J0MS1jcmwuY3JsMCqgKKAmhiRodHRwOi8vY3JsLnN0YXJ0
+c3NsLmNvbS9jcnQxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUH
+MAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL3NlcnZlci9j
+YTBCBggrBgEFBQcwAoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3Vi
+LmNsYXNzMS5zZXJ2ZXIuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3Rh
+cnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEAivWID0KT8q1EzWzy+BecsFry
+hQhuLFfAsPkHqpNd9OfkRStGBuJlLX+9DQ9TzjqutdY2buNBuDn71buZK+Y5fmjr
+28rAT6+WMd+KnCl5WLT5IOS6Z9s3cec5TFQbmOGlepSS9Q6Ts9KsXOHHQvDkQeDq
+OV2UqdgXIAyFm5efSL9JXPXntRausNu2s8F2B2rRJe4jPfnUy2LvY8OW1YvjUA++
+vpdWRdfUbJQp55mRfaYMPRnyUm30lAI27QaxgQPFOqDeZUm5llb5eFG/B3f87uhg
++Y1oEykbEvZrIFN4hithioQ0tb+57FKkkG2sW3uemNiQw2qrEo/GAMb1cI50Rg==
+-----END CERTIFICATE-----
+
diff --git a/test/netlib/data/text_cert_weird1 b/test/netlib/data/text_cert_weird1
new file mode 100644
index 00000000..72b09dcb
--- /dev/null
+++ b/test/netlib/data/text_cert_weird1
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFNDCCBBygAwIBAgIEDFJFNzANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC
+REUxHjAcBgNVBAoTFVVuaXZlcnNpdGFldCBNdWVuc3RlcjE6MDgGA1UEAxMxWmVy
+dGlmaXppZXJ1bmdzc3RlbGxlIFVuaXZlcnNpdGFldCBNdWVuc3RlciAtIEcwMjEh
+MB8GCSqGSIb3DQEJARYSY2FAdW5pLW11ZW5zdGVyLmRlMB4XDTA4MDUyMDEyNDQy
+NFoXDTEzMDUxOTEyNDQyNFowezELMAkGA1UEBhMCREUxHjAcBgNVBAoTFVVuaXZl
+cnNpdGFldCBNdWVuc3RlcjEuMCwGA1UECxMlWmVudHJ1bSBmdWVyIEluZm9ybWF0
+aW9uc3ZlcmFyYmVpdHVuZzEcMBoGA1UEAxMTd3d3LnVuaS1tdWVuc3Rlci5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMM0WlCj0ew+tyZ1GurBOqFn
+AlChKk4S1F9oDzvp3FwOON4H8YFET7p9ZnoWtkfXSlGNMjekqy67dFlLt1sLusSo
+tjNdaOrDLYmnGEgnYAT0RFBvErzIybJoD/Vu3NXyhes+L94R9mEMCwYXmSvG51H9
+c5CvguXBofMchDLCM/U6AYpwu3sST5orV3S1Rsa9sndj8sKJAcw195PYwl6EiEBb
+M36ltDBlTYEUAg3Z+VSzB09J3U4vSvguVkDCz+szZh5RG3xlN9mlNfzhf4lHrNgV
+0BRbKypa5Uuf81wbMcMMqTxKq+A9ysObpn9J3pNUym+Tn2oqHzGgvwZYB4tzXqUC
+AwEAAaOCAawwggGoMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMB0GA1UdDgQWBBQ3RFo8awewUTq5TpOFf3jOCEKihzAfBgNVHSME
+GDAWgBS+nlGiyZJ8u2CL5rBoZHdaUhmhADAjBgNVHREEHDAagRh3d3dhZG1pbkB1
+bmktbXVlbnN0ZXIuZGUwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NkcDEucGNh
+LmRmbi5kZS93d3UtY2EvcHViL2NybC9nX2NhY3JsLmNybDA3oDWgM4YxaHR0cDov
+L2NkcDIucGNhLmRmbi5kZS93d3UtY2EvcHViL2NybC9nX2NhY3JsLmNybDCBlgYI
+KwYBBQUHAQEEgYkwgYYwQQYIKwYBBQUHMAKGNWh0dHA6Ly9jZHAxLnBjYS5kZm4u
+ZGUvd3d1LWNhL3B1Yi9jYWNlcnQvZ19jYWNlcnQuY3J0MEEGCCsGAQUFBzAChjVo
+dHRwOi8vY2RwMi5wY2EuZGZuLmRlL3d3dS1jYS9wdWIvY2FjZXJ0L2dfY2FjZXJ0
+LmNydDANBgkqhkiG9w0BAQUFAAOCAQEAFfNpagtcKUSDKss7TcqjYn99FQ4FtWjE
+pGmzYL2zX2wsdCGoVQlGkieL9slbQVEUAnBuqM1LPzUNNe9kZpOPV3Rdhq4y8vyS
+xkx3G1v5aGxfPUe8KM8yKIOHRqYefNronHJM0fw7KyjQ73xgbIEgkW+kNXaMLcrb
+EPC36O2Zna8GP9FQxJRLgcfQCcYdRKGVn0EtRSkz2ym5Rbh/hrmJBbbC2yJGGMI0
+Vu5A9piK0EZPekZIUmhMQynD9QcMfWhTEFr7YZfx9ktxKDW4spnu7YrgICfZNcCm
+tfxmnEAFt6a47u9P0w9lpY8+Sx9MNFfTePym+HP4TYha9bIBes+XnA==
+-----END CERTIFICATE-----
+
diff --git a/test/netlib/data/verificationcerts/9da13359.0 b/test/netlib/data/verificationcerts/9da13359.0
new file mode 100644
index 00000000..b22e4d20
--- /dev/null
+++ b/test/netlib/data/verificationcerts/9da13359.0
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAPAfPQGCV/Z4MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTUxMTAxMTY0ODAxWhcNMTgwODIxMTY0ODAxWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEArp8LD34JhKCwcQbwIYQMg4+eCgLVN8fwB7+/qOfJbArPs0djFBN+F7c6
+HGvMr24BKUk5u8pn4dPtNurm/vPC8ovNGmcXz62BQJpcMX2veVdRsF7yNwhNacNJ
+Arq+70zNMwYBznx0XUxMF6j6nVFf3AW6SU04ylT4Mp3SY/BUUDAdfl1eRo0mPLNS
+8rpsN+8YBw1Q7SCuBRVqpOgVIsL88svgQUSOlzvMZPBpG/cmB3BNKNrltwb5iFEI
+1jAV7uSj5IcIuNO/246kfsDVPTFMJIzav/CUoidd5UNw+SoFDlzh8sA7L1Bm7D1/
+3KHYSKswGsSR3kynAl10w/SJKDtn8wIDAQABo1AwTjAdBgNVHQ4EFgQUgOcrtxBX
+LxbpnOT65d+vpfyWUkgwHwYDVR0jBBgwFoAUgOcrtxBXLxbpnOT65d+vpfyWUkgw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEE9bFmUCA+6cvESKPoi2
+TGSpV652d0xd2U66LpEXeiWRJFLz8YGgoJCx3QFGBscJDXxrLxrBBBV/tCpEqypo
+pYIqsawH7M66jpOr83Us3M8JC2eFBZJocMpXxdytWqHik5VKZNx6VQFT8bS7+yVC
+VoUKePhlgcg+pmo41qjqieBNKRMh/1tXS77DI1lgO5wZLVrLXcdqWuDpmaQOKJeq
+G/nxytCW/YJA7bFn/8Gjy8DYypJSeeaKu7o3P3+ONJHdIMHb+MdcheDBS9AOFSeo
+xI0D5EbO9F873O77l7nbD7B0X34HFN0nGczC4poexIpbDFG3hAPekwZ5KC6VwJLc
+1Q==
+-----END CERTIFICATE-----
diff --git a/test/netlib/data/verificationcerts/generate.py b/test/netlib/data/verificationcerts/generate.py
new file mode 100644
index 00000000..9203abbb
--- /dev/null
+++ b/test/netlib/data/verificationcerts/generate.py
@@ -0,0 +1,68 @@
+"""
+Generate SSL test certificates.
+"""
+import subprocess
+import shlex
+import os
+import shutil
+
+
+ROOT_CA = "trusted-root"
+SUBJECT = "/CN=example.mitmproxy.org/"
+
+
+def do(args):
+    print("> %s" % args)
+    args = shlex.split(args)
+    output = subprocess.check_output(args)
+    return output
+
+
+def genrsa(cert):
+    do("openssl genrsa -out {cert}.key 2048".format(cert=cert))
+
+
+def sign(cert):
+    do("openssl x509 -req -in {cert}.csr "
+       "-CA {root_ca}.crt "
+       "-CAkey {root_ca}.key "
+       "-CAcreateserial "
+       "-days 1024 "
+       "-out {cert}.crt".format(root_ca=ROOT_CA, cert=cert)
+       )
+
+
+def mkcert(cert, args):
+    genrsa(cert)
+    do("openssl req -new -nodes -batch "
+       "-key {cert}.key "
+       "{args} "
+       "-out {cert}.csr".format(cert=cert, args=args)
+       )
+    sign(cert)
+    os.remove("{cert}.csr".format(cert=cert))
+
+
+# create trusted root CA
+genrsa("trusted-root")
+do("openssl req -x509 -new -nodes -batch "
+   "-key trusted-root.key "
+   "-days 1024 "
+   "-out trusted-root.crt"
+   )
+h = do("openssl x509 -hash -noout -in trusted-root.crt").decode("ascii").strip()
+shutil.copyfile("trusted-root.crt", "{}.0".format(h))
+
+# create trusted leaf cert.
+mkcert("trusted-leaf", "-subj {}".format(SUBJECT))
+
+# create self-signed cert
+genrsa("self-signed")
+do("openssl req -x509 -new -nodes -batch "
+   "-key self-signed.key "
+   "-subj {} "
+   "-days 1024 "
+   "-out self-signed.crt".format(SUBJECT)
+   )
+
+
diff --git a/test/netlib/data/verificationcerts/self-signed.crt b/test/netlib/data/verificationcerts/self-signed.crt
new file mode 100644
index 00000000..dce2a7e0
--- /dev/null
+++ b/test/netlib/data/verificationcerts/self-signed.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAfugAwIBAgIJAJ945xt1FRsfMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
+BAMMFWV4YW1wbGUubWl0bXByb3h5Lm9yZzAeFw0xNTExMDExNjQ4MDJaFw0xODA4
+MjExNjQ4MDJaMCAxHjAcBgNVBAMMFWV4YW1wbGUubWl0bXByb3h5Lm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFxyzPfjgIghOMMnJlW80yB84xC
+nJtko3tuyOdozgTCyha2W+NdIKPNZJtWrzN4P0B5PlozCDwfcSYffLs0WZs8LRWv
+BfZX8+oX+14qQjKFsiqgO65cTLP3qlPySYPJQQ37vOP1Y5Yf8nQq2mwQdC18hLtT
+QOANG6OFoSplpBLsYF+QeoMgqCTa6hrl/5GLmQoDRTjXkv3Sj379AUDMybuBqccm
+q5EIqCrE4+xJ8JywJclAVn2YP14baiFrrYCsYYg4sS1Od6xFj+xtpLe7My3AYjB9
+/aeHd8vDiob0cqOW1TFwhqgJKuErfFyg8lZ2hJmStJKyfofWuY/gl/vnvX0CAwEA
+AaNQME4wHQYDVR0OBBYEFB8d32zK8eqZIoKw4jXzYzhw4amPMB8GA1UdIwQYMBaA
+FB8d32zK8eqZIoKw4jXzYzhw4amPMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAJmo2oKv1OEjZ0Q4yELO6BAnHAkmBKpW+zmLyQa8idxtLVkI9uXk3iqY
+GWugkmcUZCTVFRWv/QXQQSex+00IY3x2rdHbtuZwcyKiz2u8WEmfW1rOIwBaFJ1i
+v7+SA2aZs6vepN2sE56X54c/YbwQooaKZtOb+djWXYMJrc/Ezj0J7oQIJTptYV8v
+/3216yCHRp/KCL7yTLtiw25xKuXNu/gkcd8wZOY9rS2qMUD897MJF0MvgJoauRBd
+d4XEYCNKkrIRmfqrkiRQfAZpvpoutH6NCk7KuQYcI0BlOHlsnHHcs/w72EEqHwFq
+x6476tW/t8GJDZVD74+pNBcLifXxArE=
+-----END CERTIFICATE-----
diff --git a/test/netlib/data/verificationcerts/self-signed.key b/test/netlib/data/verificationcerts/self-signed.key
new file mode 100644
index 00000000..71a6ad6a
--- /dev/null
+++ b/test/netlib/data/verificationcerts/self-signed.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAsXHLM9+OAiCE4wycmVbzTIHzjEKcm2Sje27I52jOBMLKFrZb
+410go81km1avM3g/QHk+WjMIPB9xJh98uzRZmzwtFa8F9lfz6hf7XipCMoWyKqA7
+rlxMs/eqU/JJg8lBDfu84/Vjlh/ydCrabBB0LXyEu1NA4A0bo4WhKmWkEuxgX5B6
+gyCoJNrqGuX/kYuZCgNFONeS/dKPfv0BQMzJu4GpxyarkQioKsTj7EnwnLAlyUBW
+fZg/XhtqIWutgKxhiDixLU53rEWP7G2kt7szLcBiMH39p4d3y8OKhvRyo5bVMXCG
+qAkq4St8XKDyVnaEmZK0krJ+h9a5j+CX++e9fQIDAQABAoIBAQCT+FvGbych2PJX
+0D2KlXqgE0IAdc/YuYymstSwPLKIP9N8KyfnKtK8Jdw+uYOyfRTp8/EuEJ5OXL3j
+V6CRD++lRwIlseVb7y5EySjh9oVrUhgn+aSrGucPsHkGNeZeEmbAfWugARLBrvRl
+MRMhyHrJL6wT9jIEZInmy9mA3G99IuFW3rS8UR1Yu7zyvhtjvop1xg/wfEUu24Ty
+PvMfnwaDcZHCz2tmu2KJvaxSBAG3FKmAqeMvk1Gt5m2keKgw03M+EX0LrM8ybWqn
+VwB8tnSyMBLVFLIXMpIiSfpji10+p9fdKFMRF++D6qVwyoxPiIq+yEJapxXiqLea
+mkhtJW91AoGBAOvIb7bZvH4wYvi6txs2pygF3ZMjqg/fycnplrmYMrjeeDeeN4v1
+h/5tkN9TeTkHRaN3L7v49NEUDhDyuopLTNfWpYdv63U/BVzvgMm/guacTYkx9whB
+OvQ2YekR/WKg7kuyrTZidTDz+mjU+1b8JaWGjiDc6vFwxZA7uWicaGGHAoGBAMCo
+y/2AwFGwCR+5bET1nTTyxok6iKo4k6R/7DJe4Bq8VLifoyX3zDlGG/33KN3xVqBU
+xnT9gkii1lfX2U+4iM+GOSPl0nG0hOEqEH+vFHszpHybDeNez3FEyIbgOzg6u7sV
+NOy+P94L5EMQVEmWp5g6Vm3k9kr92Bd9UacKQPnbAoGAMN8KyMu41i8RVJze9zUM
+0K7mjmkGBuRL3x4br7xsRwVVxbF1sfzig0oSjTewGLH5LTi3HC8uD2gowjqNj7yr
+4NEM3lXEaDj305uRBkA70bD0IUvJ+FwM7DGZecXQz3Cr8+TFIlCmGc94R+Jddlot
+M3IAY69mw0SsroiylYxV1mECgYAcSGtx8rXJCDO+sYTgdsI2ZLGasbogax/ZlWIC
+XwU9R4qUc/MKft8/RTiUxvT76BMUhH2B7Tl0GlunF6vyVR/Yf1biGzoSsTKUr40u
+gXBbSdCK7mRSjbecZEGf80keTxkCNPHJE4DiwxImej41c2V1JpNLnMI/bhaMFDyp
+bgrt4wKBgHFzZgAgM1v07F038tAkIBGrYLukY1ZFBaZoGZ9xHfy/EmLJM3HCHLO5
+8wszMGhMTe2+39EeChwgj0kFaq1YnDiucU74BC57KR1tD59y7l6UnsQXTm4/32j8
+Or6i8GekBibCb97DzzOU0ZK//fNhHTXpDDXsYt5lJUWSmgW+S9Qp
+-----END RSA PRIVATE KEY-----
diff --git a/test/netlib/data/verificationcerts/trusted-leaf.crt b/test/netlib/data/verificationcerts/trusted-leaf.crt
new file mode 100644
index 00000000..6a92de92
--- /dev/null
+++ b/test/netlib/data/verificationcerts/trusted-leaf.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAckCCQCj6D9oVylb8jANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE1MTEwMTE2NDgwMloXDTE4MDgyMTE2NDgwMlowIDEeMBwG
+A1UEAwwVZXhhbXBsZS5taXRtcHJveHkub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAy/L5JYHS7QFhSIsjmd6bJTgs2rdqEn6tsmPBVZKZ7SqCAVjW
+hPpEu7Q23akmU6Zm9Fp/vENc3jzxQLlEKhrv7eWmFYSOrCYtbJOz3RQorlwjjfdY
+LlNQh1wYUXQX3PN3r3dyYtt5vTtXKc8+aP4M4vX7qlbW+4j4LrQfmPjS0XOdYpu3
+wh+i1ZMIhZye3hpCjwnpjTf7/ff45ZFxtkoi1uzEC/+swr1RSvamY8Foe12Re17Z
+5ij8ZB0NIdoSk1tDkY3sJ8iNi35+qartl0UYeG9IUXRwDRrPsEKpF4RxY1+X2bdZ
+r6PKb/E4CA5JlMvS5SVmrvxjCVqTQBmTjXfxqwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQBmpSZJrTDvzSlo6P7P7x1LoETzHyVjwgPeqGYw6ndGXeJMN9rhhsFvRsiB
+I/aHh58MIlSjti7paikDAoFHB3dBvFHR+JUa/ailWEbcZReWRSE3lV6wFiN3G3lU
+OyofR7MKnPW7bv8hSqOLqP1mbupXuQFB5M6vPLRwg5VgiCHI/XBiTvzMamzvNAR3
+UHHZtsJkRqzogYm6K9YJaga7jteSx2nNo+ujLwrxeXsLChTyFMJGnVkp5IyKeNfc
+qwlzNncb3y+4KnUdNkPEtuydgAxAfuyXufiFBYRcUWbQ5/9ycgF7131ySaj9f/Y2
+kMsv2jg+soKvwwVYCABsk1KSHtfz
+-----END CERTIFICATE-----
diff --git a/test/netlib/data/verificationcerts/trusted-leaf.key b/test/netlib/data/verificationcerts/trusted-leaf.key
new file mode 100644
index 00000000..783ebf1c
--- /dev/null
+++ b/test/netlib/data/verificationcerts/trusted-leaf.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAy/L5JYHS7QFhSIsjmd6bJTgs2rdqEn6tsmPBVZKZ7SqCAVjW
+hPpEu7Q23akmU6Zm9Fp/vENc3jzxQLlEKhrv7eWmFYSOrCYtbJOz3RQorlwjjfdY
+LlNQh1wYUXQX3PN3r3dyYtt5vTtXKc8+aP4M4vX7qlbW+4j4LrQfmPjS0XOdYpu3
+wh+i1ZMIhZye3hpCjwnpjTf7/ff45ZFxtkoi1uzEC/+swr1RSvamY8Foe12Re17Z
+5ij8ZB0NIdoSk1tDkY3sJ8iNi35+qartl0UYeG9IUXRwDRrPsEKpF4RxY1+X2bdZ
+r6PKb/E4CA5JlMvS5SVmrvxjCVqTQBmTjXfxqwIDAQABAoIBAQC956DWq+wbhA1x
+3x1nSUBth8E8Z0z9q7dRRFHhvIBXth0X5ADcEa2umj/8ZmSpv2heX2ZRhugSh+yc
+t+YgzrRacFwV7ThsU6A4WdBBK2Q19tWke4xAlpOFdtut/Mu7kXkAidiY9ISHD5o5
+9B/I48ZcD3AnTHUiAogV9OL3LbogDD4HasLt4mWkbq8U2thdjxMIvxdg36olJEuo
+iAZrAUCPZEXuU89BtvPLUYioe9n90nzkyneGNS0SHxotlEc9ZYK9VTsivtXJb4wB
+ptDMCp+TH3tjo8BTGnbnoZEybgyyOEd0UTzxK4DlxnvRVWexFY6NXwPFhIxKlB0Y
+Bg8NkAkBAoGBAOiRnmbC5QkqrKrTkLx3fghIHPqgEXPPYgHLSuY3UjTlMb3APXpq
+vzQnlCn3QuSse/1fWnQj+9vLVbx1XNgKjzk7dQhn5IUY+mGN4lLmoSnTebxvSQ43
+VAgTYjST9JFmJ3wK4KkWDsEsVao8LAx0h5JEQXUTT5xZpFA2MLztYbgfAoGBAOB/
+MvhLMAwlx8+m/zXMEPLk/KOd2dVZ4q5se8bAT/GiGsi8JUcPnCk140ZZabJqryAp
+JFzUHIjfVsS9ejAfocDk1JeIm7Uus4um6fQEKIPMBxI/M/UAwYCXAG9ULXqilbO3
+pTdeeuraVKrTu1Z4ea6x4du1JWKcyDfYfsHepcT1AoGBAM2fskV5G7e3G2MOG3IG
+1E/OMpEE5WlXenfLnjVdxDkwS4JRbgnGR7d9JurTyzkTp6ylmfwFtLDoXq15ttTs
+wSUBBMCh2tIy+201XV2eu++XIpMQca84C/v352RFTH8hqtdpZqkY74KsCDGzcd6x
+SQxxfM5efIzoVPb2crEX0MZRAoGAQ2EqFSfL9flo7UQ8GRN0itJ7mUgJV2WxCZT5
+2X9i/y0eSN1feuKOhjfsTPMNLEWk5kwy48GuBs6xpj8Qa10zGUgVHp4bzdeEgAfK
+9DhDSLt1694YZBKkAUpRERj8xXAC6nvWFLZAwjhhbRw7gAqMywgMt/q4i85usYRD
+F0ESE/kCgYBbc083PcLmlHbkn/d1i4IcLI6wFk+tZYIEVYDid7xDOgZOBcOTTyYB
+BrDzNqbKNexKRt7QHVlwR+VOGMdN5P0hf7oH3SMW23OxBKoQe8pUSGF9a4DjCS1v
+vCXMekifb9kIhhUWaG71L8+MaOzNBVAmk1+3NzPZgV/YxHjAWWhGHQ==
+-----END RSA PRIVATE KEY-----
diff --git a/test/netlib/data/verificationcerts/trusted-root.crt b/test/netlib/data/verificationcerts/trusted-root.crt
new file mode 100644
index 00000000..b22e4d20
--- /dev/null
+++ b/test/netlib/data/verificationcerts/trusted-root.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAPAfPQGCV/Z4MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTUxMTAxMTY0ODAxWhcNMTgwODIxMTY0ODAxWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEArp8LD34JhKCwcQbwIYQMg4+eCgLVN8fwB7+/qOfJbArPs0djFBN+F7c6
+HGvMr24BKUk5u8pn4dPtNurm/vPC8ovNGmcXz62BQJpcMX2veVdRsF7yNwhNacNJ
+Arq+70zNMwYBznx0XUxMF6j6nVFf3AW6SU04ylT4Mp3SY/BUUDAdfl1eRo0mPLNS
+8rpsN+8YBw1Q7SCuBRVqpOgVIsL88svgQUSOlzvMZPBpG/cmB3BNKNrltwb5iFEI
+1jAV7uSj5IcIuNO/246kfsDVPTFMJIzav/CUoidd5UNw+SoFDlzh8sA7L1Bm7D1/
+3KHYSKswGsSR3kynAl10w/SJKDtn8wIDAQABo1AwTjAdBgNVHQ4EFgQUgOcrtxBX
+LxbpnOT65d+vpfyWUkgwHwYDVR0jBBgwFoAUgOcrtxBXLxbpnOT65d+vpfyWUkgw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEE9bFmUCA+6cvESKPoi2
+TGSpV652d0xd2U66LpEXeiWRJFLz8YGgoJCx3QFGBscJDXxrLxrBBBV/tCpEqypo
+pYIqsawH7M66jpOr83Us3M8JC2eFBZJocMpXxdytWqHik5VKZNx6VQFT8bS7+yVC
+VoUKePhlgcg+pmo41qjqieBNKRMh/1tXS77DI1lgO5wZLVrLXcdqWuDpmaQOKJeq
+G/nxytCW/YJA7bFn/8Gjy8DYypJSeeaKu7o3P3+ONJHdIMHb+MdcheDBS9AOFSeo
+xI0D5EbO9F873O77l7nbD7B0X34HFN0nGczC4poexIpbDFG3hAPekwZ5KC6VwJLc
+1Q==
+-----END CERTIFICATE-----
diff --git a/test/netlib/data/verificationcerts/trusted-root.key b/test/netlib/data/verificationcerts/trusted-root.key
new file mode 100644
index 00000000..05483f77
--- /dev/null
+++ b/test/netlib/data/verificationcerts/trusted-root.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEArp8LD34JhKCwcQbwIYQMg4+eCgLVN8fwB7+/qOfJbArPs0dj
+FBN+F7c6HGvMr24BKUk5u8pn4dPtNurm/vPC8ovNGmcXz62BQJpcMX2veVdRsF7y
+NwhNacNJArq+70zNMwYBznx0XUxMF6j6nVFf3AW6SU04ylT4Mp3SY/BUUDAdfl1e
+Ro0mPLNS8rpsN+8YBw1Q7SCuBRVqpOgVIsL88svgQUSOlzvMZPBpG/cmB3BNKNrl
+twb5iFEI1jAV7uSj5IcIuNO/246kfsDVPTFMJIzav/CUoidd5UNw+SoFDlzh8sA7
+L1Bm7D1/3KHYSKswGsSR3kynAl10w/SJKDtn8wIDAQABAoIBAFgMzjDzpqz/sbhs
+fS0JPp4gDtqRbx3/bSMbJvNuXPxjvzNxLZ5z7cLbmyu1l7Jlz6QXzkrI1vTiPdzR
+OcUY+RYANF252iHYJTKEIzS5YX/X7dL3LT9eqlpIJEqCC8Dygw3VW5fY3Xwl+sB7
+blNhMuro4HQRwi8UBUrQlcPa7Ui5BBi323Q6en+VjYctkqpJHzNKPSqPTbsdLaK+
+B0XuXxFatM09rmeRKZCL71Lk1T8N/l0hqEzej7zxgVD7vG/x1kMFN4T3yCmXCbPa
+izGHYr1EBHglm4qMNWveXCZiVJ+wmwCjdjqvggyHiZFXE2N0OCrWPhxQPdqFf5y7
+bUO9U2ECgYEA6GM1UzRnbVpjb20ezFy7dU7rlWM0nHBfG27M3bcXh4HnPpnvKp0/
+8a1WFi4kkRywrNXx8hFEd43vTbdObLpVXScXRKiY3MHmFk4k4hbWuTpmumCubQZO
+AWlX6TE0HRKn1wQahgpQcxcWaDN2xJJmRQ1zVmlnNkT48/4kFgRxyykCgYEAwF08
+ngrF35oYoU/x+KKq2NXGeNUzoZMj568dE1oWW0ZFpqCi+DGT+hAbG3yUOBSaPqy9
+zn1obGo0YRlrayvtebz118kG7a/rzY02VcAPlT/GpEhvkZlXTwEK17zRJc1nJrfP
+39QAZWZsaOru9NRIg/8HcdG3JPR2MhRD/De9GbsCgYAaiZnBUq6s8jGAu/lUZRKT
+JtwIRzfu1XZG77Q9bXcmZlM99t41A5gVxTGbftF2MMyMMDJc7lPfQzocqd4u1GiD
+Jr+le4tZSls4GNxlZS5IIL8ycW/5y0qFJr5/RrsoxsSb7UAKJothWTWZ2Karc/xx
+zkNpjsfWjrHPSypbyU4lYQKBgFh1R5/BgnatjO/5LGNSok/uFkOQfxqo6BTtYOh6
+P9efO/5A1lBdtBeE+oIsSphzWO7DTtE6uB9Kw2V3Y/83hw+5RjABoG8Cu+OdMURD
+eqb+WeFH8g45Pn31E8Bbcq34g5u5YR0jhz8Z13ZzuojZabNRPmIntxmGVSf4S78a
+/plrAoGBANMHNng2lyr03nqnHrOM6NXD+60af0YR/YJ+2d/H40RnXxGJ4DXn7F00
+a4vJFPa97uq+xpd0HE+TE+NIrOdVDXPePD2qzBzMTsctGtj30vLzojMOT+Yf/nvO
+WxTL5Q8GruJz2Dn0awSZO2z/3A8S1rmpuVZ/jT5NtRrvOSY6hmxF
+-----END RSA PRIVATE KEY-----
diff --git a/test/netlib/data/verificationcerts/trusted-root.srl b/test/netlib/data/verificationcerts/trusted-root.srl
new file mode 100644
index 00000000..4ad962ba
--- /dev/null
+++ b/test/netlib/data/verificationcerts/trusted-root.srl
@@ -0,0 +1 @@
+A3E83F6857295BF2
diff --git a/test/netlib/http/__init__.py b/test/netlib/http/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/netlib/http/__init__.py
diff --git a/test/netlib/http/http1/__init__.py b/test/netlib/http/http1/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/netlib/http/http1/__init__.py
diff --git a/test/netlib/http/http1/test_assemble.py b/test/netlib/http/http1/test_assemble.py
new file mode 100644
index 00000000..31a62438
--- /dev/null
+++ b/test/netlib/http/http1/test_assemble.py
@@ -0,0 +1,102 @@
+from __future__ import absolute_import, print_function, division
+from netlib.exceptions import HttpException
+from netlib.http import CONTENT_MISSING, Headers
+from netlib.http.http1.assemble import (
+    assemble_request, assemble_request_head, assemble_response,
+    assemble_response_head, _assemble_request_line, _assemble_request_headers,
+    _assemble_response_headers,
+    assemble_body)
+from netlib.tutils import treq, raises, tresp
+
+
+def test_assemble_request():
+    c = assemble_request(treq()) == (
+        b"GET /path HTTP/1.1\r\n"
+        b"header: qvalue\r\n"
+        b"Host: address:22\r\n"
+        b"Content-Length: 7\r\n"
+        b"\r\n"
+        b"content"
+    )
+
+    with raises(HttpException):
+        assemble_request(treq(content=CONTENT_MISSING))
+
+
+def test_assemble_request_head():
+    c = assemble_request_head(treq(content="foo"))
+    assert b"GET" in c
+    assert b"qvalue" in c
+    assert b"content-length" in c
+    assert b"foo" not in c
+
+
+def test_assemble_response():
+    c = assemble_response(tresp()) == (
+        b"HTTP/1.1 200 OK\r\n"
+        b"header-response: svalue\r\n"
+        b"Content-Length: 7\r\n"
+        b"\r\n"
+        b"message"
+    )
+
+    with raises(HttpException):
+        assemble_response(tresp(content=CONTENT_MISSING))
+
+
+def test_assemble_response_head():
+    c = assemble_response_head(tresp())
+    assert b"200" in c
+    assert b"svalue" in c
+    assert b"message" not in c
+
+
+def test_assemble_body():
+    c = list(assemble_body(Headers(), [b"body"]))
+    assert c == [b"body"]
+
+    c = list(assemble_body(Headers(transfer_encoding="chunked"), [b"123456789a", b""]))
+    assert c == [b"a\r\n123456789a\r\n", b"0\r\n\r\n"]
+
+    c = list(assemble_body(Headers(transfer_encoding="chunked"), [b"123456789a"]))
+    assert c == [b"a\r\n123456789a\r\n", b"0\r\n\r\n"]
+
+
+def test_assemble_request_line():
+    assert _assemble_request_line(treq().data) == b"GET /path HTTP/1.1"
+
+    authority_request = treq(method=b"CONNECT", first_line_format="authority").data
+    assert _assemble_request_line(authority_request) == b"CONNECT address:22 HTTP/1.1"
+
+    absolute_request = treq(first_line_format="absolute").data
+    assert _assemble_request_line(absolute_request) == b"GET http://address:22/path HTTP/1.1"
+
+    with raises(RuntimeError):
+        _assemble_request_line(treq(first_line_format="invalid_form").data)
+
+
+def test_assemble_request_headers():
+    # https://github.com/mitmproxy/mitmproxy/issues/186
+    r = treq(content=b"")
+    r.headers["Transfer-Encoding"] = "chunked"
+    c = _assemble_request_headers(r.data)
+    assert b"Transfer-Encoding" in c
+
+
+def test_assemble_request_headers_host_header():
+    r = treq()
+    r.headers = Headers()
+    c = _assemble_request_headers(r.data)
+    assert b"host" in c
+
+    r.host = None
+    c = _assemble_request_headers(r.data)
+    assert b"host" not in c
+
+
+def test_assemble_response_headers():
+    # https://github.com/mitmproxy/mitmproxy/issues/186
+    r = tresp(content=b"")
+    r.headers["Transfer-Encoding"] = "chunked"
+    c = _assemble_response_headers(r)
+    assert b"Transfer-Encoding" in c
diff --git a/test/netlib/http/http1/test_read.py b/test/netlib/http/http1/test_read.py
new file mode 100644
index 00000000..90234070
--- /dev/null
+++ b/test/netlib/http/http1/test_read.py
@@ -0,0 +1,333 @@
+from __future__ import absolute_import, print_function, division
+from io import BytesIO
+import textwrap
+from mock import Mock
+from netlib.exceptions import HttpException, HttpSyntaxException, HttpReadDisconnect, TcpDisconnect
+from netlib.http import Headers
+from netlib.http.http1.read import (
+    read_request, read_response, read_request_head,
+    read_response_head, read_body, connection_close, expected_http_body_size, _get_first_line,
+    _read_request_line, _parse_authority_form, _read_response_line, _check_http_version,
+    _read_headers, _read_chunked
+)
+from netlib.tutils import treq, tresp, raises
+
+
+def test_read_request():
+    rfile = BytesIO(b"GET / HTTP/1.1\r\n\r\nskip")
+    r = read_request(rfile)
+    assert r.method == "GET"
+    assert r.content == b""
+    assert r.timestamp_end
+    assert rfile.read() == b"skip"
+
+
+def test_read_request_head():
+    rfile = BytesIO(
+        b"GET / HTTP/1.1\r\n"
+        b"Content-Length: 4\r\n"
+        b"\r\n"
+        b"skip"
+    )
+    rfile.reset_timestamps = Mock()
+    rfile.first_byte_timestamp = 42
+    r = read_request_head(rfile)
+    assert r.method == "GET"
+    assert r.headers["Content-Length"] == "4"
+    assert r.content is None
+    assert rfile.reset_timestamps.called
+    assert r.timestamp_start == 42
+    assert rfile.read() == b"skip"
+
+
+def test_read_response():
+    req = treq()
+    rfile = BytesIO(b"HTTP/1.1 418 I'm a teapot\r\n\r\nbody")
+    r = read_response(rfile, req)
+    assert r.status_code == 418
+    assert r.content == b"body"
+    assert r.timestamp_end
+
+
+def test_read_response_head():
+    rfile = BytesIO(
+        b"HTTP/1.1 418 I'm a teapot\r\n"
+        b"Content-Length: 4\r\n"
+        b"\r\n"
+        b"skip"
+    )
+    rfile.reset_timestamps = Mock()
+    rfile.first_byte_timestamp = 42
+    r = read_response_head(rfile)
+    assert r.status_code == 418
+    assert r.headers["Content-Length"] == "4"
+    assert r.content is None
+    assert rfile.reset_timestamps.called
+    assert r.timestamp_start == 42
+    assert rfile.read() == b"skip"
+
+
+class TestReadBody(object):
+    def test_chunked(self):
+        rfile = BytesIO(b"3\r\nfoo\r\n0\r\n\r\nbar")
+        body = b"".join(read_body(rfile, None))
+        assert body == b"foo"
+        assert rfile.read() == b"bar"
+
+    def test_known_size(self):
+        rfile = BytesIO(b"foobar")
+        body = b"".join(read_body(rfile, 3))
+        assert body == b"foo"
+        assert rfile.read() == b"bar"
+
+    def test_known_size_limit(self):
+        rfile = BytesIO(b"foobar")
+        with raises(HttpException):
+            b"".join(read_body(rfile, 3, 2))
+
+    def test_known_size_too_short(self):
+        rfile = BytesIO(b"foo")
+        with raises(HttpException):
+            b"".join(read_body(rfile, 6))
+
+    def test_unknown_size(self):
+        rfile = BytesIO(b"foobar")
+        body = b"".join(read_body(rfile, -1))
+        assert body == b"foobar"
+
+    def test_unknown_size_limit(self):
+        rfile = BytesIO(b"foobar")
+        with raises(HttpException):
+            b"".join(read_body(rfile, -1, 3))
+
+    def test_max_chunk_size(self):
+        rfile = BytesIO(b"123456")
+        assert list(read_body(rfile, -1, max_chunk_size=None)) == [b"123456"]
+        rfile = BytesIO(b"123456")
+        assert list(read_body(rfile, -1, max_chunk_size=1)) == [b"1", b"2", b"3", b"4", b"5", b"6"]
+
+def test_connection_close():
+    headers = Headers()
+    assert connection_close(b"HTTP/1.0", headers)
+    assert not connection_close(b"HTTP/1.1", headers)
+
+    headers["connection"] = "keep-alive"
+    assert not connection_close(b"HTTP/1.1", headers)
+
+    headers["connection"] = "close"
+    assert connection_close(b"HTTP/1.1", headers)
+
+    headers["connection"] = "foobar"
+    assert connection_close(b"HTTP/1.0", headers)
+    assert not connection_close(b"HTTP/1.1", headers)
+
+def test_expected_http_body_size():
+    # Expect: 100-continue
+    assert expected_http_body_size(
+        treq(headers=Headers(expect="100-continue", content_length="42"))
+    ) == 0
+
+    # http://tools.ietf.org/html/rfc7230#section-3.3
+    assert expected_http_body_size(
+        treq(method=b"HEAD"),
+        tresp(headers=Headers(content_length="42"))
+    ) == 0
+    assert expected_http_body_size(
+        treq(method=b"CONNECT"),
+        tresp()
+    ) == 0
+    for code in (100, 204, 304):
+        assert expected_http_body_size(
+            treq(),
+            tresp(status_code=code)
+        ) == 0
+
+    # chunked
+    assert expected_http_body_size(
+        treq(headers=Headers(transfer_encoding="chunked")),
+    ) is None
+
+    # explicit length
+    for val in (b"foo", b"-7"):
+        with raises(HttpSyntaxException):
+            expected_http_body_size(
+                treq(headers=Headers(content_length=val))
+            )
+    assert expected_http_body_size(
+        treq(headers=Headers(content_length="42"))
+    ) == 42
+
+    # no length
+    assert expected_http_body_size(
+        treq(headers=Headers())
+    ) == 0
+    assert expected_http_body_size(
+        treq(headers=Headers()), tresp(headers=Headers())
+    ) == -1
+
+
+def test_get_first_line():
+    rfile = BytesIO(b"foo\r\nbar")
+    assert _get_first_line(rfile) == b"foo"
+
+    rfile = BytesIO(b"\r\nfoo\r\nbar")
+    assert _get_first_line(rfile) == b"foo"
+
+    with raises(HttpReadDisconnect):
+        rfile = BytesIO(b"")
+        _get_first_line(rfile)
+
+    with raises(HttpReadDisconnect):
+        rfile = Mock()
+        rfile.readline.side_effect = TcpDisconnect
+        _get_first_line(rfile)
+
+
+def test_read_request_line():
+    def t(b):
+        return _read_request_line(BytesIO(b))
+
+    assert (t(b"GET / HTTP/1.1") ==
+            ("relative", b"GET", None, None, None, b"/", b"HTTP/1.1"))
+    assert (t(b"OPTIONS * HTTP/1.1") ==
+            ("relative", b"OPTIONS", None, None, None, b"*", b"HTTP/1.1"))
+    assert (t(b"CONNECT foo:42 HTTP/1.1") ==
+            ("authority", b"CONNECT", None, b"foo", 42, None, b"HTTP/1.1"))
+    assert (t(b"GET http://foo:42/bar HTTP/1.1") ==
+            ("absolute", b"GET", b"http", b"foo", 42, b"/bar", b"HTTP/1.1"))
+
+    with raises(HttpSyntaxException):
+        t(b"GET / WTF/1.1")
+    with raises(HttpSyntaxException):
+        t(b"this is not http")
+    with raises(HttpReadDisconnect):
+        t(b"")
+
+def test_parse_authority_form():
+    assert _parse_authority_form(b"foo:42") == (b"foo", 42)
+    with raises(HttpSyntaxException):
+        _parse_authority_form(b"foo")
+    with raises(HttpSyntaxException):
+        _parse_authority_form(b"foo:bar")
+    with raises(HttpSyntaxException):
+        _parse_authority_form(b"foo:99999999")
+    with raises(HttpSyntaxException):
+        _parse_authority_form(b"f\x00oo:80")
+
+
+def test_read_response_line():
+    def t(b):
+        return _read_response_line(BytesIO(b))
+
+    assert t(b"HTTP/1.1 200 OK") == (b"HTTP/1.1", 200, b"OK")
+    assert t(b"HTTP/1.1 200") == (b"HTTP/1.1", 200, b"")
+
+    # https://github.com/mitmproxy/mitmproxy/issues/784
+    assert t(b"HTTP/1.1 200 Non-Autoris\xc3\xa9") == (b"HTTP/1.1", 200, b"Non-Autoris\xc3\xa9")
+
+    with raises(HttpSyntaxException):
+        assert t(b"HTTP/1.1")
+
+    with raises(HttpSyntaxException):
+        t(b"HTTP/1.1 OK OK")
+    with raises(HttpSyntaxException):
+        t(b"WTF/1.1 200 OK")
+    with raises(HttpReadDisconnect):
+        t(b"")
+
+
+def test_check_http_version():
+    _check_http_version(b"HTTP/0.9")
+    _check_http_version(b"HTTP/1.0")
+    _check_http_version(b"HTTP/1.1")
+    _check_http_version(b"HTTP/2.0")
+    with raises(HttpSyntaxException):
+        _check_http_version(b"WTF/1.0")
+    with raises(HttpSyntaxException):
+        _check_http_version(b"HTTP/1.10")
+    with raises(HttpSyntaxException):
+        _check_http_version(b"HTTP/1.b")
+
+
+class TestReadHeaders(object):
+    @staticmethod
+    def _read(data):
+        return _read_headers(BytesIO(data))
+
+    def test_read_simple(self):
+        data = (
+            b"Header: one\r\n"
+            b"Header2: two\r\n"
+            b"\r\n"
+        )
+        headers = self._read(data)
+        assert headers.fields == [[b"Header", b"one"], [b"Header2", b"two"]]
+
+    def test_read_multi(self):
+        data = (
+            b"Header: one\r\n"
+            b"Header: two\r\n"
+            b"\r\n"
+        )
+        headers = self._read(data)
+        assert headers.fields == [[b"Header", b"one"], [b"Header", b"two"]]
+
+    def test_read_continued(self):
+        data = (
+            b"Header: one\r\n"
+            b"\ttwo\r\n"
+            b"Header2: three\r\n"
+            b"\r\n"
+        )
+        headers = self._read(data)
+        assert headers.fields == [[b"Header", b"one\r\n two"], [b"Header2", b"three"]]
+
+    def test_read_continued_err(self):
+        data = b"\tfoo: bar\r\n"
+        with raises(HttpSyntaxException):
+            self._read(data)
+
+    def test_read_err(self):
+        data = b"foo"
+        with raises(HttpSyntaxException):
+            self._read(data)
+
+    def test_read_empty_name(self):
+        data = b":foo"
+        with raises(HttpSyntaxException):
+            self._read(data)
+
+    def test_read_empty_value(self):
+        data = b"bar:"
+        headers = self._read(data)
+        assert headers.fields == [[b"bar", b""]]
+
+def test_read_chunked():
+    req = treq(content=None)
+    req.headers["Transfer-Encoding"] = "chunked"
+
+    data = b"1\r\na\r\n0\r\n"
+    with raises(HttpSyntaxException):
+        b"".join(_read_chunked(BytesIO(data)))
+
+    data = b"1\r\na\r\n0\r\n\r\n"
+    assert b"".join(_read_chunked(BytesIO(data))) == b"a"
+
+    data = b"\r\n\r\n1\r\na\r\n1\r\nb\r\n0\r\n\r\n"
+    assert b"".join(_read_chunked(BytesIO(data))) == b"ab"
+
+    data = b"\r\n"
+    with raises("closed prematurely"):
+        b"".join(_read_chunked(BytesIO(data)))
+
+    data = b"1\r\nfoo"
+    with raises("malformed chunked body"):
+        b"".join(_read_chunked(BytesIO(data)))
+
+    data = b"foo\r\nfoo"
+    with raises(HttpSyntaxException):
+        b"".join(_read_chunked(BytesIO(data)))
+
+    data = b"5\r\naaaaa\r\n0\r\n\r\n"
+    with raises("too large"):
+        b"".join(_read_chunked(BytesIO(data), limit=2))
diff --git a/test/netlib/http/http2/__init__.py b/test/netlib/http/http2/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/netlib/http/http2/__init__.py
diff --git a/test/netlib/http/http2/test_connections.py b/test/netlib/http/http2/test_connections.py
new file mode 100644
index 00000000..8be127e4
--- /dev/null
+++ b/test/netlib/http/http2/test_connections.py
@@ -0,0 +1,540 @@
+import OpenSSL
+import mock
+import codecs
+
+from hyperframe.frame import *
+
+from netlib import tcp, http, utils, tservers
+from netlib.tutils import raises
+from netlib.exceptions import TcpDisconnect
+from netlib.http.http2.connections import HTTP2Protocol, TCPHandler
+
+
+class TestTCPHandlerWrapper:
+    def test_wrapped(self):
+        h = TCPHandler(rfile='foo', wfile='bar')
+        p = HTTP2Protocol(h)
+        assert p.tcp_handler.rfile == 'foo'
+        assert p.tcp_handler.wfile == 'bar'
+
+    def test_direct(self):
+        p = HTTP2Protocol(rfile='foo', wfile='bar')
+        assert isinstance(p.tcp_handler, TCPHandler)
+        assert p.tcp_handler.rfile == 'foo'
+        assert p.tcp_handler.wfile == 'bar'
+
+
+class EchoHandler(tcp.BaseHandler):
+    sni = None
+
+    def handle(self):
+        while True:
+            v = self.rfile.safe_read(1)
+            self.wfile.write(v)
+            self.wfile.flush()
+
+
+class TestProtocol:
+    @mock.patch("netlib.http.http2.connections.HTTP2Protocol.perform_server_connection_preface")
+    @mock.patch("netlib.http.http2.connections.HTTP2Protocol.perform_client_connection_preface")
+    def test_perform_connection_preface(self, mock_client_method, mock_server_method):
+        protocol = HTTP2Protocol(is_server=False)
+        protocol.connection_preface_performed = True
+
+        protocol.perform_connection_preface()
+        assert not mock_client_method.called
+        assert not mock_server_method.called
+
+        protocol.perform_connection_preface(force=True)
+        assert mock_client_method.called
+        assert not mock_server_method.called
+
+    @mock.patch("netlib.http.http2.connections.HTTP2Protocol.perform_server_connection_preface")
+    @mock.patch("netlib.http.http2.connections.HTTP2Protocol.perform_client_connection_preface")
+    def test_perform_connection_preface_server(self, mock_client_method, mock_server_method):
+        protocol = HTTP2Protocol(is_server=True)
+        protocol.connection_preface_performed = True
+
+        protocol.perform_connection_preface()
+        assert not mock_client_method.called
+        assert not mock_server_method.called
+
+        protocol.perform_connection_preface(force=True)
+        assert not mock_client_method.called
+        assert mock_server_method.called
+
+
+class TestCheckALPNMatch(tservers.ServerTestBase):
+    handler = EchoHandler
+    ssl = dict(
+        alpn_select=b'h2',
+    )
+
+    if tcp.HAS_ALPN:
+
+        def test_check_alpn(self):
+            c = tcp.TCPClient(("127.0.0.1", self.port))
+            c.connect()
+            c.convert_to_ssl(alpn_protos=[b'h2'])
+            protocol = HTTP2Protocol(c)
+            assert protocol.check_alpn()
+
+
+class TestCheckALPNMismatch(tservers.ServerTestBase):
+    handler = EchoHandler
+    ssl = dict(
+        alpn_select=None,
+    )
+
+    if tcp.HAS_ALPN:
+
+        def test_check_alpn(self):
+            c = tcp.TCPClient(("127.0.0.1", self.port))
+            c.connect()
+            c.convert_to_ssl(alpn_protos=[b'h2'])
+            protocol = HTTP2Protocol(c)
+            with raises(NotImplementedError):
+                protocol.check_alpn()
+
+
+class TestPerformServerConnectionPreface(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+
+        def handle(self):
+            # send magic
+            self.wfile.write(codecs.decode('505249202a20485454502f322e300d0a0d0a534d0d0a0d0a', 'hex_codec'))
+            self.wfile.flush()
+
+            # send empty settings frame
+            self.wfile.write(codecs.decode('000000040000000000', 'hex_codec'))
+            self.wfile.flush()
+
+            # check empty settings frame
+            raw = utils.http2_read_raw_frame(self.rfile)
+            assert raw == codecs.decode('00000c040000000000000200000000000300000001', 'hex_codec')
+
+            # check settings acknowledgement
+            raw = utils.http2_read_raw_frame(self.rfile)
+            assert raw == codecs.decode('000000040100000000', 'hex_codec')
+
+            # send settings acknowledgement
+            self.wfile.write(codecs.decode('000000040100000000', 'hex_codec'))
+            self.wfile.flush()
+
+    def test_perform_server_connection_preface(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        protocol = HTTP2Protocol(c)
+
+        assert not protocol.connection_preface_performed
+        protocol.perform_server_connection_preface()
+        assert protocol.connection_preface_performed
+
+        with raises(TcpDisconnect):
+            protocol.perform_server_connection_preface(force=True)
+
+
+class TestPerformClientConnectionPreface(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+
+        def handle(self):
+            # check magic
+            assert self.rfile.read(24) == HTTP2Protocol.CLIENT_CONNECTION_PREFACE
+
+            # check empty settings frame
+            assert self.rfile.read(9) ==\
+                codecs.decode('000000040000000000', 'hex_codec')
+
+            # send empty settings frame
+            self.wfile.write(codecs.decode('000000040000000000', 'hex_codec'))
+            self.wfile.flush()
+
+            # check settings acknowledgement
+            assert self.rfile.read(9) == \
+                codecs.decode('000000040100000000', 'hex_codec')
+
+            # send settings acknowledgement
+            self.wfile.write(codecs.decode('000000040100000000', 'hex_codec'))
+            self.wfile.flush()
+
+    def test_perform_client_connection_preface(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        protocol = HTTP2Protocol(c)
+
+        assert not protocol.connection_preface_performed
+        protocol.perform_client_connection_preface()
+        assert protocol.connection_preface_performed
+
+
+class TestClientStreamIds(object):
+    c = tcp.TCPClient(("127.0.0.1", 0))
+    protocol = HTTP2Protocol(c)
+
+    def test_client_stream_ids(self):
+        assert self.protocol.current_stream_id is None
+        assert self.protocol._next_stream_id() == 1
+        assert self.protocol.current_stream_id == 1
+        assert self.protocol._next_stream_id() == 3
+        assert self.protocol.current_stream_id == 3
+        assert self.protocol._next_stream_id() == 5
+        assert self.protocol.current_stream_id == 5
+
+
+class TestServerStreamIds(object):
+    c = tcp.TCPClient(("127.0.0.1", 0))
+    protocol = HTTP2Protocol(c, is_server=True)
+
+    def test_server_stream_ids(self):
+        assert self.protocol.current_stream_id is None
+        assert self.protocol._next_stream_id() == 2
+        assert self.protocol.current_stream_id == 2
+        assert self.protocol._next_stream_id() == 4
+        assert self.protocol.current_stream_id == 4
+        assert self.protocol._next_stream_id() == 6
+        assert self.protocol.current_stream_id == 6
+
+
+class TestApplySettings(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+        def handle(self):
+            # check settings acknowledgement
+            assert self.rfile.read(9) == codecs.decode('000000040100000000', 'hex_codec')
+            self.wfile.write("OK")
+            self.wfile.flush()
+            self.rfile.safe_read(9)  # just to keep the connection alive a bit longer
+
+    ssl = True
+
+    def test_apply_settings(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        protocol = HTTP2Protocol(c)
+
+        protocol._apply_settings({
+            SettingsFrame.ENABLE_PUSH: 'foo',
+            SettingsFrame.MAX_CONCURRENT_STREAMS: 'bar',
+            SettingsFrame.INITIAL_WINDOW_SIZE: 'deadbeef',
+        })
+
+        assert c.rfile.safe_read(2) == b"OK"
+
+        assert protocol.http2_settings[
+            SettingsFrame.ENABLE_PUSH] == 'foo'
+        assert protocol.http2_settings[
+            SettingsFrame.MAX_CONCURRENT_STREAMS] == 'bar'
+        assert protocol.http2_settings[
+            SettingsFrame.INITIAL_WINDOW_SIZE] == 'deadbeef'
+
+
+class TestCreateHeaders(object):
+    c = tcp.TCPClient(("127.0.0.1", 0))
+
+    def test_create_headers(self):
+        headers = http.Headers([
+            (b':method', b'GET'),
+            (b':path', b'index.html'),
+            (b':scheme', b'https'),
+            (b'foo', b'bar')])
+
+        bytes = HTTP2Protocol(self.c)._create_headers(
+            headers, 1, end_stream=True)
+        assert b''.join(bytes) ==\
+            codecs.decode('000014010500000001824488355217caf3a69a3f87408294e7838c767f', 'hex_codec')
+
+        bytes = HTTP2Protocol(self.c)._create_headers(
+            headers, 1, end_stream=False)
+        assert b''.join(bytes) ==\
+            codecs.decode('000014010400000001824488355217caf3a69a3f87408294e7838c767f', 'hex_codec')
+
+    def test_create_headers_multiple_frames(self):
+        headers = http.Headers([
+            (b':method', b'GET'),
+            (b':path', b'/'),
+            (b':scheme', b'https'),
+            (b'foo', b'bar'),
+            (b'server', b'version')])
+
+        protocol = HTTP2Protocol(self.c)
+        protocol.http2_settings[SettingsFrame.MAX_FRAME_SIZE] = 8
+        bytes = protocol._create_headers(headers, 1, end_stream=True)
+        assert len(bytes) == 3
+        assert bytes[0] == codecs.decode('000008010100000001828487408294e783', 'hex_codec')
+        assert bytes[1] == codecs.decode('0000080900000000018c767f7685ee5b10', 'hex_codec')
+        assert bytes[2] == codecs.decode('00000209040000000163d5', 'hex_codec')
+
+
+class TestCreateBody(object):
+    c = tcp.TCPClient(("127.0.0.1", 0))
+
+    def test_create_body_empty(self):
+        protocol = HTTP2Protocol(self.c)
+        bytes = protocol._create_body(b'', 1)
+        assert b''.join(bytes) == b''
+
+    def test_create_body_single_frame(self):
+        protocol = HTTP2Protocol(self.c)
+        bytes = protocol._create_body(b'foobar', 1)
+        assert b''.join(bytes) == codecs.decode('000006000100000001666f6f626172', 'hex_codec')
+
+    def test_create_body_multiple_frames(self):
+        protocol = HTTP2Protocol(self.c)
+        protocol.http2_settings[SettingsFrame.MAX_FRAME_SIZE] = 5
+        bytes = protocol._create_body(b'foobarmehm42', 1)
+        assert len(bytes) == 3
+        assert bytes[0] == codecs.decode('000005000000000001666f6f6261', 'hex_codec')
+        assert bytes[1] == codecs.decode('000005000000000001726d65686d', 'hex_codec')
+        assert bytes[2] == codecs.decode('0000020001000000013432', 'hex_codec')
+
+
+class TestReadRequest(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+
+        def handle(self):
+            self.wfile.write(
+                codecs.decode('000003010400000001828487', 'hex_codec'))
+            self.wfile.write(
+                codecs.decode('000006000100000001666f6f626172', 'hex_codec'))
+            self.wfile.flush()
+            self.rfile.safe_read(9)  # just to keep the connection alive a bit longer
+
+    ssl = True
+
+    def test_read_request(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        protocol = HTTP2Protocol(c, is_server=True)
+        protocol.connection_preface_performed = True
+
+        req = protocol.read_request(NotImplemented)
+
+        assert req.stream_id
+        assert req.headers.fields == [[b':method', b'GET'], [b':path', b'/'], [b':scheme', b'https']]
+        assert req.content == b'foobar'
+
+
+class TestReadRequestRelative(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+        def handle(self):
+            self.wfile.write(
+                codecs.decode('00000c0105000000014287d5af7e4d5a777f4481f9', 'hex_codec'))
+            self.wfile.flush()
+
+    ssl = True
+
+    def test_asterisk_form_in(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        protocol = HTTP2Protocol(c, is_server=True)
+        protocol.connection_preface_performed = True
+
+        req = protocol.read_request(NotImplemented)
+
+        assert req.form_in == "relative"
+        assert req.method == "OPTIONS"
+        assert req.path == "*"
+
+
+class TestReadRequestAbsolute(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+        def handle(self):
+            self.wfile.write(
+                codecs.decode('00001901050000000182448d9d29aee30c0e492c2a1170426366871c92585422e085', 'hex_codec'))
+            self.wfile.flush()
+
+    ssl = True
+
+    def test_absolute_form_in(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        protocol = HTTP2Protocol(c, is_server=True)
+        protocol.connection_preface_performed = True
+
+        req = protocol.read_request(NotImplemented)
+
+        assert req.form_in == "absolute"
+        assert req.scheme == "http"
+        assert req.host == "address"
+        assert req.port == 22
+
+
+class TestReadRequestConnect(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+        def handle(self):
+            self.wfile.write(
+                codecs.decode('00001b0105000000014287bdab4e9c17b7ff44871c92585422e08541871c92585422e085', 'hex_codec'))
+            self.wfile.write(
+                codecs.decode('00001d0105000000014287bdab4e9c17b7ff44882f91d35d055c87a741882f91d35d055c87a7', 'hex_codec'))
+            self.wfile.flush()
+
+    ssl = True
+
+    def test_connect(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        protocol = HTTP2Protocol(c, is_server=True)
+        protocol.connection_preface_performed = True
+
+        req = protocol.read_request(NotImplemented)
+        assert req.form_in == "authority"
+        assert req.method == "CONNECT"
+        assert req.host == "address"
+        assert req.port == 22
+
+        req = protocol.read_request(NotImplemented)
+        assert req.form_in == "authority"
+        assert req.method == "CONNECT"
+        assert req.host == "example.com"
+        assert req.port == 443
+
+
+class TestReadResponse(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+        def handle(self):
+            self.wfile.write(
+                codecs.decode('00000801040000002a88628594e78c767f', 'hex_codec'))
+            self.wfile.write(
+                codecs.decode('00000600010000002a666f6f626172', 'hex_codec'))
+            self.wfile.flush()
+            self.rfile.safe_read(9)  # just to keep the connection alive a bit longer
+
+    ssl = True
+
+    def test_read_response(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        protocol = HTTP2Protocol(c)
+        protocol.connection_preface_performed = True
+
+        resp = protocol.read_response(NotImplemented, stream_id=42)
+
+        assert resp.http_version == "HTTP/2.0"
+        assert resp.status_code == 200
+        assert resp.msg == ''
+        assert resp.headers.fields == [[b':status', b'200'], [b'etag', b'foobar']]
+        assert resp.content == b'foobar'
+        assert resp.timestamp_end
+
+
+class TestReadEmptyResponse(tservers.ServerTestBase):
+    class handler(tcp.BaseHandler):
+        def handle(self):
+            self.wfile.write(
+                codecs.decode('00000801050000002a88628594e78c767f', 'hex_codec'))
+            self.wfile.flush()
+
+    ssl = True
+
+    def test_read_empty_response(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        protocol = HTTP2Protocol(c)
+        protocol.connection_preface_performed = True
+
+        resp = protocol.read_response(NotImplemented, stream_id=42)
+
+        assert resp.stream_id == 42
+        assert resp.http_version == "HTTP/2.0"
+        assert resp.status_code == 200
+        assert resp.msg == ''
+        assert resp.headers.fields == [[b':status', b'200'], [b'etag', b'foobar']]
+        assert resp.content == b''
+
+
+class TestAssembleRequest(object):
+    c = tcp.TCPClient(("127.0.0.1", 0))
+
+    def test_request_simple(self):
+        bytes = HTTP2Protocol(self.c).assemble_request(http.Request(
+            b'',
+            b'GET',
+            b'https',
+            b'',
+            b'',
+            b'/',
+            b"HTTP/2.0",
+            None,
+            None,
+        ))
+        assert len(bytes) == 1
+        assert bytes[0] == codecs.decode('00000d0105000000018284874188089d5c0b8170dc07', 'hex_codec')
+
+    def test_request_with_stream_id(self):
+        req = http.Request(
+            b'',
+            b'GET',
+            b'https',
+            b'',
+            b'',
+            b'/',
+            b"HTTP/2.0",
+            None,
+            None,
+        )
+        req.stream_id = 0x42
+        bytes = HTTP2Protocol(self.c).assemble_request(req)
+        assert len(bytes) == 1
+        assert bytes[0] == codecs.decode('00000d0105000000428284874188089d5c0b8170dc07', 'hex_codec')
+
+    def test_request_with_body(self):
+        bytes = HTTP2Protocol(self.c).assemble_request(http.Request(
+            b'',
+            b'GET',
+            b'https',
+            b'',
+            b'',
+            b'/',
+            b"HTTP/2.0",
+            http.Headers([(b'foo', b'bar')]),
+            b'foobar',
+        ))
+        assert len(bytes) == 2
+        assert bytes[0] ==\
+            codecs.decode('0000150104000000018284874188089d5c0b8170dc07408294e7838c767f', 'hex_codec')
+        assert bytes[1] ==\
+            codecs.decode('000006000100000001666f6f626172', 'hex_codec')
+
+
+class TestAssembleResponse(object):
+    c = tcp.TCPClient(("127.0.0.1", 0))
+
+    def test_simple(self):
+        bytes = HTTP2Protocol(self.c, is_server=True).assemble_response(http.Response(
+            b"HTTP/2.0",
+            200,
+        ))
+        assert len(bytes) == 1
+        assert bytes[0] ==\
+            codecs.decode('00000101050000000288', 'hex_codec')
+
+    def test_with_stream_id(self):
+        resp = http.Response(
+            b"HTTP/2.0",
+            200,
+        )
+        resp.stream_id = 0x42
+        bytes = HTTP2Protocol(self.c, is_server=True).assemble_response(resp)
+        assert len(bytes) == 1
+        assert bytes[0] ==\
+            codecs.decode('00000101050000004288', 'hex_codec')
+
+    def test_with_body(self):
+        bytes = HTTP2Protocol(self.c, is_server=True).assemble_response(http.Response(
+            b"HTTP/2.0",
+            200,
+            b'',
+            http.Headers(foo=b"bar"),
+            b'foobar'
+        ))
+        assert len(bytes) == 2
+        assert bytes[0] ==\
+            codecs.decode('00000901040000000288408294e7838c767f', 'hex_codec')
+        assert bytes[1] ==\
+            codecs.decode('000006000100000002666f6f626172', 'hex_codec')
diff --git a/test/netlib/http/test_authentication.py b/test/netlib/http/test_authentication.py
new file mode 100644
index 00000000..1df7cd9c
--- /dev/null
+++ b/test/netlib/http/test_authentication.py
@@ -0,0 +1,122 @@
+import binascii
+
+from netlib import tutils
+from netlib.http import authentication, Headers
+
+
+def test_parse_http_basic_auth():
+    vals = ("basic", "foo", "bar")
+    assert authentication.parse_http_basic_auth(
+        authentication.assemble_http_basic_auth(*vals)
+    ) == vals
+    assert not authentication.parse_http_basic_auth("")
+    assert not authentication.parse_http_basic_auth("foo bar")
+    v = "basic " + binascii.b2a_base64(b"foo").decode("ascii")
+    assert not authentication.parse_http_basic_auth(v)
+
+
+class TestPassManNonAnon:
+
+    def test_simple(self):
+        p = authentication.PassManNonAnon()
+        assert not p.test("", "")
+        assert p.test("user", "")
+
+
+class TestPassManHtpasswd:
+
+    def test_file_errors(self):
+        tutils.raises(
+            "malformed htpasswd file",
+            authentication.PassManHtpasswd,
+            tutils.test_data.path("data/server.crt"))
+
+    def test_simple(self):
+        pm = authentication.PassManHtpasswd(tutils.test_data.path("data/htpasswd"))
+
+        vals = ("basic", "test", "test")
+        authentication.assemble_http_basic_auth(*vals)
+        assert pm.test("test", "test")
+        assert not pm.test("test", "foo")
+        assert not pm.test("foo", "test")
+        assert not pm.test("test", "")
+        assert not pm.test("", "")
+
+
+class TestPassManSingleUser:
+
+    def test_simple(self):
+        pm = authentication.PassManSingleUser("test", "test")
+        assert pm.test("test", "test")
+        assert not pm.test("test", "foo")
+        assert not pm.test("foo", "test")
+
+
+class TestNullProxyAuth:
+
+    def test_simple(self):
+        na = authentication.NullProxyAuth(authentication.PassManNonAnon())
+        assert not na.auth_challenge_headers()
+        assert na.authenticate("foo")
+        na.clean({})
+
+
+class TestBasicProxyAuth:
+
+    def test_simple(self):
+        ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(), "test")
+        headers = Headers()
+        assert ba.auth_challenge_headers()
+        assert not ba.authenticate(headers)
+
+    def test_authenticate_clean(self):
+        ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(), "test")
+
+        headers = Headers()
+        vals = ("basic", "foo", "bar")
+        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(*vals)
+        assert ba.authenticate(headers)
+
+        ba.clean(headers)
+        assert not ba.AUTH_HEADER in headers
+
+        headers[ba.AUTH_HEADER] = ""
+        assert not ba.authenticate(headers)
+
+        headers[ba.AUTH_HEADER] = "foo"
+        assert not ba.authenticate(headers)
+
+        vals = ("foo", "foo", "bar")
+        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(*vals)
+        assert not ba.authenticate(headers)
+
+        ba = authentication.BasicProxyAuth(authentication.PassMan(), "test")
+        vals = ("basic", "foo", "bar")
+        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(*vals)
+        assert not ba.authenticate(headers)
+
+
+class Bunch:
+    pass
+
+
+class TestAuthAction:
+
+    def test_nonanonymous(self):
+        m = Bunch()
+        aa = authentication.NonanonymousAuthAction(None, "authenticator")
+        aa(None, m, None, None)
+        assert m.authenticator
+
+    def test_singleuser(self):
+        m = Bunch()
+        aa = authentication.SingleuserAuthAction(None, "authenticator")
+        aa(None, m, "foo:bar", None)
+        assert m.authenticator
+        tutils.raises("invalid", aa, None, m, "foo", None)
+
+    def test_httppasswd(self):
+        m = Bunch()
+        aa = authentication.HtpasswdAuthAction(None, "authenticator")
+        aa(None, m, tutils.test_data.path("data/htpasswd"), None)
+        assert m.authenticator
diff --git a/test/netlib/http/test_cookies.py b/test/netlib/http/test_cookies.py
new file mode 100644
index 00000000..34bb64f2
--- /dev/null
+++ b/test/netlib/http/test_cookies.py
@@ -0,0 +1,218 @@
+from netlib.http import cookies
+
+
+def test_read_token():
+    tokens = [
+        [("foo", 0), ("foo", 3)],
+        [("foo", 1), ("oo", 3)],
+        [(" foo", 1), ("foo", 4)],
+        [(" foo;", 1), ("foo", 4)],
+        [(" foo=", 1), ("foo", 4)],
+        [(" foo=bar", 1), ("foo", 4)],
+    ]
+    for q, a in tokens:
+        assert cookies._read_token(*q) == a
+
+
+def test_read_quoted_string():
+    tokens = [
+        [('"foo" x', 0), ("foo", 5)],
+        [('"f\oo" x', 0), ("foo", 6)],
+        [(r'"f\\o" x', 0), (r"f\o", 6)],
+        [(r'"f\\" x', 0), (r"f" + '\\', 5)],
+        [('"fo\\\"" x', 0), ("fo\"", 6)],
+        [('"foo" x', 7), ("", 8)],
+    ]
+    for q, a in tokens:
+        assert cookies._read_quoted_string(*q) == a
+
+
+def test_read_pairs():
+    vals = [
+        [
+            "one",
+            [["one", None]]
+        ],
+        [
+            "one=two",
+            [["one", "two"]]
+        ],
+        [
+            "one=",
+            [["one", ""]]
+        ],
+        [
+            'one="two"',
+            [["one", "two"]]
+        ],
+        [
+            'one="two"; three=four',
+            [["one", "two"], ["three", "four"]]
+        ],
+        [
+            'one="two"; three=four; five',
+            [["one", "two"], ["three", "four"], ["five", None]]
+        ],
+        [
+            'one="\\"two"; three=four',
+            [["one", '"two'], ["three", "four"]]
+        ],
+    ]
+    for s, lst in vals:
+        ret, off = cookies._read_pairs(s)
+        assert ret == lst
+
+
+def test_pairs_roundtrips():
+    pairs = [
+        [
+            "",
+            []
+        ],
+        [
+            "one=uno",
+            [["one", "uno"]]
+        ],
+        [
+            "one",
+            [["one", None]]
+        ],
+        [
+            "one=uno; two=due",
+            [["one", "uno"], ["two", "due"]]
+        ],
+        [
+            'one="uno"; two="\due"',
+            [["one", "uno"], ["two", "due"]]
+        ],
+        [
+            'one="un\\"o"',
+            [["one", 'un"o']]
+        ],
+        [
+            'one="uno,due"',
+            [["one", 'uno,due']]
+        ],
+        [
+            "one=uno; two; three=tre",
+            [["one", "uno"], ["two", None], ["three", "tre"]]
+        ],
+        [
+            "_lvs2=zHai1+Hq+Tc2vmc2r4GAbdOI5Jopg3EwsdUT9g=; "
+            "_rcc2=53VdltWl+Ov6ordflA==;",
+            [
+                ["_lvs2", "zHai1+Hq+Tc2vmc2r4GAbdOI5Jopg3EwsdUT9g="],
+                ["_rcc2", "53VdltWl+Ov6ordflA=="]
+            ]
+        ]
+    ]
+    for s, lst in pairs:
+        ret, off = cookies._read_pairs(s)
+        assert ret == lst
+        s2 = cookies._format_pairs(lst)
+        ret, off = cookies._read_pairs(s2)
+        assert ret == lst
+
+
+def test_cookie_roundtrips():
+    pairs = [
+        [
+            "one=uno",
+            [["one", "uno"]]
+        ],
+        [
+            "one=uno; two=due",
+            [["one", "uno"], ["two", "due"]]
+        ],
+    ]
+    for s, lst in pairs:
+        ret = cookies.parse_cookie_header(s)
+        assert ret.lst == lst
+        s2 = cookies.format_cookie_header(ret)
+        ret = cookies.parse_cookie_header(s2)
+        assert ret.lst == lst
+
+
+def test_parse_set_cookie_pairs():
+    pairs = [
+        [
+            "one=uno",
+            [
+                ["one", "uno"]
+            ]
+        ],
+        [
+            "one=un\x20",
+            [
+                ["one", "un\x20"]
+            ]
+        ],
+        [
+            "one=uno; foo",
+            [
+                ["one", "uno"],
+                ["foo", None]
+            ]
+        ],
+        [
+            "mun=1.390.f60; "
+            "expires=sun, 11-oct-2015 12:38:31 gmt; path=/; "
+            "domain=b.aol.com",
+            [
+                ["mun", "1.390.f60"],
+                ["expires", "sun, 11-oct-2015 12:38:31 gmt"],
+                ["path", "/"],
+                ["domain", "b.aol.com"]
+            ]
+        ],
+        [
+            r'rpb=190%3d1%2616726%3d1%2634832%3d1%2634874%3d1; '
+            'domain=.rubiconproject.com; '
+            'expires=mon, 11-may-2015 21:54:57 gmt; '
+            'path=/',
+            [
+                ['rpb', r'190%3d1%2616726%3d1%2634832%3d1%2634874%3d1'],
+                ['domain', '.rubiconproject.com'],
+                ['expires', 'mon, 11-may-2015 21:54:57 gmt'],
+                ['path', '/']
+            ]
+        ],
+    ]
+    for s, lst in pairs:
+        ret = cookies._parse_set_cookie_pairs(s)
+        assert ret == lst
+        s2 = cookies._format_set_cookie_pairs(ret)
+        ret2 = cookies._parse_set_cookie_pairs(s2)
+        assert  ret2 == lst
+
+
+def test_parse_set_cookie_header():
+    vals = [
+        [
+            "", None
+        ],
+        [
+            ";", None
+        ],
+        [
+            "one=uno",
+            ("one", "uno", [])
+        ],
+        [
+            "one=uno; foo=bar",
+            ("one", "uno", [["foo", "bar"]])
+        ]
+    ]
+    for s, expected in vals:
+        ret = cookies.parse_set_cookie_header(s)
+        if expected:
+            assert ret[0] == expected[0]
+            assert ret[1] == expected[1]
+            assert ret[2].lst == expected[2]
+            s2 = cookies.format_set_cookie_header(*ret)
+            ret2 = cookies.parse_set_cookie_header(s2)
+            assert ret2[0] == expected[0]
+            assert ret2[1] == expected[1]
+            assert ret2[2].lst == expected[2]
+        else:
+            assert ret is None
diff --git a/test/netlib/http/test_headers.py b/test/netlib/http/test_headers.py
new file mode 100644
index 00000000..d50fee3e
--- /dev/null
+++ b/test/netlib/http/test_headers.py
@@ -0,0 +1,152 @@
+from netlib.http import Headers
+from netlib.tutils import raises
+
+
+class TestHeaders(object):
+    def _2host(self):
+        return Headers(
+            [
+                [b"Host", b"example.com"],
+                [b"host", b"example.org"]
+            ]
+        )
+
+    def test_init(self):
+        headers = Headers()
+        assert len(headers) == 0
+
+        headers = Headers([[b"Host", b"example.com"]])
+        assert len(headers) == 1
+        assert headers["Host"] == "example.com"
+
+        headers = Headers(Host="example.com")
+        assert len(headers) == 1
+        assert headers["Host"] == "example.com"
+
+        headers = Headers(
+            [[b"Host", b"invalid"]],
+            Host="example.com"
+        )
+        assert len(headers) == 1
+        assert headers["Host"] == "example.com"
+
+        headers = Headers(
+            [[b"Host", b"invalid"], [b"Accept", b"text/plain"]],
+            Host="example.com"
+        )
+        assert len(headers) == 2
+        assert headers["Host"] == "example.com"
+        assert headers["Accept"] == "text/plain"
+
+        with raises(ValueError):
+            Headers([[b"Host", u"not-bytes"]])
+
+    def test_getitem(self):
+        headers = Headers(Host="example.com")
+        assert headers["Host"] == "example.com"
+        assert headers["host"] == "example.com"
+        with raises(KeyError):
+            _ = headers["Accept"]
+
+        headers = self._2host()
+        assert headers["Host"] == "example.com, example.org"
+
+    def test_str(self):
+        headers = Headers(Host="example.com")
+        assert bytes(headers) == b"Host: example.com\r\n"
+
+        headers = Headers([
+            [b"Host", b"example.com"],
+            [b"Accept", b"text/plain"]
+        ])
+        assert bytes(headers) == b"Host: example.com\r\nAccept: text/plain\r\n"
+
+        headers = Headers()
+        assert bytes(headers) == b""
+
+    def test_setitem(self):
+        headers = Headers()
+        headers["Host"] = "example.com"
+        assert "Host" in headers
+        assert "host" in headers
+        assert headers["Host"] == "example.com"
+
+        headers["host"] = "example.org"
+        assert "Host" in headers
+        assert "host" in headers
+        assert headers["Host"] == "example.org"
+
+        headers["accept"] = "text/plain"
+        assert len(headers) == 2
+        assert "Accept" in headers
+        assert "Host" in headers
+
+        headers = self._2host()
+        assert len(headers.fields) == 2
+        headers["Host"] = "example.com"
+        assert len(headers.fields) == 1
+        assert "Host" in headers
+
+    def test_delitem(self):
+        headers = Headers(Host="example.com")
+        assert len(headers) == 1
+        del headers["host"]
+        assert len(headers) == 0
+        try:
+            del headers["host"]
+        except KeyError:
+            assert True
+        else:
+            assert False
+
+        headers = self._2host()
+        del headers["Host"]
+        assert len(headers) == 0
+
+    def test_keys(self):
+        headers = Headers(Host="example.com")
+        assert list(headers.keys()) == ["Host"]
+
+        headers = self._2host()
+        assert list(headers.keys()) == ["Host"]
+
+    def test_eq_ne(self):
+        headers1 = Headers(Host="example.com")
+        headers2 = Headers(host="example.com")
+        assert not (headers1 == headers2)
+        assert headers1 != headers2
+
+        headers1 = Headers(Host="example.com")
+        headers2 = Headers(Host="example.com")
+        assert headers1 == headers2
+        assert not (headers1 != headers2)
+
+        assert headers1 != 42
+
+    def test_get_all(self):
+        headers = self._2host()
+        assert headers.get_all("host") == ["example.com", "example.org"]
+        assert headers.get_all("accept") == []
+
+    def test_set_all(self):
+        headers = Headers(Host="example.com")
+        headers.set_all("Accept", ["text/plain"])
+        assert len(headers) == 2
+        assert "accept" in headers
+
+        headers = self._2host()
+        headers.set_all("Host", ["example.org"])
+        assert headers["host"] == "example.org"
+
+        headers.set_all("Host", ["example.org", "example.net"])
+        assert headers["host"] == "example.org, example.net"
+
+    def test_state(self):
+        headers = self._2host()
+        assert len(headers.get_state()) == 2
+        assert headers == Headers.from_state(headers.get_state())
+
+        headers2 = Headers()
+        assert headers != headers2
+        headers2.set_state(headers.get_state())
+        assert headers == headers2
diff --git a/test/netlib/http/test_message.py b/test/netlib/http/test_message.py
new file mode 100644
index 00000000..4b1f4630
--- /dev/null
+++ b/test/netlib/http/test_message.py
@@ -0,0 +1,153 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, print_function, division
+
+from netlib.http import decoded, Headers
+from netlib.tutils import tresp, raises
+
+
+def _test_passthrough_attr(message, attr):
+    assert getattr(message, attr) == getattr(message.data, attr)
+    setattr(message, attr, "foo")
+    assert getattr(message.data, attr) == "foo"
+
+
+def _test_decoded_attr(message, attr):
+    assert getattr(message, attr) == getattr(message.data, attr).decode("utf8")
+    # Set str, get raw bytes
+    setattr(message, attr, "foo")
+    assert getattr(message.data, attr) == b"foo"
+    # Set raw bytes, get decoded
+    setattr(message.data, attr, b"BAR")  # use uppercase so that we can also cover request.method
+    assert getattr(message, attr) == "BAR"
+    # Set bytes, get raw bytes
+    setattr(message, attr, b"baz")
+    assert getattr(message.data, attr) == b"baz"
+
+    # Set UTF8
+    setattr(message, attr, "Non-Autorisé")
+    assert getattr(message.data, attr) == b"Non-Autoris\xc3\xa9"
+    # Don't fail on garbage
+    setattr(message.data, attr, b"FOO\xFF\x00BAR")
+    assert getattr(message, attr).startswith("FOO")
+    assert getattr(message, attr).endswith("BAR")
+    # foo.bar = foo.bar should not cause any side effects.
+    d = getattr(message, attr)
+    setattr(message, attr, d)
+    assert getattr(message.data, attr) == b"FOO\xFF\x00BAR"
+
+
+class TestMessageData(object):
+    def test_eq_ne(self):
+        data = tresp(timestamp_start=42, timestamp_end=42).data
+        same = tresp(timestamp_start=42, timestamp_end=42).data
+        assert data == same
+        assert not data != same
+
+        other = tresp(content=b"foo").data
+        assert not data == other
+        assert data != other
+
+        assert data != 0
+
+
+class TestMessage(object):
+
+    def test_init(self):
+        resp = tresp()
+        assert resp.data
+
+    def test_eq_ne(self):
+        resp = tresp(timestamp_start=42, timestamp_end=42)
+        same = tresp(timestamp_start=42, timestamp_end=42)
+        assert resp == same
+        assert not resp != same
+
+        other = tresp(timestamp_start=0, timestamp_end=0)
+        assert not resp == other
+        assert resp != other
+
+        assert resp != 0
+
+    def test_content_length_update(self):
+        resp = tresp()
+        resp.content = b"foo"
+        assert resp.data.content == b"foo"
+        assert resp.headers["content-length"] == "3"
+        resp.content = b""
+        assert resp.data.content == b""
+        assert resp.headers["content-length"] == "0"
+
+    def test_content_basic(self):
+        _test_passthrough_attr(tresp(), "content")
+
+    def test_headers(self):
+        _test_passthrough_attr(tresp(), "headers")
+
+    def test_timestamp_start(self):
+        _test_passthrough_attr(tresp(), "timestamp_start")
+
+    def test_timestamp_end(self):
+        _test_passthrough_attr(tresp(), "timestamp_end")
+
+    def teste_http_version(self):
+        _test_decoded_attr(tresp(), "http_version")
+
+
+class TestDecodedDecorator(object):
+
+    def test_simple(self):
+        r = tresp()
+        assert r.content == b"message"
+        assert "content-encoding" not in r.headers
+        assert r.encode("gzip")
+
+        assert r.headers["content-encoding"]
+        assert r.content != b"message"
+        with decoded(r):
+            assert "content-encoding" not in r.headers
+            assert r.content == b"message"
+        assert r.headers["content-encoding"]
+        assert r.content != b"message"
+
+    def test_modify(self):
+        r = tresp()
+        assert "content-encoding" not in r.headers
+        assert r.encode("gzip")
+
+        with decoded(r):
+            r.content = b"foo"
+
+        assert r.content != b"foo"
+        r.decode()
+        assert r.content == b"foo"
+
+    def test_unknown_ce(self):
+        r = tresp()
+        r.headers["content-encoding"] = "zopfli"
+        r.content = b"foo"
+        with decoded(r):
+            assert r.headers["content-encoding"]
+            assert r.content == b"foo"
+        assert r.headers["content-encoding"]
+        assert r.content == b"foo"
+
+    def test_cannot_decode(self):
+        r = tresp()
+        assert r.encode("gzip")
+        r.content = b"foo"
+        with decoded(r):
+            assert r.headers["content-encoding"]
+            assert r.content == b"foo"
+        assert r.headers["content-encoding"]
+        assert r.content != b"foo"
+        r.decode()
+        assert r.content == b"foo"
+
+    def test_cannot_encode(self):
+        r = tresp()
+        assert r.encode("gzip")
+        with decoded(r):
+            r.content = None
+
+        assert "content-encoding" not in r.headers
+        assert r.content is None
diff --git a/test/netlib/http/test_request.py b/test/netlib/http/test_request.py
new file mode 100644
index 00000000..900b2cd1
--- /dev/null
+++ b/test/netlib/http/test_request.py
@@ -0,0 +1,238 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, print_function, division
+
+import six
+
+from netlib import utils
+from netlib.http import Headers
+from netlib.odict import ODict
+from netlib.tutils import treq, raises
+from .test_message import _test_decoded_attr, _test_passthrough_attr
+
+
+class TestRequestData(object):
+    def test_init(self):
+        with raises(ValueError if six.PY2 else TypeError):
+            treq(headers="foobar")
+
+        assert isinstance(treq(headers=None).headers, Headers)
+
+
+class TestRequestCore(object):
+    """
+    Tests for builtins and the attributes that are directly proxied from the data structure
+    """
+    def test_repr(self):
+        request = treq()
+        assert repr(request) == "Request(GET address:22/path)"
+        request.host = None
+        assert repr(request) == "Request(GET /path)"
+
+    def test_first_line_format(self):
+        _test_passthrough_attr(treq(), "first_line_format")
+
+    def test_method(self):
+        _test_decoded_attr(treq(), "method")
+
+    def test_scheme(self):
+        _test_decoded_attr(treq(), "scheme")
+
+    def test_port(self):
+        _test_passthrough_attr(treq(), "port")
+
+    def test_path(self):
+        _test_decoded_attr(treq(), "path")
+
+    def test_host(self):
+        if six.PY2:
+            from unittest import SkipTest
+            raise SkipTest()
+
+        request = treq()
+        assert request.host == request.data.host.decode("idna")
+
+        # Test IDNA encoding
+        # Set str, get raw bytes
+        request.host = "ídna.example"
+        assert request.data.host == b"xn--dna-qma.example"
+        # Set raw bytes, get decoded
+        request.data.host = b"xn--idn-gla.example"
+        assert request.host == "idná.example"
+        # Set bytes, get raw bytes
+        request.host = b"xn--dn-qia9b.example"
+        assert request.data.host == b"xn--dn-qia9b.example"
+        # IDNA encoding is not bijective
+        request.host = "fußball"
+        assert request.host == "fussball"
+
+        # Don't fail on garbage
+        request.data.host = b"foo\xFF\x00bar"
+        assert request.host.startswith("foo")
+        assert request.host.endswith("bar")
+        # foo.bar = foo.bar should not cause any side effects.
+        d = request.host
+        request.host = d
+        assert request.data.host == b"foo\xFF\x00bar"
+
+    def test_host_header_update(self):
+        request = treq()
+        assert "host" not in request.headers
+        request.host = "example.com"
+        assert "host" not in request.headers
+
+        request.headers["Host"] = "foo"
+        request.host = "example.org"
+        assert request.headers["Host"] == "example.org"
+
+
+class TestRequestUtils(object):
+    """
+    Tests for additional convenience methods.
+    """
+    def test_url(self):
+        request = treq()
+        assert request.url == "http://address:22/path"
+
+        request.url = "https://otheraddress:42/foo"
+        assert request.scheme == "https"
+        assert request.host == "otheraddress"
+        assert request.port == 42
+        assert request.path == "/foo"
+
+        with raises(ValueError):
+            request.url = "not-a-url"
+
+    def test_pretty_host(self):
+        request = treq()
+        assert request.pretty_host == "address"
+        assert request.host == "address"
+        request.headers["host"] = "other"
+        assert request.pretty_host == "other"
+        assert request.host == "address"
+        request.host = None
+        assert request.pretty_host is None
+        assert request.host is None
+
+        # Invalid IDNA
+        request.headers["host"] = ".disqus.com"
+        assert request.pretty_host == ".disqus.com"
+
+    def test_pretty_url(self):
+        request = treq()
+        assert request.url == "http://address:22/path"
+        assert request.pretty_url == "http://address:22/path"
+        request.headers["host"] = "other"
+        assert request.pretty_url == "http://other:22/path"
+
+    def test_pretty_url_authority(self):
+        request = treq(first_line_format="authority")
+        assert request.pretty_url == "address:22"
+
+    def test_get_query(self):
+        request = treq()
+        assert request.query is None
+
+        request.url = "http://localhost:80/foo?bar=42"
+        assert request.query.lst == [("bar", "42")]
+
+    def test_set_query(self):
+        request = treq()
+        request.query = ODict([])
+
+    def test_get_cookies_none(self):
+        request = treq()
+        request.headers = Headers()
+        assert len(request.cookies) == 0
+
+    def test_get_cookies_single(self):
+        request = treq()
+        request.headers = Headers(cookie="cookiename=cookievalue")
+        result = request.cookies
+        assert len(result) == 1
+        assert result['cookiename'] == ['cookievalue']
+
+    def test_get_cookies_double(self):
+        request = treq()
+        request.headers = Headers(cookie="cookiename=cookievalue;othercookiename=othercookievalue")
+        result = request.cookies
+        assert len(result) == 2
+        assert result['cookiename'] == ['cookievalue']
+        assert result['othercookiename'] == ['othercookievalue']
+
+    def test_get_cookies_withequalsign(self):
+        request = treq()
+        request.headers = Headers(cookie="cookiename=coo=kievalue;othercookiename=othercookievalue")
+        result = request.cookies
+        assert len(result) == 2
+        assert result['cookiename'] == ['coo=kievalue']
+        assert result['othercookiename'] == ['othercookievalue']
+
+    def test_set_cookies(self):
+        request = treq()
+        request.headers = Headers(cookie="cookiename=cookievalue")
+        result = request.cookies
+        result["cookiename"] = ["foo"]
+        request.cookies = result
+        assert request.cookies["cookiename"] == ["foo"]
+
+    def test_get_path_components(self):
+        request = treq(path=b"/foo/bar")
+        assert request.path_components == ["foo", "bar"]
+
+    def test_set_path_components(self):
+        request = treq()
+        request.path_components = ["foo", "baz"]
+        assert request.path == "/foo/baz"
+        request.path_components = []
+        assert request.path == "/"
+
+    def test_anticache(self):
+        request = treq()
+        request.headers["If-Modified-Since"] = "foo"
+        request.headers["If-None-Match"] = "bar"
+        request.anticache()
+        assert "If-Modified-Since" not in request.headers
+        assert "If-None-Match" not in request.headers
+
+    def test_anticomp(self):
+        request = treq()
+        request.headers["Accept-Encoding"] = "foobar"
+        request.anticomp()
+        assert request.headers["Accept-Encoding"] == "identity"
+
+    def test_constrain_encoding(self):
+        request = treq()
+
+        h = request.headers.copy()
+        request.constrain_encoding()  # no-op if there is no accept_encoding header.
+        assert request.headers == h
+
+        request.headers["Accept-Encoding"] = "identity, gzip, foo"
+        request.constrain_encoding()
+        assert "foo" not in request.headers["Accept-Encoding"]
+        assert "gzip" in request.headers["Accept-Encoding"]
+
+    def test_get_urlencoded_form(self):
+        request = treq(content="foobar")
+        assert request.urlencoded_form is None
+
+        request.headers["Content-Type"] = "application/x-www-form-urlencoded"
+        assert request.urlencoded_form == ODict(utils.urldecode(request.content))
+
+    def test_set_urlencoded_form(self):
+        request = treq()
+        request.urlencoded_form = ODict([('foo', 'bar'), ('rab', 'oof')])
+        assert request.headers["Content-Type"] == "application/x-www-form-urlencoded"
+        assert request.content
+
+    def test_get_multipart_form(self):
+        request = treq(content="foobar")
+        assert request.multipart_form is None
+
+        request.headers["Content-Type"] = "multipart/form-data"
+        assert request.multipart_form == ODict(
+            utils.multipartdecode(
+                request.headers,
+                request.content
+            )
+        )
diff --git a/test/netlib/http/test_response.py b/test/netlib/http/test_response.py
new file mode 100644
index 00000000..14588000
--- /dev/null
+++ b/test/netlib/http/test_response.py
@@ -0,0 +1,102 @@
+from __future__ import absolute_import, print_function, division
+
+import six
+
+from netlib.http import Headers
+from netlib.odict import ODict, ODictCaseless
+from netlib.tutils import raises, tresp
+from .test_message import _test_passthrough_attr, _test_decoded_attr
+
+
+class TestResponseData(object):
+    def test_init(self):
+        with raises(ValueError if six.PY2 else TypeError):
+            tresp(headers="foobar")
+
+        assert isinstance(tresp(headers=None).headers, Headers)
+
+
+class TestResponseCore(object):
+    """
+    Tests for builtins and the attributes that are directly proxied from the data structure
+    """
+    def test_repr(self):
+        response = tresp()
+        assert repr(response) == "Response(200 OK, unknown content type, 7B)"
+        response.content = None
+        assert repr(response) == "Response(200 OK, no content)"
+
+    def test_status_code(self):
+        _test_passthrough_attr(tresp(), "status_code")
+
+    def test_reason(self):
+        _test_decoded_attr(tresp(), "reason")
+
+
+class TestResponseUtils(object):
+    """
+    Tests for additional convenience methods.
+    """
+    def test_get_cookies_none(self):
+        resp = tresp()
+        resp.headers = Headers()
+        assert not resp.cookies
+
+    def test_get_cookies_empty(self):
+        resp = tresp()
+        resp.headers = Headers(set_cookie="")
+        assert not resp.cookies
+
+    def test_get_cookies_simple(self):
+        resp = tresp()
+        resp.headers = Headers(set_cookie="cookiename=cookievalue")
+        result = resp.cookies
+        assert len(result) == 1
+        assert "cookiename" in result
+        assert result["cookiename"][0] == ["cookievalue", ODict()]
+
+    def test_get_cookies_with_parameters(self):
+        resp = tresp()
+        resp.headers = Headers(set_cookie="cookiename=cookievalue;domain=example.com;expires=Wed Oct  21 16:29:41 2015;path=/; HttpOnly")
+        result = resp.cookies
+        assert len(result) == 1
+        assert "cookiename" in result
+        assert result["cookiename"][0][0] == "cookievalue"
+        attrs = result["cookiename"][0][1]
+        assert len(attrs) == 4
+        assert attrs["domain"] == ["example.com"]
+        assert attrs["expires"] == ["Wed Oct  21 16:29:41 2015"]
+        assert attrs["path"] == ["/"]
+        assert attrs["httponly"] == [None]
+
+    def test_get_cookies_no_value(self):
+        resp = tresp()
+        resp.headers = Headers(set_cookie="cookiename=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/")
+        result = resp.cookies
+        assert len(result) == 1
+        assert "cookiename" in result
+        assert result["cookiename"][0][0] == ""
+        assert len(result["cookiename"][0][1]) == 2
+
+    def test_get_cookies_twocookies(self):
+        resp = tresp()
+        resp.headers = Headers([
+            [b"Set-Cookie", b"cookiename=cookievalue"],
+            [b"Set-Cookie", b"othercookie=othervalue"]
+        ])
+        result = resp.cookies
+        assert len(result) == 2
+        assert "cookiename" in result
+        assert result["cookiename"][0] == ["cookievalue", ODict()]
+        assert "othercookie" in result
+        assert result["othercookie"][0] == ["othervalue", ODict()]
+
+    def test_set_cookies(self):
+        resp = tresp()
+        v = resp.cookies
+        v.add("foo", ["bar", ODictCaseless()])
+        resp.set_cookies(v)
+
+        v = resp.cookies
+        assert len(v) == 1
+        assert v["foo"] == [["bar", ODictCaseless()]]
diff --git a/test/netlib/http/test_status_codes.py b/test/netlib/http/test_status_codes.py
new file mode 100644
index 00000000..9fea6b70
--- /dev/null
+++ b/test/netlib/http/test_status_codes.py
@@ -0,0 +1,6 @@
+from netlib.http import status_codes
+
+
+def test_simple():
+    assert status_codes.IM_A_TEAPOT == 418
+    assert status_codes.RESPONSES[418] == "I'm a teapot"
diff --git a/test/netlib/http/test_user_agents.py b/test/netlib/http/test_user_agents.py
new file mode 100644
index 00000000..0bf1bba7
--- /dev/null
+++ b/test/netlib/http/test_user_agents.py
@@ -0,0 +1,6 @@
+from netlib.http import user_agents
+
+
+def test_get_shortcut():
+    assert user_agents.get_by_shortcut("c")[0] == "chrome"
+    assert not user_agents.get_by_shortcut("_")
diff --git a/test/netlib/test_certutils.py b/test/netlib/test_certutils.py
new file mode 100644
index 00000000..027dcc93
--- /dev/null
+++ b/test/netlib/test_certutils.py
@@ -0,0 +1,155 @@
+import os
+from netlib import certutils, tutils
+
+# class TestDNTree:
+#     def test_simple(self):
+#         d = certutils.DNTree()
+#         d.add("foo.com", "foo")
+#         d.add("bar.com", "bar")
+#         assert d.get("foo.com") == "foo"
+#         assert d.get("bar.com") == "bar"
+#         assert not d.get("oink.com")
+#         assert not d.get("oink")
+#         assert not d.get("")
+#         assert not d.get("oink.oink")
+#
+#         d.add("*.match.org", "match")
+#         assert not d.get("match.org")
+#         assert d.get("foo.match.org") == "match"
+#         assert d.get("foo.foo.match.org") == "match"
+#
+#     def test_wildcard(self):
+#         d = certutils.DNTree()
+#         d.add("foo.com", "foo")
+#         assert not d.get("*.foo.com")
+#         d.add("*.foo.com", "wild")
+#
+#         d = certutils.DNTree()
+#         d.add("*", "foo")
+#         assert d.get("foo.com") == "foo"
+#         assert d.get("*.foo.com") == "foo"
+#         assert d.get("com") == "foo"
+
+
+class TestCertStore:
+
+    def test_create_explicit(self):
+        with tutils.tmpdir() as d:
+            ca = certutils.CertStore.from_store(d, "test")
+            assert ca.get_cert(b"foo", [])
+
+            ca2 = certutils.CertStore.from_store(d, "test")
+            assert ca2.get_cert(b"foo", [])
+
+            assert ca.default_ca.get_serial_number() == ca2.default_ca.get_serial_number()
+
+    def test_create_no_common_name(self):
+        with tutils.tmpdir() as d:
+            ca = certutils.CertStore.from_store(d, "test")
+            assert ca.get_cert(None, [])[0].cn is None
+
+    def test_create_tmp(self):
+        with tutils.tmpdir() as d:
+            ca = certutils.CertStore.from_store(d, "test")
+            assert ca.get_cert(b"foo.com", [])
+            assert ca.get_cert(b"foo.com", [])
+            assert ca.get_cert(b"*.foo.com", [])
+
+            r = ca.get_cert(b"*.foo.com", [])
+            assert r[1] == ca.default_privatekey
+
+    def test_sans(self):
+        with tutils.tmpdir() as d:
+            ca = certutils.CertStore.from_store(d, "test")
+            c1 = ca.get_cert(b"foo.com", [b"*.bar.com"])
+            ca.get_cert(b"foo.bar.com", [])
+            # assert c1 == c2
+            c3 = ca.get_cert(b"bar.com", [])
+            assert not c1 == c3
+
+    def test_sans_change(self):
+        with tutils.tmpdir() as d:
+            ca = certutils.CertStore.from_store(d, "test")
+            ca.get_cert(b"foo.com", [b"*.bar.com"])
+            cert, key, chain_file = ca.get_cert(b"foo.bar.com", [b"*.baz.com"])
+            assert b"*.baz.com" in cert.altnames
+
+    def test_overrides(self):
+        with tutils.tmpdir() as d:
+            ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")
+            ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")
+            assert not ca1.default_ca.get_serial_number(
+            ) == ca2.default_ca.get_serial_number()
+
+            dc = ca2.get_cert(b"foo.com", [b"sans.example.com"])
+            dcp = os.path.join(d, "dc")
+            f = open(dcp, "wb")
+            f.write(dc[0].to_pem())
+            f.close()
+            ca1.add_cert_file(b"foo.com", dcp)
+
+            ret = ca1.get_cert(b"foo.com", [])
+            assert ret[0].serial == dc[0].serial
+
+
+class TestDummyCert:
+
+    def test_with_ca(self):
+        with tutils.tmpdir() as d:
+            ca = certutils.CertStore.from_store(d, "test")
+            r = certutils.dummy_cert(
+                ca.default_privatekey,
+                ca.default_ca,
+                b"foo.com",
+                [b"one.com", b"two.com", b"*.three.com"]
+            )
+            assert r.cn == b"foo.com"
+
+            r = certutils.dummy_cert(
+                ca.default_privatekey,
+                ca.default_ca,
+                None,
+                []
+            )
+            assert r.cn is None
+
+
+class TestSSLCert:
+
+    def test_simple(self):
+        with open(tutils.test_data.path("data/text_cert"), "rb") as f:
+            d = f.read()
+        c1 = certutils.SSLCert.from_pem(d)
+        assert c1.cn == b"google.com"
+        assert len(c1.altnames) == 436
+
+        with open(tutils.test_data.path("data/text_cert_2"), "rb") as f:
+            d = f.read()
+        c2 = certutils.SSLCert.from_pem(d)
+        assert c2.cn == b"www.inode.co.nz"
+        assert len(c2.altnames) == 2
+        assert c2.digest("sha1")
+        assert c2.notbefore
+        assert c2.notafter
+        assert c2.subject
+        assert c2.keyinfo == ("RSA", 2048)
+        assert c2.serial
+        assert c2.issuer
+        assert c2.to_pem()
+        assert c2.has_expired is not None
+
+        assert not c1 == c2
+        assert c1 != c2
+
+    def test_err_broken_sans(self):
+        with open(tutils.test_data.path("data/text_cert_weird1"), "rb") as f:
+            d = f.read()
+        c = certutils.SSLCert.from_pem(d)
+        # This breaks unless we ignore a decoding error.
+        assert c.altnames is not None
+
+    def test_der(self):
+        with open(tutils.test_data.path("data/dercert"), "rb") as f:
+            d = f.read()
+        s = certutils.SSLCert.from_der(d)
+        assert s.cn
diff --git a/test/netlib/test_encoding.py b/test/netlib/test_encoding.py
new file mode 100644
index 00000000..0ff1aad1
--- /dev/null
+++ b/test/netlib/test_encoding.py
@@ -0,0 +1,37 @@
+from netlib import encoding
+
+
+def test_identity():
+    assert b"string" == encoding.decode("identity", b"string")
+    assert b"string" == encoding.encode("identity", b"string")
+    assert not encoding.encode("nonexistent", b"string")
+    assert not encoding.decode("nonexistent encoding", b"string")
+
+
+def test_gzip():
+    assert b"string" == encoding.decode(
+        "gzip",
+        encoding.encode(
+            "gzip",
+            b"string"
+        )
+    )
+    assert encoding.decode("gzip", b"bogus") is None
+
+
+def test_deflate():
+    assert b"string" == encoding.decode(
+        "deflate",
+        encoding.encode(
+            "deflate",
+            b"string"
+        )
+    )
+    assert b"string" == encoding.decode(
+        "deflate",
+        encoding.encode(
+            "deflate",
+            b"string"
+        )[2:-4]
+    )
+    assert encoding.decode("deflate", b"bogus") is None
diff --git a/test/netlib/test_imports.py b/test/netlib/test_imports.py
new file mode 100644
index 00000000..b88ef26d
--- /dev/null
+++ b/test/netlib/test_imports.py
@@ -0,0 +1 @@
+# These are actually tests!
diff --git a/test/netlib/test_odict.py b/test/netlib/test_odict.py
new file mode 100644
index 00000000..f0985ef6
--- /dev/null
+++ b/test/netlib/test_odict.py
@@ -0,0 +1,153 @@
+from netlib import odict, tutils
+
+
+class TestODict(object):
+
+    def test_repr(self):
+        h = odict.ODict()
+        h["one"] = ["two"]
+        assert repr(h)
+
+    def test_str_err(self):
+        h = odict.ODict()
+        with tutils.raises(ValueError):
+            h["key"] = u"foo"
+        with tutils.raises(ValueError):
+            h["key"] = b"foo"
+
+    def test_getset_state(self):
+        od = odict.ODict()
+        od.add("foo", 1)
+        od.add("foo", 2)
+        od.add("bar", 3)
+        state = od.get_state()
+        nd = odict.ODict.from_state(state)
+        assert nd == od
+        b = odict.ODict()
+        b.set_state(state)
+        assert b == od
+
+    def test_in_any(self):
+        od = odict.ODict()
+        od["one"] = ["atwoa", "athreea"]
+        assert od.in_any("one", "two")
+        assert od.in_any("one", "three")
+        assert not od.in_any("one", "four")
+        assert not od.in_any("nonexistent", "foo")
+        assert not od.in_any("one", "TWO")
+        assert od.in_any("one", "TWO", True)
+
+    def test_iter(self):
+        od = odict.ODict()
+        assert not [i for i in od]
+        od.add("foo", 1)
+        assert [i for i in od]
+
+    def test_keys(self):
+        od = odict.ODict()
+        assert not od.keys()
+        od.add("foo", 1)
+        assert od.keys() == ["foo"]
+        od.add("foo", 2)
+        assert od.keys() == ["foo"]
+        od.add("bar", 2)
+        assert len(od.keys()) == 2
+
+    def test_copy(self):
+        od = odict.ODict()
+        od.add("foo", 1)
+        od.add("foo", 2)
+        od.add("bar", 3)
+        assert od == od.copy()
+        assert not od != od.copy()
+
+    def test_del(self):
+        od = odict.ODict()
+        od.add("foo", 1)
+        od.add("Foo", 2)
+        od.add("bar", 3)
+        del od["foo"]
+        assert len(od.lst) == 2
+
+    def test_replace(self):
+        od = odict.ODict()
+        od.add("one", "two")
+        od.add("two", "one")
+        assert od.replace("one", "vun") == 2
+        assert od.lst == [
+            ["vun", "two"],
+            ["two", "vun"],
+        ]
+
+    def test_get(self):
+        od = odict.ODict()
+        od.add("one", "two")
+        assert od.get("one") == ["two"]
+        assert od.get("two") is None
+
+    def test_get_first(self):
+        od = odict.ODict()
+        od.add("one", "two")
+        od.add("one", "three")
+        assert od.get_first("one") == "two"
+        assert od.get_first("two") is None
+
+    def test_extend(self):
+        a = odict.ODict([["a", "b"], ["c", "d"]])
+        b = odict.ODict([["a", "b"], ["e", "f"]])
+        a.extend(b)
+        assert len(a) == 4
+        assert a["a"] == ["b", "b"]
+
+
+class TestODictCaseless(object):
+
+    def test_override(self):
+        o = odict.ODictCaseless()
+        o.add('T', 'application/x-www-form-urlencoded; charset=UTF-8')
+        o["T"] = ["foo"]
+        assert o["T"] == ["foo"]
+
+    def test_case_preservation(self):
+        od = odict.ODictCaseless()
+        od["Foo"] = ["1"]
+        assert "foo" in od
+        assert od.items()[0][0] == "Foo"
+        assert od.get("foo") == ["1"]
+        assert od.get("foo", [""]) == ["1"]
+        assert od.get("Foo", [""]) == ["1"]
+        assert od.get("xx", "yy") == "yy"
+
+    def test_del(self):
+        od = odict.ODictCaseless()
+        od.add("foo", 1)
+        od.add("Foo", 2)
+        od.add("bar", 3)
+        del od["foo"]
+        assert len(od) == 1
+
+    def test_keys(self):
+        od = odict.ODictCaseless()
+        assert not od.keys()
+        od.add("foo", 1)
+        assert od.keys() == ["foo"]
+        od.add("Foo", 2)
+        assert od.keys() == ["foo"]
+        od.add("bar", 2)
+        assert len(od.keys()) == 2
+
+    def test_add_order(self):
+        od = odict.ODict(
+            [
+                ["one", "uno"],
+                ["two", "due"],
+                ["three", "tre"],
+            ]
+        )
+        od["two"] = ["foo", "bar"]
+        assert od.lst == [
+            ["one", "uno"],
+            ["two", "foo"],
+            ["three", "tre"],
+            ["two", "bar"],
+        ]
diff --git a/test/netlib/test_socks.py b/test/netlib/test_socks.py
new file mode 100644
index 00000000..d95dee41
--- /dev/null
+++ b/test/netlib/test_socks.py
@@ -0,0 +1,149 @@
+import ipaddress
+from io import BytesIO
+import socket
+from netlib import socks, tcp, tutils
+
+
+def test_client_greeting():
+    raw = tutils.treader(b"\x05\x02\x00\xBE\xEF")
+    out = BytesIO()
+    msg = socks.ClientGreeting.from_file(raw)
+    msg.assert_socks5()
+    msg.to_file(out)
+
+    assert out.getvalue() == raw.getvalue()[:-1]
+    assert msg.ver == 5
+    assert len(msg.methods) == 2
+    assert 0xBE in msg.methods
+    assert 0xEF not in msg.methods
+
+
+def test_client_greeting_assert_socks5():
+    raw = tutils.treader(b"\x00\x00")
+    msg = socks.ClientGreeting.from_file(raw)
+    tutils.raises(socks.SocksError, msg.assert_socks5)
+
+    raw = tutils.treader(b"HTTP/1.1 200 OK" + b" " * 100)
+    msg = socks.ClientGreeting.from_file(raw)
+    try:
+        msg.assert_socks5()
+    except socks.SocksError as e:
+        assert "Invalid SOCKS version" in str(e)
+        assert "HTTP" not in str(e)
+    else:
+        assert False
+
+    raw = tutils.treader(b"GET / HTTP/1.1" + b" " * 100)
+    msg = socks.ClientGreeting.from_file(raw)
+    try:
+        msg.assert_socks5()
+    except socks.SocksError as e:
+        assert "Invalid SOCKS version" in str(e)
+        assert "HTTP" in str(e)
+    else:
+        assert False
+
+    raw = tutils.treader(b"XX")
+    tutils.raises(
+        socks.SocksError,
+        socks.ClientGreeting.from_file,
+        raw,
+        fail_early=True)
+
+
+def test_server_greeting():
+    raw = tutils.treader(b"\x05\x02")
+    out = BytesIO()
+    msg = socks.ServerGreeting.from_file(raw)
+    msg.assert_socks5()
+    msg.to_file(out)
+
+    assert out.getvalue() == raw.getvalue()
+    assert msg.ver == 5
+    assert msg.method == 0x02
+
+
+def test_server_greeting_assert_socks5():
+    raw = tutils.treader(b"HTTP/1.1 200 OK" + b" " * 100)
+    msg = socks.ServerGreeting.from_file(raw)
+    try:
+        msg.assert_socks5()
+    except socks.SocksError as e:
+        assert "Invalid SOCKS version" in str(e)
+        assert "HTTP" in str(e)
+    else:
+        assert False
+
+    raw = tutils.treader(b"GET / HTTP/1.1" + b" " * 100)
+    msg = socks.ServerGreeting.from_file(raw)
+    try:
+        msg.assert_socks5()
+    except socks.SocksError as e:
+        assert "Invalid SOCKS version" in str(e)
+        assert "HTTP" not in str(e)
+    else:
+        assert False
+
+
+def test_message():
+    raw = tutils.treader(b"\x05\x01\x00\x03\x0bexample.com\xDE\xAD\xBE\xEF")
+    out = BytesIO()
+    msg = socks.Message.from_file(raw)
+    msg.assert_socks5()
+    assert raw.read(2) == b"\xBE\xEF"
+    msg.to_file(out)
+
+    assert out.getvalue() == raw.getvalue()[:-2]
+    assert msg.ver == 5
+    assert msg.msg == 0x01
+    assert msg.atyp == 0x03
+    assert msg.addr == ("example.com", 0xDEAD)
+
+
+def test_message_assert_socks5():
+    raw = tutils.treader(b"\xEE\x01\x00\x03\x0bexample.com\xDE\xAD\xBE\xEF")
+    msg = socks.Message.from_file(raw)
+    tutils.raises(socks.SocksError, msg.assert_socks5)
+
+
+def test_message_ipv4():
+    # Test ATYP=0x01 (IPV4)
+    raw = tutils.treader(b"\x05\x01\x00\x01\x7f\x00\x00\x01\xDE\xAD\xBE\xEF")
+    out = BytesIO()
+    msg = socks.Message.from_file(raw)
+    left = raw.read(2)
+    assert left == b"\xBE\xEF"
+    msg.to_file(out)
+
+    assert out.getvalue() == raw.getvalue()[:-2]
+    assert msg.addr == ("127.0.0.1", 0xDEAD)
+
+
+def test_message_ipv6():
+    # Test ATYP=0x04 (IPV6)
+    ipv6_addr = u"2001:db8:85a3:8d3:1319:8a2e:370:7344"
+
+    raw = tutils.treader(
+        b"\x05\x01\x00\x04" +
+        ipaddress.IPv6Address(ipv6_addr).packed +
+        b"\xDE\xAD\xBE\xEF")
+    out = BytesIO()
+    msg = socks.Message.from_file(raw)
+    assert raw.read(2) == b"\xBE\xEF"
+    msg.to_file(out)
+
+    assert out.getvalue() == raw.getvalue()[:-2]
+    assert msg.addr.host == ipv6_addr
+
+
+def test_message_invalid_rsv():
+    raw = tutils.treader(b"\x05\x01\xFF\x01\x7f\x00\x00\x01\xDE\xAD\xBE\xEF")
+    tutils.raises(socks.SocksError, socks.Message.from_file, raw)
+
+
+def test_message_unknown_atyp():
+    raw = tutils.treader(b"\x05\x02\x00\x02\x7f\x00\x00\x01\xDE\xAD\xBE\xEF")
+    tutils.raises(socks.SocksError, socks.Message.from_file, raw)
+
+    m = socks.Message(5, 1, 0x02, tcp.Address(("example.com", 5050)))
+    tutils.raises(socks.SocksError, m.to_file, BytesIO())
diff --git a/test/netlib/test_tcp.py b/test/netlib/test_tcp.py
new file mode 100644
index 00000000..8ae3aa51
--- /dev/null
+++ b/test/netlib/test_tcp.py
@@ -0,0 +1,795 @@
+from io import BytesIO
+from six.moves import queue
+import time
+import socket
+import random
+import os
+import threading
+import mock
+
+from OpenSSL import SSL
+import OpenSSL
+
+from netlib import tcp, certutils, tutils, tservers
+from netlib.exceptions import InvalidCertificateException, TcpReadIncomplete, TlsException, \
+    TcpTimeout, TcpDisconnect, TcpException, NetlibException
+
+
+class EchoHandler(tcp.BaseHandler):
+    sni = None
+
+    def handle_sni(self, connection):
+        self.sni = connection.get_servername()
+
+    def handle(self):
+        v = self.rfile.readline()
+        self.wfile.write(v)
+        self.wfile.flush()
+
+
+class ClientCipherListHandler(tcp.BaseHandler):
+    sni = None
+
+    def handle(self):
+        self.wfile.write("%s" % self.connection.get_cipher_list())
+        self.wfile.flush()
+
+
+class HangHandler(tcp.BaseHandler):
+
+    def handle(self):
+        while True:
+            time.sleep(1)
+
+
+class ALPNHandler(tcp.BaseHandler):
+    sni = None
+
+    def handle(self):
+        alp = self.get_alpn_proto_negotiated()
+        if alp:
+            self.wfile.write(alp)
+        else:
+            self.wfile.write(b"NONE")
+        self.wfile.flush()
+
+
+class TestServer(tservers.ServerTestBase):
+    handler = EchoHandler
+
+    def test_echo(self):
+        testval = b"echo!\n"
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+    def test_thread_start_error(self):
+        with mock.patch.object(threading.Thread, "start", side_effect=threading.ThreadError("nonewthread")) as m:
+            c = tcp.TCPClient(("127.0.0.1", self.port))
+            c.connect()
+            assert not c.rfile.read(1)
+            assert m.called
+            assert "nonewthread" in self.q.get_nowait()
+        self.test_echo()
+
+
+class TestServerBind(tservers.ServerTestBase):
+
+    class handler(tcp.BaseHandler):
+
+        def handle(self):
+            self.wfile.write(str(self.connection.getpeername()).encode())
+            self.wfile.flush()
+
+    def test_bind(self):
+        """ Test to bind to a given random port. Try again if the random port turned out to be blocked. """
+        for i in range(20):
+            random_port = random.randrange(1024, 65535)
+            try:
+                c = tcp.TCPClient(
+                    ("127.0.0.1", self.port), source_address=(
+                        "127.0.0.1", random_port))
+                c.connect()
+                assert c.rfile.readline() == str(("127.0.0.1", random_port)).encode()
+                return
+            except TcpException:  # port probably already in use
+                pass
+
+
+class TestServerIPv6(tservers.ServerTestBase):
+    handler = EchoHandler
+    addr = tcp.Address(("localhost", 0), use_ipv6=True)
+
+    def test_echo(self):
+        testval = b"echo!\n"
+        c = tcp.TCPClient(tcp.Address(("::1", self.port), use_ipv6=True))
+        c.connect()
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+
+class TestEcho(tservers.ServerTestBase):
+    handler = EchoHandler
+
+    def test_echo(self):
+        testval = b"echo!\n"
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+
+class HardDisconnectHandler(tcp.BaseHandler):
+
+    def handle(self):
+        self.connection.close()
+
+
+class TestFinishFail(tservers.ServerTestBase):
+
+    """
+        This tests a difficult-to-trigger exception in the .finish() method of
+        the handler.
+    """
+    handler = EchoHandler
+
+    def test_disconnect_in_finish(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.wfile.write(b"foo\n")
+        c.wfile.flush = mock.Mock(side_effect=TcpDisconnect)
+        c.finish()
+
+
+class TestServerSSL(tservers.ServerTestBase):
+    handler = EchoHandler
+    ssl = dict(
+        cipher_list="AES256-SHA",
+        chain_file=tutils.test_data.path("data/server.crt")
+    )
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl(sni=b"foo.com", options=SSL.OP_ALL)
+        testval = b"echo!\n"
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+    def test_get_current_cipher(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        assert not c.get_current_cipher()
+        c.convert_to_ssl(sni=b"foo.com")
+        ret = c.get_current_cipher()
+        assert ret
+        assert "AES" in ret[0]
+
+
+class TestSSLv3Only(tservers.ServerTestBase):
+    handler = EchoHandler
+    ssl = dict(
+        request_client_cert=False,
+        v3_only=True
+    )
+
+    def test_failure(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        tutils.raises(TlsException, c.convert_to_ssl, sni=b"foo.com")
+
+
+class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
+    handler = EchoHandler
+
+    ssl = dict(
+        cert=tutils.test_data.path("data/verificationcerts/self-signed.crt"),
+        key=tutils.test_data.path("data/verificationcerts/self-signed.key")
+    )
+
+    def test_mode_default_should_pass(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+
+        c.convert_to_ssl()
+
+        # Verification errors should be saved even if connection isn't aborted
+        # aborted
+        assert c.ssl_verification_error is not None
+
+        testval = b"echo!\n"
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+    def test_mode_none_should_pass(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+
+        c.convert_to_ssl(verify_options=SSL.VERIFY_NONE)
+
+        # Verification errors should be saved even if connection isn't aborted
+        assert c.ssl_verification_error is not None
+
+        testval = b"echo!\n"
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+    def test_mode_strict_should_fail(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+
+        with tutils.raises(InvalidCertificateException):
+            c.convert_to_ssl(
+                sni=b"example.mitmproxy.org",
+                verify_options=SSL.VERIFY_PEER,
+                ca_pemfile=tutils.test_data.path("data/verificationcerts/trusted-root.crt")
+            )
+
+        assert c.ssl_verification_error is not None
+
+        # Unknown issuing certificate authority for first certificate
+        assert c.ssl_verification_error['errno'] == 18
+        assert c.ssl_verification_error['depth'] == 0
+
+
+class TestSSLUpstreamCertVerificationWBadHostname(tservers.ServerTestBase):
+    handler = EchoHandler
+
+    ssl = dict(
+        cert=tutils.test_data.path("data/verificationcerts/trusted-leaf.crt"),
+        key=tutils.test_data.path("data/verificationcerts/trusted-leaf.key")
+    )
+
+    def test_should_fail_without_sni(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+
+        with tutils.raises(TlsException):
+            c.convert_to_ssl(
+                verify_options=SSL.VERIFY_PEER,
+                ca_pemfile=tutils.test_data.path("data/verificationcerts/trusted-root.crt")
+            )
+
+    def test_should_fail(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+
+        with tutils.raises(InvalidCertificateException):
+            c.convert_to_ssl(
+                sni=b"mitmproxy.org",
+                verify_options=SSL.VERIFY_PEER,
+                ca_pemfile=tutils.test_data.path("data/verificationcerts/trusted-root.crt")
+            )
+
+        assert c.ssl_verification_error is not None
+
+
+class TestSSLUpstreamCertVerificationWValidCertChain(tservers.ServerTestBase):
+    handler = EchoHandler
+
+    ssl = dict(
+        cert=tutils.test_data.path("data/verificationcerts/trusted-leaf.crt"),
+        key=tutils.test_data.path("data/verificationcerts/trusted-leaf.key")
+    )
+
+    def test_mode_strict_w_pemfile_should_pass(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+
+        c.convert_to_ssl(
+            sni=b"example.mitmproxy.org",
+            verify_options=SSL.VERIFY_PEER,
+            ca_pemfile=tutils.test_data.path("data/verificationcerts/trusted-root.crt")
+        )
+
+        assert c.ssl_verification_error is None
+
+        testval = b"echo!\n"
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+    def test_mode_strict_w_cadir_should_pass(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+
+        c.convert_to_ssl(
+            sni=b"example.mitmproxy.org",
+            verify_options=SSL.VERIFY_PEER,
+            ca_path=tutils.test_data.path("data/verificationcerts/")
+        )
+
+        assert c.ssl_verification_error is None
+
+        testval = b"echo!\n"
+        c.wfile.write(testval)
+        c.wfile.flush()
+        assert c.rfile.readline() == testval
+
+
+class TestSSLClientCert(tservers.ServerTestBase):
+
+    class handler(tcp.BaseHandler):
+        sni = None
+
+        def handle_sni(self, connection):
+            self.sni = connection.get_servername()
+
+        def handle(self):
+            self.wfile.write(b"%d\n" % self.clientcert.serial)
+            self.wfile.flush()
+
+    ssl = dict(
+        request_client_cert=True,
+        v3_only=False
+    )
+
+    def test_clientcert(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl(
+            cert=tutils.test_data.path("data/clientcert/client.pem"))
+        assert c.rfile.readline().strip() == b"1"
+
+    def test_clientcert_err(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        tutils.raises(
+            TlsException,
+            c.convert_to_ssl,
+            cert=tutils.test_data.path("data/clientcert/make")
+        )
+
+
+class TestSNI(tservers.ServerTestBase):
+
+    class handler(tcp.BaseHandler):
+        sni = None
+
+        def handle_sni(self, connection):
+            self.sni = connection.get_servername()
+
+        def handle(self):
+            self.wfile.write(self.sni)
+            self.wfile.flush()
+
+    ssl = True
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl(sni=b"foo.com")
+        assert c.sni == b"foo.com"
+        assert c.rfile.readline() == b"foo.com"
+
+
+class TestServerCipherList(tservers.ServerTestBase):
+    handler = ClientCipherListHandler
+    ssl = dict(
+        cipher_list='RC4-SHA'
+    )
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl(sni=b"foo.com")
+        assert c.rfile.readline() == b"['RC4-SHA']"
+
+
+class TestServerCurrentCipher(tservers.ServerTestBase):
+
+    class handler(tcp.BaseHandler):
+        sni = None
+
+        def handle(self):
+            self.wfile.write(str(self.get_current_cipher()).encode())
+            self.wfile.flush()
+
+    ssl = dict(
+        cipher_list='RC4-SHA'
+    )
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl(sni=b"foo.com")
+        assert b"RC4-SHA" in c.rfile.readline()
+
+
+class TestServerCipherListError(tservers.ServerTestBase):
+    handler = ClientCipherListHandler
+    ssl = dict(
+        cipher_list='bogus'
+    )
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        tutils.raises("handshake error", c.convert_to_ssl, sni=b"foo.com")
+
+
+class TestClientCipherListError(tservers.ServerTestBase):
+    handler = ClientCipherListHandler
+    ssl = dict(
+        cipher_list='RC4-SHA'
+    )
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        tutils.raises(
+            "cipher specification",
+            c.convert_to_ssl,
+            sni=b"foo.com",
+            cipher_list="bogus")
+
+
+class TestSSLDisconnect(tservers.ServerTestBase):
+
+    class handler(tcp.BaseHandler):
+
+        def handle(self):
+            self.finish()
+
+    ssl = True
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        # Excercise SSL.ZeroReturnError
+        c.rfile.read(10)
+        c.close()
+        tutils.raises(TcpDisconnect, c.wfile.write, b"foo")
+        tutils.raises(queue.Empty, self.q.get_nowait)
+
+
+class TestSSLHardDisconnect(tservers.ServerTestBase):
+    handler = HardDisconnectHandler
+    ssl = True
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        # Exercise SSL.SysCallError
+        c.rfile.read(10)
+        c.close()
+        tutils.raises(TcpDisconnect, c.wfile.write, b"foo")
+
+
+class TestDisconnect(tservers.ServerTestBase):
+
+    def test_echo(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.rfile.read(10)
+        c.wfile.write(b"foo")
+        c.close()
+        c.close()
+
+
+class TestServerTimeOut(tservers.ServerTestBase):
+
+    class handler(tcp.BaseHandler):
+
+        def handle(self):
+            self.timeout = False
+            self.settimeout(0.01)
+            try:
+                self.rfile.read(10)
+            except TcpTimeout:
+                self.timeout = True
+
+    def test_timeout(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        time.sleep(0.3)
+        assert self.last_handler.timeout
+
+
+class TestTimeOut(tservers.ServerTestBase):
+    handler = HangHandler
+
+    def test_timeout(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.settimeout(0.1)
+        assert c.gettimeout() == 0.1
+        tutils.raises(TcpTimeout, c.rfile.read, 10)
+
+
+class TestALPNClient(tservers.ServerTestBase):
+    handler = ALPNHandler
+    ssl = dict(
+        alpn_select=b"bar"
+    )
+
+    if tcp.HAS_ALPN:
+        def test_alpn(self):
+            c = tcp.TCPClient(("127.0.0.1", self.port))
+            c.connect()
+            c.convert_to_ssl(alpn_protos=[b"foo", b"bar", b"fasel"])
+            assert c.get_alpn_proto_negotiated() == b"bar"
+            assert c.rfile.readline().strip() == b"bar"
+
+        def test_no_alpn(self):
+            c = tcp.TCPClient(("127.0.0.1", self.port))
+            c.connect()
+            c.convert_to_ssl()
+            assert c.get_alpn_proto_negotiated() == b""
+            assert c.rfile.readline().strip() == b"NONE"
+
+    else:
+        def test_none_alpn(self):
+            c = tcp.TCPClient(("127.0.0.1", self.port))
+            c.connect()
+            c.convert_to_ssl(alpn_protos=[b"foo", b"bar", b"fasel"])
+            assert c.get_alpn_proto_negotiated() == b""
+            assert c.rfile.readline() == b"NONE"
+
+
+class TestNoSSLNoALPNClient(tservers.ServerTestBase):
+    handler = ALPNHandler
+
+    def test_no_ssl_no_alpn(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        assert c.get_alpn_proto_negotiated() == b""
+        assert c.rfile.readline().strip() == b"NONE"
+
+
+class TestSSLTimeOut(tservers.ServerTestBase):
+    handler = HangHandler
+    ssl = True
+
+    def test_timeout_client(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        c.settimeout(0.1)
+        tutils.raises(TcpTimeout, c.rfile.read, 10)
+
+
+class TestDHParams(tservers.ServerTestBase):
+    handler = HangHandler
+    ssl = dict(
+        dhparams=certutils.CertStore.load_dhparam(
+            tutils.test_data.path("data/dhparam.pem"),
+        ),
+        cipher_list="DHE-RSA-AES256-SHA"
+    )
+
+    def test_dhparams(self):
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        c.connect()
+        c.convert_to_ssl()
+        ret = c.get_current_cipher()
+        assert ret[0] == "DHE-RSA-AES256-SHA"
+
+    def test_create_dhparams(self):
+        with tutils.tmpdir() as d:
+            filename = os.path.join(d, "dhparam.pem")
+            certutils.CertStore.load_dhparam(filename)
+            assert os.path.exists(filename)
+
+
+class TestTCPClient:
+
+    def test_conerr(self):
+        c = tcp.TCPClient(("127.0.0.1", 0))
+        tutils.raises(TcpException, c.connect)
+
+
+class TestFileLike:
+
+    def test_blocksize(self):
+        s = BytesIO(b"1234567890abcdefghijklmnopqrstuvwxyz")
+        s = tcp.Reader(s)
+        s.BLOCKSIZE = 2
+        assert s.read(1) == b"1"
+        assert s.read(2) == b"23"
+        assert s.read(3) == b"456"
+        assert s.read(4) == b"7890"
+        d = s.read(-1)
+        assert d.startswith(b"abc") and d.endswith(b"xyz")
+
+    def test_wrap(self):
+        s = BytesIO(b"foobar\nfoobar")
+        s.flush()
+        s = tcp.Reader(s)
+        assert s.readline() == b"foobar\n"
+        assert s.readline() == b"foobar"
+        # Test __getattr__
+        assert s.isatty
+
+    def test_limit(self):
+        s = BytesIO(b"foobar\nfoobar")
+        s = tcp.Reader(s)
+        assert s.readline(3) == b"foo"
+
+    def test_limitless(self):
+        s = BytesIO(b"f" * (50 * 1024))
+        s = tcp.Reader(s)
+        ret = s.read(-1)
+        assert len(ret) == 50 * 1024
+
+    def test_readlog(self):
+        s = BytesIO(b"foobar\nfoobar")
+        s = tcp.Reader(s)
+        assert not s.is_logging()
+        s.start_log()
+        assert s.is_logging()
+        s.readline()
+        assert s.get_log() == b"foobar\n"
+        s.read(1)
+        assert s.get_log() == b"foobar\nf"
+        s.start_log()
+        assert s.get_log() == b""
+        s.read(1)
+        assert s.get_log() == b"o"
+        s.stop_log()
+        tutils.raises(ValueError, s.get_log)
+
+    def test_writelog(self):
+        s = BytesIO()
+        s = tcp.Writer(s)
+        s.start_log()
+        assert s.is_logging()
+        s.write(b"x")
+        assert s.get_log() == b"x"
+        s.write(b"x")
+        assert s.get_log() == b"xx"
+
+    def test_writer_flush_error(self):
+        s = BytesIO()
+        s = tcp.Writer(s)
+        o = mock.MagicMock()
+        o.flush = mock.MagicMock(side_effect=socket.error)
+        s.o = o
+        tutils.raises(TcpDisconnect, s.flush)
+
+    def test_reader_read_error(self):
+        s = BytesIO(b"foobar\nfoobar")
+        s = tcp.Reader(s)
+        o = mock.MagicMock()
+        o.read = mock.MagicMock(side_effect=socket.error)
+        s.o = o
+        tutils.raises(TcpDisconnect, s.read, 10)
+
+    def test_reset_timestamps(self):
+        s = BytesIO(b"foobar\nfoobar")
+        s = tcp.Reader(s)
+        s.first_byte_timestamp = 500
+        s.reset_timestamps()
+        assert not s.first_byte_timestamp
+
+    def test_first_byte_timestamp_updated_on_read(self):
+        s = BytesIO(b"foobar\nfoobar")
+        s = tcp.Reader(s)
+        s.read(1)
+        assert s.first_byte_timestamp
+        expected = s.first_byte_timestamp
+        s.read(5)
+        assert s.first_byte_timestamp == expected
+
+    def test_first_byte_timestamp_updated_on_readline(self):
+        s = BytesIO(b"foobar\nfoobar\nfoobar")
+        s = tcp.Reader(s)
+        s.readline()
+        assert s.first_byte_timestamp
+        expected = s.first_byte_timestamp
+        s.readline()
+        assert s.first_byte_timestamp == expected
+
+    def test_read_ssl_error(self):
+        s = mock.MagicMock()
+        s.read = mock.MagicMock(side_effect=SSL.Error())
+        s = tcp.Reader(s)
+        tutils.raises(TlsException, s.read, 1)
+
+    def test_read_syscall_ssl_error(self):
+        s = mock.MagicMock()
+        s.read = mock.MagicMock(side_effect=SSL.SysCallError())
+        s = tcp.Reader(s)
+        tutils.raises(TlsException, s.read, 1)
+
+    def test_reader_readline_disconnect(self):
+        o = mock.MagicMock()
+        o.read = mock.MagicMock(side_effect=socket.error)
+        s = tcp.Reader(o)
+        tutils.raises(TcpDisconnect, s.readline, 10)
+
+    def test_reader_incomplete_error(self):
+        s = BytesIO(b"foobar")
+        s = tcp.Reader(s)
+        tutils.raises(TcpReadIncomplete, s.safe_read, 10)
+
+
+class TestPeek(tservers.ServerTestBase):
+    handler = EchoHandler
+
+    def _connect(self, c):
+        c.connect()
+
+    def test_peek(self):
+        testval = b"peek!\n"
+        c = tcp.TCPClient(("127.0.0.1", self.port))
+        self._connect(c)
+        c.wfile.write(testval)
+        c.wfile.flush()
+
+        assert c.rfile.peek(4) == b"peek"
+        assert c.rfile.peek(6) == b"peek!\n"
+        assert c.rfile.readline() == testval
+
+        c.close()
+        with tutils.raises(NetlibException):
+            if c.rfile.peek(1) == b"":
+                # Workaround for Python 2 on Unix:
+                # Peeking a closed connection does not raise an exception here.
+                raise NetlibException()
+
+
+class TestPeekSSL(TestPeek):
+    ssl = True
+
+    def _connect(self, c):
+        c.connect()
+        c.convert_to_ssl()
+
+
+class TestAddress:
+
+    def test_simple(self):
+        a = tcp.Address("localhost", True)
+        assert a.use_ipv6
+        b = tcp.Address("foo.com", True)
+        assert not a == b
+        assert str(b) == str(tuple("foo.com"))
+        c = tcp.Address("localhost", True)
+        assert a == c
+        assert not a != c
+        assert repr(a)
+
+
+class TestSSLKeyLogger(tservers.ServerTestBase):
+    handler = EchoHandler
+    ssl = dict(
+        cipher_list="AES256-SHA"
+    )
+
+    def test_log(self):
+        testval = b"echo!\n"
+        _logfun = tcp.log_ssl_key
+
+        with tutils.tmpdir() as d:
+            logfile = os.path.join(d, "foo", "bar", "logfile")
+            tcp.log_ssl_key = tcp.SSLKeyLogger(logfile)
+
+            c = tcp.TCPClient(("127.0.0.1", self.port))
+            c.connect()
+            c.convert_to_ssl()
+            c.wfile.write(testval)
+            c.wfile.flush()
+            assert c.rfile.readline() == testval
+            c.finish()
+
+            tcp.log_ssl_key.close()
+            with open(logfile, "rb") as f:
+                assert f.read().count(b"CLIENT_RANDOM") == 2
+
+        tcp.log_ssl_key = _logfun
+
+    def test_create_logfun(self):
+        assert isinstance(
+            tcp.SSLKeyLogger.create_logfun("test"),
+            tcp.SSLKeyLogger)
+        assert not tcp.SSLKeyLogger.create_logfun(False)
diff --git a/test/netlib/test_utils.py b/test/netlib/test_utils.py
new file mode 100644
index 00000000..b096e5bc
--- /dev/null
+++ b/test/netlib/test_utils.py
@@ -0,0 +1,141 @@
+from netlib import utils, tutils
+from netlib.http import Headers
+
+def test_bidi():
+    b = utils.BiDi(a=1, b=2)
+    assert b.a == 1
+    assert b.get_name(1) == "a"
+    assert b.get_name(5) is None
+    tutils.raises(AttributeError, getattr, b, "c")
+    tutils.raises(ValueError, utils.BiDi, one=1, two=1)
+
+
+def test_hexdump():
+    assert list(utils.hexdump(b"one\0" * 10))
+
+
+def test_clean_bin():
+    assert utils.clean_bin(b"one") == b"one"
+    assert utils.clean_bin(b"\00ne") == b".ne"
+    assert utils.clean_bin(b"\nne") == b"\nne"
+    assert utils.clean_bin(b"\nne", False) == b".ne"
+    assert utils.clean_bin(u"\u2605".encode("utf8")) == b"..."
+
+    assert utils.clean_bin(u"one") == u"one"
+    assert utils.clean_bin(u"\00ne") == u".ne"
+    assert utils.clean_bin(u"\nne") == u"\nne"
+    assert utils.clean_bin(u"\nne", False) == u".ne"
+    assert utils.clean_bin(u"\u2605") == u"\u2605"
+
+
+def test_pretty_size():
+    assert utils.pretty_size(100) == "100B"
+    assert utils.pretty_size(1024) == "1kB"
+    assert utils.pretty_size(1024 + (1024 / 2.0)) == "1.5kB"
+    assert utils.pretty_size(1024 * 1024) == "1MB"
+
+
+def test_parse_url():
+    with tutils.raises(ValueError):
+        utils.parse_url("")
+
+    s, h, po, pa = utils.parse_url(b"http://foo.com:8888/test")
+    assert s == b"http"
+    assert h == b"foo.com"
+    assert po == 8888
+    assert pa == b"/test"
+
+    s, h, po, pa = utils.parse_url("http://foo/bar")
+    assert s == b"http"
+    assert h == b"foo"
+    assert po == 80
+    assert pa == b"/bar"
+
+    s, h, po, pa = utils.parse_url(b"http://user:pass@foo/bar")
+    assert s == b"http"
+    assert h == b"foo"
+    assert po == 80
+    assert pa == b"/bar"
+
+    s, h, po, pa = utils.parse_url(b"http://foo")
+    assert pa == b"/"
+
+    s, h, po, pa = utils.parse_url(b"https://foo")
+    assert po == 443
+
+    with tutils.raises(ValueError):
+        utils.parse_url(b"https://foo:bar")
+
+    # Invalid IDNA
+    with tutils.raises(ValueError):
+        utils.parse_url("http://\xfafoo")
+    # Invalid PATH
+    with tutils.raises(ValueError):
+        utils.parse_url("http:/\xc6/localhost:56121")
+    # Null byte in host
+    with tutils.raises(ValueError):
+        utils.parse_url("http://foo\0")
+    # Port out of range
+    _, _, port, _ = utils.parse_url("http://foo:999999")
+    assert port == 80
+    # Invalid IPv6 URL - see http://www.ietf.org/rfc/rfc2732.txt
+    with tutils.raises(ValueError):
+        utils.parse_url('http://lo[calhost')
+
+
+def test_unparse_url():
+    assert utils.unparse_url("http", "foo.com", 99, "") == "http://foo.com:99"
+    assert utils.unparse_url("http", "foo.com", 80, "/bar") == "http://foo.com/bar"
+    assert utils.unparse_url("https", "foo.com", 80, "") == "https://foo.com:80"
+    assert utils.unparse_url("https", "foo.com", 443, "") == "https://foo.com"
+
+
+def test_urlencode():
+    assert utils.urlencode([('foo', 'bar')])
+
+
+def test_urldecode():
+    s = "one=two&three=four"
+    assert len(utils.urldecode(s)) == 2
+
+
+def test_get_header_tokens():
+    headers = Headers()
+    assert utils.get_header_tokens(headers, "foo") == []
+    headers["foo"] = "bar"
+    assert utils.get_header_tokens(headers, "foo") == ["bar"]
+    headers["foo"] = "bar, voing"
+    assert utils.get_header_tokens(headers, "foo") == ["bar", "voing"]
+    headers.set_all("foo", ["bar, voing", "oink"])
+    assert utils.get_header_tokens(headers, "foo") == ["bar", "voing", "oink"]
+
+
+def test_multipartdecode():
+    boundary = 'somefancyboundary'
+    headers = Headers(
+        content_type='multipart/form-data; boundary=' + boundary
+    )
+    content = (
+        "--{0}\n"
+        "Content-Disposition: form-data; name=\"field1\"\n\n"
+        "value1\n"
+        "--{0}\n"
+        "Content-Disposition: form-data; name=\"field2\"\n\n"
+        "value2\n"
+        "--{0}--".format(boundary).encode()
+    )
+
+    form = utils.multipartdecode(headers, content)
+
+    assert len(form) == 2
+    assert form[0] == (b"field1", b"value1")
+    assert form[1] == (b"field2", b"value2")
+
+
+def test_parse_content_type():
+    p = utils.parse_content_type
+    assert p("text/html") == ("text", "html", {})
+    assert p("text") is None
+
+    v = p("text/html; charset=UTF-8")
+    assert v == ('text', 'html', {'charset': 'UTF-8'})
diff --git a/test/netlib/test_version_check.py b/test/netlib/test_version_check.py
new file mode 100644
index 00000000..ec2396fe
--- /dev/null
+++ b/test/netlib/test_version_check.py
@@ -0,0 +1,38 @@
+from io import StringIO
+import mock
+from netlib import version_check, version
+
+
+@mock.patch("sys.exit")
+def test_check_mitmproxy_version(sexit):
+    fp = StringIO()
+    version_check.check_mitmproxy_version(version.IVERSION, fp=fp)
+    assert not fp.getvalue()
+    assert not sexit.called
+
+    b = (version.IVERSION[0] - 1, version.IVERSION[1])
+    version_check.check_mitmproxy_version(b, fp=fp)
+    assert fp.getvalue()
+    assert sexit.called
+
+
+@mock.patch("sys.exit")
+def test_check_pyopenssl_version(sexit):
+    fp = StringIO()
+    version_check.check_pyopenssl_version(fp=fp)
+    assert not fp.getvalue()
+    assert not sexit.called
+
+    version_check.check_pyopenssl_version((9999,), fp=fp)
+    assert "outdated" in fp.getvalue()
+    assert sexit.called
+
+
+@mock.patch("sys.exit")
+@mock.patch("OpenSSL.__version__")
+def test_unparseable_pyopenssl_version(version, sexit):
+    version.split.return_value = ["foo", "bar"]
+    fp = StringIO()
+    version_check.check_pyopenssl_version(fp=fp)
+    assert "Cannot parse" in fp.getvalue()
+    assert not sexit.called
diff --git a/test/netlib/test_wsgi.py b/test/netlib/test_wsgi.py
new file mode 100644
index 00000000..8c782b27
--- /dev/null
+++ b/test/netlib/test_wsgi.py
@@ -0,0 +1,106 @@
+from io import BytesIO
+import sys
+from netlib import wsgi
+from netlib.http import Headers
+
+
+def tflow():
+    headers = Headers(test=b"value")
+    req = wsgi.Request("http", "GET", "/", "HTTP/1.1", headers, "")
+    return wsgi.Flow(("127.0.0.1", 8888), req)
+
+
+class ExampleApp:
+    
+    def __init__(self):
+        self.called = False
+
+    def __call__(self, environ, start_response):
+        self.called = True
+        status = '200 OK'
+        response_headers = [('Content-type', 'text/plain')]
+        start_response(status, response_headers)
+        return [b'Hello', b' world!\n']
+
+
+class TestWSGI:
+
+    def test_make_environ(self):
+        w = wsgi.WSGIAdaptor(None, "foo", 80, "version")
+        tf = tflow()
+        assert w.make_environ(tf, None)
+
+        tf.request.path = "/foo?bar=voing"
+        r = w.make_environ(tf, None)
+        assert r["QUERY_STRING"] == "bar=voing"
+
+    def test_serve(self):
+        ta = ExampleApp()
+        w = wsgi.WSGIAdaptor(ta, "foo", 80, "version")
+        f = tflow()
+        f.request.host = "foo"
+        f.request.port = 80
+
+        wfile = BytesIO()
+        err = w.serve(f, wfile)
+        assert ta.called
+        assert not err
+
+        val = wfile.getvalue()
+        assert b"Hello world" in val
+        assert b"Server:" in val
+
+    def _serve(self, app):
+        w = wsgi.WSGIAdaptor(app, "foo", 80, "version")
+        f = tflow()
+        f.request.host = "foo"
+        f.request.port = 80
+        wfile = BytesIO()
+        w.serve(f, wfile)
+        return wfile.getvalue()
+
+    def test_serve_empty_body(self):
+        def app(environ, start_response):
+            status = '200 OK'
+            response_headers = [('Foo', 'bar')]
+            start_response(status, response_headers)
+            return []
+        assert self._serve(app)
+
+    def test_serve_double_start(self):
+        def app(environ, start_response):
+            try:
+                raise ValueError("foo")
+            except:
+                sys.exc_info()
+            status = '200 OK'
+            response_headers = [('Content-type', 'text/plain')]
+            start_response(status, response_headers)
+            start_response(status, response_headers)
+        assert b"Internal Server Error" in self._serve(app)
+
+    def test_serve_single_err(self):
+        def app(environ, start_response):
+            try:
+                raise ValueError("foo")
+            except:
+                ei = sys.exc_info()
+            status = '200 OK'
+            response_headers = [('Content-type', 'text/plain')]
+            start_response(status, response_headers, ei)
+            yield b""
+        assert b"Internal Server Error" in self._serve(app)
+
+    def test_serve_double_err(self):
+        def app(environ, start_response):
+            try:
+                raise ValueError("foo")
+            except:
+                ei = sys.exc_info()
+            status = '200 OK'
+            response_headers = [('Content-type', 'text/plain')]
+            start_response(status, response_headers)
+            yield b"aaa"
+            start_response(status, response_headers, ei)
+            yield b"bbb"
+        assert b"Internal Server Error" in self._serve(app)
diff --git a/test/netlib/tools/getcertnames b/test/netlib/tools/getcertnames
new file mode 100644
index 00000000..e33619f7
--- /dev/null
+++ b/test/netlib/tools/getcertnames
@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+import sys
+sys.path.insert(0, "../../")
+from netlib import tcp
+
+
+def get_remote_cert(host, port, sni):
+    c = tcp.TCPClient((host, port))
+    c.connect()
+    c.convert_to_ssl(sni=sni)
+    return c.cert
+
+if len(sys.argv) > 2:
+    port = int(sys.argv[2])
+else:
+    port = 443
+if len(sys.argv) > 3:
+    sni = sys.argv[3]
+else:
+    sni = None
+
+cert = get_remote_cert(sys.argv[1], port, sni)
+print "CN:", cert.cn
+if cert.altnames:
+    print "SANs:",
+    for i in cert.altnames:
+        print "\t", i
diff --git a/test/netlib/websockets/__init__.py b/test/netlib/websockets/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/netlib/websockets/__init__.py
diff --git a/test/netlib/websockets/test_websockets.py b/test/netlib/websockets/test_websockets.py
new file mode 100644
index 00000000..d53f0d83
--- /dev/null
+++ b/test/netlib/websockets/test_websockets.py
@@ -0,0 +1,266 @@
+import os
+
+from netlib.http.http1 import read_response, read_request
+
+from netlib import tcp, websockets, http, tutils, tservers
+from netlib.http import status_codes
+from netlib.tutils import treq
+
+from netlib.exceptions import *
+
+
+class WebSocketsEchoHandler(tcp.BaseHandler):
+
+    def __init__(self, connection, address, server):
+        super(WebSocketsEchoHandler, self).__init__(
+            connection, address, server
+        )
+        self.protocol = websockets.WebsocketsProtocol()
+        self.handshake_done = False
+
+    def handle(self):
+        while True:
+            if not self.handshake_done:
+                self.handshake()
+            else:
+                self.read_next_message()
+
+    def read_next_message(self):
+        frame = websockets.Frame.from_file(self.rfile)
+        self.on_message(frame.payload)
+
+    def send_message(self, message):
+        frame = websockets.Frame.default(message, from_client=False)
+        frame.to_file(self.wfile)
+
+    def handshake(self):
+
+        req = read_request(self.rfile)
+        key = self.protocol.check_client_handshake(req.headers)
+
+        preamble = 'HTTP/1.1 101 %s' % status_codes.RESPONSES.get(101)
+        self.wfile.write(preamble.encode() + b"\r\n")
+        headers = self.protocol.server_handshake_headers(key)
+        self.wfile.write(str(headers) + "\r\n")
+        self.wfile.flush()
+        self.handshake_done = True
+
+    def on_message(self, message):
+        if message is not None:
+            self.send_message(message)
+
+
+class WebSocketsClient(tcp.TCPClient):
+
+    def __init__(self, address, source_address=None):
+        super(WebSocketsClient, self).__init__(address, source_address)
+        self.protocol = websockets.WebsocketsProtocol()
+        self.client_nonce = None
+
+    def connect(self):
+        super(WebSocketsClient, self).connect()
+
+        preamble = b'GET / HTTP/1.1'
+        self.wfile.write(preamble + b"\r\n")
+        headers = self.protocol.client_handshake_headers()
+        self.client_nonce = headers["sec-websocket-key"].encode("ascii")
+        self.wfile.write(bytes(headers) + b"\r\n")
+        self.wfile.flush()
+
+        resp = read_response(self.rfile, treq(method=b"GET"))
+        server_nonce = self.protocol.check_server_handshake(resp.headers)
+
+        if not server_nonce == self.protocol.create_server_nonce(self.client_nonce):
+            self.close()
+
+    def read_next_message(self):
+        return websockets.Frame.from_file(self.rfile).payload
+
+    def send_message(self, message):
+        frame = websockets.Frame.default(message, from_client=True)
+        frame.to_file(self.wfile)
+
+
+class TestWebSockets(tservers.ServerTestBase):
+    handler = WebSocketsEchoHandler
+
+    def __init__(self):
+        self.protocol = websockets.WebsocketsProtocol()
+
+    def random_bytes(self, n=100):
+        return os.urandom(n)
+
+    def echo(self, msg):
+        client = WebSocketsClient(("127.0.0.1", self.port))
+        client.connect()
+        client.send_message(msg)
+        response = client.read_next_message()
+        assert response == msg
+
+    def test_simple_echo(self):
+        self.echo(b"hello I'm the client")
+
+    def test_frame_sizes(self):
+        # length can fit in the the 7 bit payload length
+        small_msg = self.random_bytes(100)
+        # 50kb, sligthly larger than can fit in a 7 bit int
+        medium_msg = self.random_bytes(50000)
+        # 150kb, slightly larger than can fit in a 16 bit int
+        large_msg = self.random_bytes(150000)
+
+        self.echo(small_msg)
+        self.echo(medium_msg)
+        self.echo(large_msg)
+
+    def test_default_builder(self):
+        """
+          default builder should always generate valid frames
+        """
+        msg = self.random_bytes()
+        client_frame = websockets.Frame.default(msg, from_client=True)
+        server_frame = websockets.Frame.default(msg, from_client=False)
+
+    def test_serialization_bijection(self):
+        """
+          Ensure that various frame types can be serialized/deserialized back
+          and forth between to_bytes() and from_bytes()
+        """
+        for is_client in [True, False]:
+            for num_bytes in [100, 50000, 150000]:
+                frame = websockets.Frame.default(
+                    self.random_bytes(num_bytes), is_client
+                )
+                frame2 = websockets.Frame.from_bytes(
+                    frame.to_bytes()
+                )
+                assert frame == frame2
+
+        bytes = b'\x81\x03cba'
+        assert websockets.Frame.from_bytes(bytes).to_bytes() == bytes
+
+    def test_check_server_handshake(self):
+        headers = self.protocol.server_handshake_headers("key")
+        assert self.protocol.check_server_handshake(headers)
+        headers["Upgrade"] = "not_websocket"
+        assert not self.protocol.check_server_handshake(headers)
+
+    def test_check_client_handshake(self):
+        headers = self.protocol.client_handshake_headers("key")
+        assert self.protocol.check_client_handshake(headers) == "key"
+        headers["Upgrade"] = "not_websocket"
+        assert not self.protocol.check_client_handshake(headers)
+
+
+class BadHandshakeHandler(WebSocketsEchoHandler):
+
+    def handshake(self):
+
+        client_hs = read_request(self.rfile)
+        self.protocol.check_client_handshake(client_hs.headers)
+
+        preamble = 'HTTP/1.1 101 %s\r\n' % status_codes.RESPONSES.get(101)
+        self.wfile.write(preamble.encode())
+        headers = self.protocol.server_handshake_headers(b"malformed key")
+        self.wfile.write(bytes(headers) + b"\r\n")
+        self.wfile.flush()
+        self.handshake_done = True
+
+
+class TestBadHandshake(tservers.ServerTestBase):
+
+    """
+      Ensure that the client disconnects if the server handshake is malformed
+    """
+    handler = BadHandshakeHandler
+
+    def test(self):
+        with tutils.raises(TcpDisconnect):
+            client = WebSocketsClient(("127.0.0.1", self.port))
+            client.connect()
+            client.send_message(b"hello")
+
+
+class TestFrameHeader:
+
+    def test_roundtrip(self):
+        def round(*args, **kwargs):
+            f = websockets.FrameHeader(*args, **kwargs)
+            f2 = websockets.FrameHeader.from_file(tutils.treader(bytes(f)))
+            assert f == f2
+        round()
+        round(fin=1)
+        round(rsv1=1)
+        round(rsv2=1)
+        round(rsv3=1)
+        round(payload_length=1)
+        round(payload_length=100)
+        round(payload_length=1000)
+        round(payload_length=10000)
+        round(opcode=websockets.OPCODE.PING)
+        round(masking_key=b"test")
+
+    def test_human_readable(self):
+        f = websockets.FrameHeader(
+            masking_key=b"test",
+            fin=True,
+            payload_length=10
+        )
+        assert repr(f)
+        f = websockets.FrameHeader()
+        assert repr(f)
+
+    def test_funky(self):
+        f = websockets.FrameHeader(masking_key=b"test", mask=False)
+        raw = bytes(f)
+        f2 = websockets.FrameHeader.from_file(tutils.treader(raw))
+        assert not f2.mask
+
+    def test_violations(self):
+        tutils.raises("opcode", websockets.FrameHeader, opcode=17)
+        tutils.raises("masking key", websockets.FrameHeader, masking_key=b"x")
+
+    def test_automask(self):
+        f = websockets.FrameHeader(mask=True)
+        assert f.masking_key
+
+        f = websockets.FrameHeader(masking_key=b"foob")
+        assert f.mask
+
+        f = websockets.FrameHeader(masking_key=b"foob", mask=0)
+        assert not f.mask
+        assert f.masking_key
+
+
+class TestFrame:
+
+    def test_roundtrip(self):
+        def round(*args, **kwargs):
+            f = websockets.Frame(*args, **kwargs)
+            raw = bytes(f)
+            f2 = websockets.Frame.from_file(tutils.treader(raw))
+            assert f == f2
+        round(b"test")
+        round(b"test", fin=1)
+        round(b"test", rsv1=1)
+        round(b"test", opcode=websockets.OPCODE.PING)
+        round(b"test", masking_key=b"test")
+
+    def test_human_readable(self):
+        f = websockets.Frame()
+        assert repr(f)
+
+
+def test_masker():
+    tests = [
+        [b"a"],
+        [b"four"],
+        [b"fourf"],
+        [b"fourfive"],
+        [b"a", b"aasdfasdfa", b"asdf"],
+        [b"a" * 50, b"aasdfasdfa", b"asdf"],
+    ]
+    for i in tests:
+        m = websockets.Masker(b"abcd")
+        data = b"".join([m(t) for t in i])
+        data2 = websockets.Masker(b"abcd")(data)
+        assert data2 == b"".join(i)
diff --git a/test/pathod/data/clientcert/.gitignore b/test/pathod/data/clientcert/.gitignore
new file mode 100644
index 00000000..07bc53d2
--- /dev/null
+++ b/test/pathod/data/clientcert/.gitignore
@@ -0,0 +1,3 @@
+client.crt
+client.key
+client.req
diff --git a/test/pathod/data/clientcert/client.cnf b/test/pathod/data/clientcert/client.cnf
new file mode 100644
index 00000000..5046a944
--- /dev/null
+++ b/test/pathod/data/clientcert/client.cnf
@@ -0,0 +1,5 @@
+[ ssl_client ]
+basicConstraints = CA:FALSE
+nsCertType = client
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth
diff --git a/test/pathod/data/clientcert/client.pem b/test/pathod/data/clientcert/client.pem
new file mode 100644
index 00000000..4927bca2
--- /dev/null
+++ b/test/pathod/data/clientcert/client.pem
@@ -0,0 +1,42 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzCpoRjSTfIN24kkNap/GYmP9zVWj0Gk8R5BB/PvvN0OB1Zk0
+EEYPsWCcuhEdK0ehiDZX030doF0DOncKKa6mop/d0x2o+ts42peDhZM6JNUrm6d+
+ZWQVtio33mpp77UMhR093vaA+ExDnmE26kBTVijJ1+fRAVDXG/cmQINEri91Kk/G
+3YJ5e45UrohGI5seBZ4vV0xbHtmczFRhYFlGOvYsoIe4Lvz/eFS2pIrTIpYQ2VM/
+SQQl+JFy+NlQRsWG2NrxtKOzMnnDE7YN4I3z5D5eZFo1EtwZ48LNCeSwrEOdfuzP
+G5q5qbs5KpE/x85H9umuRwSCIArbMwBYV8a8JwIDAQABAoIBAFE3FV/IDltbmHEP
+iky93hbJm+6QgKepFReKpRVTyqb7LaygUvueQyPWQMIriKTsy675nxo8DQr7tQsO
+y3YlSZgra/xNMikIB6e82c7K8DgyrDQw/rCqjZB3Xt4VCqsWJDLXnQMSn98lx0g7
+d7Lbf8soUpKWXqfdVpSDTi4fibSX6kshXyfSTpcz4AdoncEpViUfU1xkEEmZrjT8
+1GcCsDC41xdNmzCpqRuZX7DKSFRoB+0hUzsC1oiqM7FD5kixonRd4F5PbRXImIzt
+6YCsT2okxTA04jX7yByis7LlOLTlkmLtKQYuc3erOFvwx89s4vW+AeFei+GGNitn
+tHfSwbECgYEA7SzV+nN62hAERHlg8cEQT4TxnsWvbronYWcc/ev44eHSPDWL5tPi
+GHfSbW6YAq5Wa0I9jMWfXyhOYEC3MZTC5EEeLOB71qVrTwcy/sY66rOrcgjFI76Q
+5JFHQ4wy3SWU50KxE0oWJO9LIowprG+pW1vzqC3VF0T7q0FqESrY4LUCgYEA3F7Z
+80ndnCUlooJAb+Hfotv7peFf1o6+m1PTRcz1lLnVt5R5lXj86kn+tXEpYZo1RiGR
+2rE2N0seeznWCooakHcsBN7/qmFIhhooJNF7yW+JP2I4P2UV5+tJ+8bcs/voUkQD
+1x+rGOuMn8nvHBd2+Vharft8eGL2mgooPVI2XusCgYEAlMZpO3+w8pTVeHaDP2MR
+7i/AuQ3cbCLNjSX3Y7jgGCFllWspZRRIYXzYPNkA9b2SbBnTLjjRLgnEkFBIGgvs
+7O2EFjaCuDRvydUEQhjq4ErwIsopj7B8h0QyZcbOKTbn3uFQ3n68wVJx2Sv/ADHT
+FIHrp/WIE96r19Niy34LKXkCgYB2W59VsuOKnMz01l5DeR5C+0HSWxS9SReIl2IO
+yEFSKullWyJeLIgyUaGy0990430feKI8whcrZXYumuah7IDN/KOwzhCk8vEfzWao
+N7bzfqtJVrh9HA7C7DVlO+6H4JFrtcoWPZUIomJ549w/yz6EN3ckoMC+a/Ck1TW9
+ka1QFwKBgQCywG6TrZz0UmOjyLQZ+8Q4uvZklSW5NAKBkNnyuQ2kd5rzyYgMPE8C
+Er8T88fdVIKvkhDyHhwcI7n58xE5Gr7wkwsrk/Hbd9/ZB2GgAPY3cATskK1v1McU
+YeX38CU0fUS4aoy26hWQXkViB47IGQ3jWo3ZCtzIJl8DI9/RsBWTnw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICYDCCAckCAQEwDQYJKoZIhvcNAQEFBQAwKDESMBAGA1UEAxMJbWl0bXByb3h5
+MRIwEAYDVQQKEwltaXRtcHJveHkwHhcNMTMwMTIwMDEwODEzWhcNMTUxMDE3MDEw
+ODEzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UE
+ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAzCpoRjSTfIN24kkNap/GYmP9zVWj0Gk8R5BB/PvvN0OB1Zk0
+EEYPsWCcuhEdK0ehiDZX030doF0DOncKKa6mop/d0x2o+ts42peDhZM6JNUrm6d+
+ZWQVtio33mpp77UMhR093vaA+ExDnmE26kBTVijJ1+fRAVDXG/cmQINEri91Kk/G
+3YJ5e45UrohGI5seBZ4vV0xbHtmczFRhYFlGOvYsoIe4Lvz/eFS2pIrTIpYQ2VM/
+SQQl+JFy+NlQRsWG2NrxtKOzMnnDE7YN4I3z5D5eZFo1EtwZ48LNCeSwrEOdfuzP
+G5q5qbs5KpE/x85H9umuRwSCIArbMwBYV8a8JwIDAQABMA0GCSqGSIb3DQEBBQUA
+A4GBAFvI+cd47B85PQ970n2dU/PlA2/Hb1ldrrXh2guR4hX6vYx/uuk5yRI/n0Rd
+KOXJ3czO0bd2Fpe3ZoNpkW0pOSDej/Q+58ScuJd0gWCT/Sh1eRk6ZdC0kusOuWoY
+bPOPMkG45LPgUMFOnZEsfJP6P5mZIxlbCvSMFC25nPHWlct7
+-----END CERTIFICATE-----
diff --git a/test/pathod/data/clientcert/make b/test/pathod/data/clientcert/make
new file mode 100644
index 00000000..d1caea81
--- /dev/null
+++ b/test/pathod/data/clientcert/make
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+openssl genrsa -out client.key 2048
+openssl req -key client.key -new -out client.req
+openssl x509 -req -days 365 -in client.req -signkey client.key -out client.crt -extfile client.cnf -extensions ssl_client
+openssl x509 -req -days 1000 -in client.req -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -set_serial 00001 -out client.crt -extensions ssl_client
+cat client.key client.crt > client.pem
+openssl x509 -text -noout -in client.pem
diff --git a/test/pathod/data/file b/test/pathod/data/file
new file mode 100644
index 00000000..26918572
--- /dev/null
+++ b/test/pathod/data/file
@@ -0,0 +1 @@
+testfile
diff --git a/test/pathod/data/request b/test/pathod/data/request
new file mode 100644
index 00000000..c4c90e76
--- /dev/null
+++ b/test/pathod/data/request
@@ -0,0 +1 @@
+get:/foo
diff --git a/test/pathod/data/response b/test/pathod/data/response
new file mode 100644
index 00000000..8f897c85
--- /dev/null
+++ b/test/pathod/data/response
@@ -0,0 +1 @@
+202
diff --git a/test/pathod/data/testkey.pem b/test/pathod/data/testkey.pem
new file mode 100644
index 00000000..b804bd4c
--- /dev/null
+++ b/test/pathod/data/testkey.pem
@@ -0,0 +1,68 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5QIBAAKCAYEAwvtKxoZvBV2AxPAkCx8PXbuE7KeqK9bBvk8x+JchPMdf/KZj
+sdu2v6Gm8Hi053i7ZGxouFvonJxHAiK6cwk9OYQwa9fbOFf2mgWKEBO4fbCH93tW
+DCTdWVxFyNViAvxGHlJs3/IU03pIG29AgUnhRW8pGbabAfx8emcOZJZ3ykEuimaC
+4s7mRwdc63GXnbcjTtRkrJsBATI+xvPwuR2+4daX7sPCf0kel3bN2jMpwXfvk/Ww
+kJ2BIEeZCg0qIvyMjH9qrUirUnsmQnpPln0CGBbQEBsW9yMfGoFdREiMYls5jZeq
+NxjWNv1RTRIm/4RjMwyxnoTA9eDS9wwO2NnJS4vfXAnUTP4BYx8Pe4ZMA2Gm6YrC
+ysT6YA1xdHNpcuHXClxwmPj/cm8Z5kIg5clbNIK60ts9yFr/Ao3KPPYJ2GBv8/Oe
+ApPBJuubews+/9/13Ew/SJ1t2u28+sPbgXUG8dC2n4vWTvJwKf6Duqxgnm82zdzj
+SZoXRQsP984qiN7NAgMBAAECggGBALB6rqWdzCL5DLI0AQun40qdjaR95UKksNvF
+5p7we379nl2ZZKb5DSHJ+MWzG1pfJo2wqeAkIBiQQp0mPcgdVrMWeJVD3QHUbDng
+RaRjlRr+izJvCeUYANj+8ZLjwECfgf+z7yOLg1oeVeGvAp2C90jXYkYJx6c2lpxb
+ZuWYY3hHIw7V1iXfywIDIhFg0TBJMMYK68xmx7QDfFqrNPj4eWsDxqSvvv1iezPw
+rkWPBX49RjWPrW5XgSZsZ5J3c+oS1rZmIY7EAgopTWB/3wJjZR1Idz/9l9LIWlBP
+6zVC27CIZzSEeGguqNVeyzJ0TPWh5idYNRmSZr6eTUF0245LNO/gqvWKgRSNIZko
+HoBa2F1AvCiB67S1kxjwS5y3VkudZE4jkgGKcC2Ws/9QmOZ0HAsjI8VAMp2hj6iN
+0HdPMTNtsLgbhKyXsoZuW4YmwfSTPxGi2gvcI7GUozpTz84n1cOneJnz1ygx6Uru
+v8DpQg+VX6xTy4X6AK1F8OYNMZ/jaQKBwQDv30NevQStnGbTmcSr+0fd4rmWFklK
+V6B2X7zWynVpSGvCWkqVSp3mG6aiZItAltVMRL/9LT6zIheyClyd+vXIjR2+W210
+XMxrvz7A8qCXkvB2dyEhrMdCfZ7p8+kf+eD2c/Mnxb7VpmDfHYLx30JeQoBwjrwU
+Eul+dE1P+r8bWBaLTjlsipTya74yItWWAToXAo+s1BXBtXhEsLoe4FghlC0u724d
+ucjDaeICdLcerApdvg6Q6p4kVHaoF6ka6I8CgcEA0Bdc05ery9gLC6CclV+BhA5Q
+dfDq2P7qhc7e1ipwNRrQo2gy5HhgOkTL3dJWc+8rV6CBP/JfchnsW40tDOnPCTLT
+gg3n7vv3RHrtncApXuhIFR+B5xjohTPBzxRUMiAOre2d0F5b6eBXFjptf/1i2tQ+
+qdqJoyOGOZP0hKVslGIfz+CKc6WEkIqX7c91Msdr5myeaWDI5TsurfuKRBH395T3
+BMAi6oinAAEb1rdySenLO2A/0kVmBVlTpaN3TNjjAoHBAMvS4uQ1qSv8okNbfgrF
+UqPwa9JkzZImM2tinovFLU9xAl/7aTTCWrmU9Vs4JDuV71kHcjwnngeJCKl4tIpp
+HUB06Lk/5xnhYLKNpz087cjeSwXe5IBA2HBfXhFd+NH6+nVwwUUieq4A2n+8C/CK
+zVJbH9iE8Lv99fpFyQwU/R63EzD8Hz9j4ny7oLnpb6QvFrVGr98jt/kJwlBb+0sR
+RtIBnwMq4F7R5w5lgm6jzpZ5ibVuMeJh+k7Ulp7uu/rpcQKBwQDE3sWIvf7f7PaO
+OpbJz0CmYjCHVLWrNIlGrPAv6Jid9U+cuXEkrCpGFl5V77CxIH59+bEuga0BMztl
+ZkxP4khoqHhom6VpeWJ3nGGAFJRPYS0JJvTsYalilBPxSYdaoO+iZ6MdxpfozcE2
+m3KLW3uSEqlyYvpCqNJNWQhGEoeGXstADWyPevHPGgAhElwL/ZW8u9inU9Tc4sAI
+BGnMer+BsaJ+ERU3lK+Clony+z2aZiFLfIUE93lM6DT2CZBN2QcCgcAVk4L0bfA6
+HFnP/ZWNlnYWpOVFKcq57PX+J5/k7Tf34e2cYM2P0eqYggWZbzVd8qoCOQCHrAx0
+aZSSvEyKAVvzRNeqbm1oXaMojksMnrSX5henHjPbZlr1EmM7+zMnSTMkfVOx/6g1
+97sASej31XdOAgKCBJGymrwvYrCLW+P5cHqd+D8v/PvfpRIQM54p5ixRt3EYZvtR
+zGrzsr0OGyOLZtj1DB0a3kvajAAOCl3TawJSzviKo2mwc+/xj28MCQM=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE4TCCA0mgAwIBAgIJALONCAWZxPhUMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
+BAYTAk5aMQ4wDAYDVQQIDAVPdGFnbzEPMA0GA1UECgwGUGF0aG9kMREwDwYDVQQD
+DAh0ZXN0LmNvbTAeFw0xNTA0MTgyMjA0NTNaFw00MjA5MDIyMjA0NTNaMEExCzAJ
+BgNVBAYTAk5aMQ4wDAYDVQQIDAVPdGFnbzEPMA0GA1UECgwGUGF0aG9kMREwDwYD
+VQQDDAh0ZXN0LmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAML7
+SsaGbwVdgMTwJAsfD127hOynqivWwb5PMfiXITzHX/ymY7Hbtr+hpvB4tOd4u2Rs
+aLhb6JycRwIiunMJPTmEMGvX2zhX9poFihATuH2wh/d7Vgwk3VlcRcjVYgL8Rh5S
+bN/yFNN6SBtvQIFJ4UVvKRm2mwH8fHpnDmSWd8pBLopmguLO5kcHXOtxl523I07U
+ZKybAQEyPsbz8LkdvuHWl+7Dwn9JHpd2zdozKcF375P1sJCdgSBHmQoNKiL8jIx/
+aq1Iq1J7JkJ6T5Z9AhgW0BAbFvcjHxqBXURIjGJbOY2XqjcY1jb9UU0SJv+EYzMM
+sZ6EwPXg0vcMDtjZyUuL31wJ1Ez+AWMfD3uGTANhpumKwsrE+mANcXRzaXLh1wpc
+cJj4/3JvGeZCIOXJWzSCutLbPcha/wKNyjz2Cdhgb/PzngKTwSbrm3sLPv/f9dxM
+P0idbdrtvPrD24F1BvHQtp+L1k7ycCn+g7qsYJ5vNs3c40maF0ULD/fOKojezQID
+AQABo4HbMIHYMAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUbEgfTauEqEP/bnBtby1K
+bihJvcswcQYDVR0jBGowaIAUbEgfTauEqEP/bnBtby1KbihJvcuhRaRDMEExCzAJ
+BgNVBAYTAk5aMQ4wDAYDVQQIDAVPdGFnbzEPMA0GA1UECgwGUGF0aG9kMREwDwYD
+VQQDDAh0ZXN0LmNvbYIJALONCAWZxPhUMAwGA1UdEwQFMAMBAf8wKQYDVR0RBCIw
+IIIIdGVzdC5jb22CCXRlc3QyLmNvbYIJdGVzdDMuY29tMA0GCSqGSIb3DQEBCwUA
+A4IBgQBcTedXtUb91DxQRtg73iomz7cQ4niZntUBW8iE5rpoA7prtQNGHMCbHwaX
+tbWFkzBmL5JTBWvd/6AQ2LtiB3rYB3W/iRhbpsNJ501xaoOguPEQ9720Ph8TEveM
+208gNzGsEOcNALwyXj2y9M19NGu9zMa8eu1Tc3IsQaVaGKHx8XZn5HTNUx8EdcwI
+Z/Ji9ETDCL7+e5INv0tqfFSazWaQUwxM4IzPMkKTYRcMuN/6eog609k9r9pp32Ut
+rKlzc6GIkAlgJJ0Wkoz1V46DmJNJdJG7eLu/mtsB85j6hytIQeWTf1fll5YnMZLF
+HgNZtfYn8Q0oTdBQ0ZOaZeQCfZ8emYBdLJf2YB83uGRMjQ1FoeIxzQqiRq8WHRdb
+9Q45i0DINMnNp0DbLMA4numZ7wT9SQb6sql9eUyuCNDw7nGIWTHUNfLtU1Er3h1d
+icJuApx9+//UN/pGh0yTXb3fZbiI4IehRmkpnIWonIAwaVGm6JZU04wiIn8CuBho
+/qQdlS8=
+-----END CERTIFICATE-----
diff --git a/test/pathod/scripts/generate.sh b/test/pathod/scripts/generate.sh
new file mode 100644
index 00000000..eec3077d
--- /dev/null
+++ b/test/pathod/scripts/generate.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ ! -f ./private.key ]
+then
+    openssl genrsa -out private.key 3072
+fi
+openssl req \
+    -batch \
+    -new -x509 \
+    -key private.key \
+    -sha256 \
+    -out cert.pem \
+    -days 9999 \
+    -config ./openssl.cnf
+openssl x509 -in cert.pem -text -noout
+cat ./private.key ./cert.pem > testcert.pem
+rm ./private.key ./cert.pem
diff --git a/test/pathod/scripts/openssl.cnf b/test/pathod/scripts/openssl.cnf
new file mode 100644
index 00000000..5c890354
--- /dev/null
+++ b/test/pathod/scripts/openssl.cnf
@@ -0,0 +1,39 @@
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+x509_extensions	= v3_ca
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= NZ
+countryName_min			= 2
+countryName_max			= 2
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Otago
+localityName			= Locality Name (eg, city)
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Pathod
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_default = test.com
+commonName_max			= 64
+
+[ v3_req ]
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+keyUsage = digitalSignature, keyEncipherment
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+subjectAltName      = @alternate_names
+
+
+[ alternate_names ]
+
+DNS.1        = test.com
+DNS.2        = test2.com
+DNS.3        = test3.com
diff --git a/test/pathod/test_app.py b/test/pathod/test_app.py
new file mode 100644
index 00000000..4536db8e
--- /dev/null
+++ b/test/pathod/test_app.py
@@ -0,0 +1,85 @@
+import tutils
+
+
+class TestApp(tutils.DaemonTests):
+    SSL = False
+
+    def test_index(self):
+        r = self.getpath("/")
+        assert r.status_code == 200
+        assert r.content
+
+    def test_about(self):
+        r = self.getpath("/about")
+        assert r.ok
+
+    def test_download(self):
+        r = self.getpath("/download")
+        assert r.ok
+
+    def test_docs(self):
+        assert self.getpath("/docs/pathod").status_code == 200
+        assert self.getpath("/docs/pathoc").status_code == 200
+        assert self.getpath("/docs/language").status_code == 200
+        assert self.getpath("/docs/libpathod").status_code == 200
+        assert self.getpath("/docs/test").status_code == 200
+
+    def test_log(self):
+        assert self.getpath("/log").status_code == 200
+        assert self.get("200:da").status_code == 200
+        id = self.d.log()[0]["id"]
+        assert self.getpath("/log").status_code == 200
+        assert self.getpath("/log/%s" % id).status_code == 200
+        assert self.getpath("/log/9999999").status_code == 404
+
+    def test_log_binary(self):
+        assert self.get("200:h@10b=@10b:da")
+
+    def test_response_preview(self):
+        r = self.getpath("/response_preview", params=dict(spec="200"))
+        assert r.status_code == 200
+        assert 'Response' in r.content
+
+        r = self.getpath("/response_preview", params=dict(spec="foo"))
+        assert r.status_code == 200
+        assert 'Error' in r.content
+
+        r = self.getpath("/response_preview", params=dict(spec="200:b@100m"))
+        assert r.status_code == 200
+        assert "too large" in r.content
+
+        r = self.getpath("/response_preview", params=dict(spec="200:b@5k"))
+        assert r.status_code == 200
+        assert 'Response' in r.content
+
+        r = self.getpath(
+            "/response_preview",
+            params=dict(
+                spec="200:b<nonexistent"))
+        assert r.status_code == 200
+        assert 'File access denied' in r.content
+
+        r = self.getpath("/response_preview", params=dict(spec="200:b<file"))
+        assert r.status_code == 200
+        assert 'testfile' in r.content
+
+    def test_request_preview(self):
+        r = self.getpath("/request_preview", params=dict(spec="get:/"))
+        assert r.status_code == 200
+        assert 'Request' in r.content
+
+        r = self.getpath("/request_preview", params=dict(spec="foo"))
+        assert r.status_code == 200
+        assert 'Error' in r.content
+
+        r = self.getpath("/request_preview", params=dict(spec="get:/:b@100m"))
+        assert r.status_code == 200
+        assert "too large" in r.content
+
+        r = self.getpath("/request_preview", params=dict(spec="get:/:b@5k"))
+        assert r.status_code == 200
+        assert 'Request' in r.content
+
+        r = self.getpath("/request_preview", params=dict(spec=""))
+        assert r.status_code == 200
+        assert 'empty spec' in r.content
diff --git a/test/pathod/test_language_actions.py b/test/pathod/test_language_actions.py
new file mode 100644
index 00000000..755f0d85
--- /dev/null
+++ b/test/pathod/test_language_actions.py
@@ -0,0 +1,135 @@
+import cStringIO
+
+from libpathod.language import actions
+from libpathod import language
+
+
+def parse_request(s):
+    return language.parse_pathoc(s).next()
+
+
+def test_unique_name():
+    assert not actions.PauseAt(0, "f").unique_name
+    assert actions.DisconnectAt(0).unique_name
+
+
+class TestDisconnects:
+
+    def test_parse_pathod(self):
+        a = language.parse_pathod("400:d0").next().actions[0]
+        assert a.spec() == "d0"
+        a = language.parse_pathod("400:dr").next().actions[0]
+        assert a.spec() == "dr"
+
+    def test_at(self):
+        e = actions.DisconnectAt.expr()
+        v = e.parseString("d0")[0]
+        assert isinstance(v, actions.DisconnectAt)
+        assert v.offset == 0
+
+        v = e.parseString("d100")[0]
+        assert v.offset == 100
+
+        e = actions.DisconnectAt.expr()
+        v = e.parseString("dr")[0]
+        assert v.offset == "r"
+
+    def test_spec(self):
+        assert actions.DisconnectAt("r").spec() == "dr"
+        assert actions.DisconnectAt(10).spec() == "d10"
+
+
+class TestInject:
+
+    def test_parse_pathod(self):
+        a = language.parse_pathod("400:ir,@100").next().actions[0]
+        assert a.offset == "r"
+        assert a.value.datatype == "bytes"
+        assert a.value.usize == 100
+
+        a = language.parse_pathod("400:ia,@100").next().actions[0]
+        assert a.offset == "a"
+
+    def test_at(self):
+        e = actions.InjectAt.expr()
+        v = e.parseString("i0,'foo'")[0]
+        assert v.value.val == "foo"
+        assert v.offset == 0
+        assert isinstance(v, actions.InjectAt)
+
+        v = e.parseString("ir,'foo'")[0]
+        assert v.offset == "r"
+
+    def test_serve(self):
+        s = cStringIO.StringIO()
+        r = language.parse_pathod("400:i0,'foo'").next()
+        assert language.serve(r, s, {})
+
+    def test_spec(self):
+        e = actions.InjectAt.expr()
+        v = e.parseString("i0,'foo'")[0]
+        assert v.spec() == 'i0,"foo"'
+
+    def test_spec(self):
+        e = actions.InjectAt.expr()
+        v = e.parseString("i0,@100")[0]
+        v2 = v.freeze({})
+        v3 = v2.freeze({})
+        assert v2.value.val == v3.value.val
+
+
+class TestPauses:
+
+    def test_parse_pathod(self):
+        e = actions.PauseAt.expr()
+        v = e.parseString("p10,10")[0]
+        assert v.seconds == 10
+        assert v.offset == 10
+
+        v = e.parseString("p10,f")[0]
+        assert v.seconds == "f"
+
+        v = e.parseString("pr,f")[0]
+        assert v.offset == "r"
+
+        v = e.parseString("pa,f")[0]
+        assert v.offset == "a"
+
+    def test_request(self):
+        r = language.parse_pathod('400:p10,10').next()
+        assert r.actions[0].spec() == "p10,10"
+
+    def test_spec(self):
+        assert actions.PauseAt("r", 5).spec() == "pr,5"
+        assert actions.PauseAt(0, 5).spec() == "p0,5"
+        assert actions.PauseAt(0, "f").spec() == "p0,f"
+
+    def test_freeze(self):
+        l = actions.PauseAt("r", 5)
+        assert l.freeze({}).spec() == l.spec()
+
+
+class Test_Action:
+
+    def test_cmp(self):
+        a = actions.DisconnectAt(0)
+        b = actions.DisconnectAt(1)
+        c = actions.DisconnectAt(0)
+        assert a < b
+        assert a == c
+        l = sorted([b, a])
+        assert l[0].offset == 0
+
+    def test_resolve(self):
+        r = parse_request('GET:"/foo"')
+        e = actions.DisconnectAt("r")
+        ret = e.resolve({}, r)
+        assert isinstance(ret.offset, int)
+
+    def test_repr(self):
+        e = actions.DisconnectAt("r")
+        assert repr(e)
+
+    def test_freeze(self):
+        l = actions.DisconnectAt(5)
+        assert l.freeze({}).spec() == l.spec()
diff --git a/test/pathod/test_language_base.py b/test/pathod/test_language_base.py
new file mode 100644
index 00000000..b18ee5b2
--- /dev/null
+++ b/test/pathod/test_language_base.py
@@ -0,0 +1,352 @@
+import os
+from libpathod import language
+from libpathod.language import base, exceptions
+import tutils
+
+
+def parse_request(s):
+    return language.parse_pathoc(s).next()
+
+
+def test_times():
+    reqs = list(language.parse_pathoc("get:/:x5"))
+    assert len(reqs) == 5
+    assert not reqs[0].times
+
+
+def test_caseless_literal():
+    class CL(base.CaselessLiteral):
+        TOK = "foo"
+    v = CL("foo")
+    assert v.expr()
+    assert v.values(language.Settings())
+
+
+class TestTokValueNakedLiteral:
+
+    def test_expr(self):
+        v = base.TokValueNakedLiteral("foo")
+        assert v.expr()
+
+    def test_spec(self):
+        v = base.TokValueNakedLiteral("foo")
+        assert v.spec() == repr(v) == "foo"
+
+        v = base.TokValueNakedLiteral("f\x00oo")
+        assert v.spec() == repr(v) == r"f\x00oo"
+
+
+class TestTokValueLiteral:
+
+    def test_espr(self):
+        v = base.TokValueLiteral("foo")
+        assert v.expr()
+        assert v.val == "foo"
+
+        v = base.TokValueLiteral("foo\n")
+        assert v.expr()
+        assert v.val == "foo\n"
+        assert repr(v)
+
+    def test_spec(self):
+        v = base.TokValueLiteral("foo")
+        assert v.spec() == r"'foo'"
+
+        v = base.TokValueLiteral("f\x00oo")
+        assert v.spec() == repr(v) == r"'f\x00oo'"
+
+        v = base.TokValueLiteral("\"")
+        assert v.spec() == repr(v) == '\'"\''
+
+    def roundtrip(self, spec):
+        e = base.TokValueLiteral.expr()
+        v = base.TokValueLiteral(spec)
+        v2 = e.parseString(v.spec())
+        assert v.val == v2[0].val
+        assert v.spec() == v2[0].spec()
+
+    def test_roundtrip(self):
+        self.roundtrip("'")
+        self.roundtrip('\'')
+        self.roundtrip("a")
+        self.roundtrip("\"")
+        # self.roundtrip("\\")
+        self.roundtrip("200:b'foo':i23,'\\''")
+        self.roundtrip("\a")
+
+
+class TestTokValueGenerate:
+
+    def test_basic(self):
+        v = base.TokValue.parseString("@10b")[0]
+        assert v.usize == 10
+        assert v.unit == "b"
+        assert v.bytes() == 10
+        v = base.TokValue.parseString("@10")[0]
+        assert v.unit == "b"
+        v = base.TokValue.parseString("@10k")[0]
+        assert v.bytes() == 10240
+        v = base.TokValue.parseString("@10g")[0]
+        assert v.bytes() == 1024 ** 3 * 10
+
+        v = base.TokValue.parseString("@10g,digits")[0]
+        assert v.datatype == "digits"
+        g = v.get_generator({})
+        assert g[:100]
+
+        v = base.TokValue.parseString("@10,digits")[0]
+        assert v.unit == "b"
+        assert v.datatype == "digits"
+
+    def test_spec(self):
+        v = base.TokValueGenerate(1, "b", "bytes")
+        assert v.spec() == repr(v) == "@1"
+
+        v = base.TokValueGenerate(1, "k", "bytes")
+        assert v.spec() == repr(v) == "@1k"
+
+        v = base.TokValueGenerate(1, "k", "ascii")
+        assert v.spec() == repr(v) == "@1k,ascii"
+
+        v = base.TokValueGenerate(1, "b", "ascii")
+        assert v.spec() == repr(v) == "@1,ascii"
+
+    def test_freeze(self):
+        v = base.TokValueGenerate(100, "b", "ascii")
+        f = v.freeze(language.Settings())
+        assert len(f.val) == 100
+
+
+class TestTokValueFile:
+
+    def test_file_value(self):
+        v = base.TokValue.parseString("<'one two'")[0]
+        assert str(v)
+        assert v.path == "one two"
+
+        v = base.TokValue.parseString("<path")[0]
+        assert v.path == "path"
+
+    def test_access_control(self):
+        v = base.TokValue.parseString("<path")[0]
+        with tutils.tmpdir() as t:
+            p = os.path.join(t, "path")
+            with open(p, "wb") as f:
+                f.write("x" * 10000)
+
+            assert v.get_generator(language.Settings(staticdir=t))
+
+            v = base.TokValue.parseString("<path2")[0]
+            tutils.raises(
+                exceptions.FileAccessDenied,
+                v.get_generator,
+                language.Settings(staticdir=t)
+            )
+            tutils.raises(
+                "access disabled",
+                v.get_generator,
+                language.Settings()
+            )
+
+            v = base.TokValue.parseString("</outside")[0]
+            tutils.raises(
+                "outside",
+                v.get_generator,
+                language.Settings(staticdir=t)
+            )
+
+    def test_spec(self):
+        v = base.TokValue.parseString("<'one two'")[0]
+        v2 = base.TokValue.parseString(v.spec())[0]
+        assert v2.path == "one two"
+
+    def test_freeze(self):
+        v = base.TokValue.parseString("<'one two'")[0]
+        v2 = v.freeze({})
+        assert v2.path == v.path
+
+
+class TestMisc:
+
+    def test_generators(self):
+        v = base.TokValue.parseString("'val'")[0]
+        g = v.get_generator({})
+        assert g[:] == "val"
+
+    def test_value(self):
+        assert base.TokValue.parseString("'val'")[0].val == "val"
+        assert base.TokValue.parseString('"val"')[0].val == "val"
+        assert base.TokValue.parseString('"\'val\'"')[0].val == "'val'"
+
+    def test_value(self):
+        class TT(base.Value):
+            preamble = "m"
+        e = TT.expr()
+        v = e.parseString("m'msg'")[0]
+        assert v.value.val == "msg"
+
+        s = v.spec()
+        assert s == e.parseString(s)[0].spec()
+
+        v = e.parseString("m@100")[0]
+        v2 = v.freeze({})
+        v3 = v2.freeze({})
+        assert v2.value.val == v3.value.val
+
+    def test_fixedlengthvalue(self):
+        class TT(base.FixedLengthValue):
+            preamble = "m"
+            length = 4
+
+        e = TT.expr()
+        assert e.parseString("m@4")
+        tutils.raises("invalid value length", e.parseString, "m@100")
+        tutils.raises("invalid value length", e.parseString, "m@1")
+
+        with tutils.tmpdir() as t:
+            p = os.path.join(t, "path")
+            s = base.Settings(staticdir=t)
+            with open(p, "wb") as f:
+                f.write("a" * 20)
+            v = e.parseString("m<path")[0]
+            tutils.raises("invalid value length", v.values, s)
+
+            p = os.path.join(t, "path")
+            with open(p, "wb") as f:
+                f.write("a" * 4)
+            v = e.parseString("m<path")[0]
+            assert v.values(s)
+
+
+class TKeyValue(base.KeyValue):
+    preamble = "h"
+
+    def values(self, settings):
+        return [
+            self.key.get_generator(settings),
+            ": ",
+            self.value.get_generator(settings),
+            "\r\n",
+        ]
+
+
+class TestKeyValue:
+
+    def test_simple(self):
+        e = TKeyValue.expr()
+        v = e.parseString("h'foo'='bar'")[0]
+        assert v.key.val == "foo"
+        assert v.value.val == "bar"
+
+        v2 = e.parseString(v.spec())[0]
+        assert v2.key.val == v.key.val
+        assert v2.value.val == v.value.val
+
+        s = v.spec()
+        assert s == e.parseString(s)[0].spec()
+
+    def test_freeze(self):
+        e = TKeyValue.expr()
+        v = e.parseString("h@10=@10'")[0]
+        v2 = v.freeze({})
+        v3 = v2.freeze({})
+        assert v2.key.val == v3.key.val
+        assert v2.value.val == v3.value.val
+
+
+def test_intfield():
+    class TT(base.IntField):
+        preamble = "t"
+        names = {
+            "one": 1,
+            "two": 2,
+            "three": 3
+        }
+        max = 4
+    e = TT.expr()
+
+    v = e.parseString("tone")[0]
+    assert v.value == 1
+    assert v.spec() == "tone"
+    assert v.values(language.Settings())
+
+    v = e.parseString("t1")[0]
+    assert v.value == 1
+    assert v.spec() == "t1"
+
+    v = e.parseString("t4")[0]
+    assert v.value == 4
+    assert v.spec() == "t4"
+
+    tutils.raises("can't exceed", e.parseString, "t5")
+
+
+def test_options_or_value():
+    class TT(base.OptionsOrValue):
+        options = [
+            "one",
+            "two",
+            "three"
+        ]
+    e = TT.expr()
+    assert e.parseString("one")[0].value.val == "one"
+    assert e.parseString("'foo'")[0].value.val == "foo"
+    assert e.parseString("'get'")[0].value.val == "get"
+
+    assert e.parseString("one")[0].spec() == "one"
+    assert e.parseString("'foo'")[0].spec() == "'foo'"
+
+    s = e.parseString("one")[0].spec()
+    assert s == e.parseString(s)[0].spec()
+
+    s = e.parseString("'foo'")[0].spec()
+    assert s == e.parseString(s)[0].spec()
+
+    v = e.parseString("@100")[0]
+    v2 = v.freeze({})
+    v3 = v2.freeze({})
+    assert v2.value.val == v3.value.val
+
+
+def test_integer():
+    e = base.Integer.expr()
+    v = e.parseString("200")[0]
+    assert v.string() == "200"
+    assert v.spec() == "200"
+
+    assert v.freeze({}).value == v.value
+
+    class BInt(base.Integer):
+        bounds = (1, 5)
+
+    tutils.raises("must be between", BInt, 0)
+    tutils.raises("must be between", BInt, 6)
+    assert BInt(5)
+    assert BInt(1)
+    assert BInt(3)
+
+
+class TBoolean(base.Boolean):
+    name = "test"
+
+
+def test_unique_name():
+    b = TBoolean(True)
+    assert b.unique_name
+
+
+class test_boolean():
+    e = TBoolean.expr()
+    assert e.parseString("test")[0].value
+    assert not e.parseString("-test")[0].value
+
+    def roundtrip(s):
+        e = TBoolean.expr()
+        s2 = e.parseString(s)[0].spec()
+        v1 = e.parseString(s)[0].value
+        v2 = e.parseString(s2)[0].value
+        assert s == s2
+        assert v1 == v2
+
+    roundtrip("test")
+    roundtrip("-test")
diff --git a/test/pathod/test_language_generators.py b/test/pathod/test_language_generators.py
new file mode 100644
index 00000000..945560c3
--- /dev/null
+++ b/test/pathod/test_language_generators.py
@@ -0,0 +1,42 @@
+import os
+
+from libpathod.language import generators
+import tutils
+
+
+def test_randomgenerator():
+    g = generators.RandomGenerator("bytes", 100)
+    assert repr(g)
+    assert len(g[:10]) == 10
+    assert len(g[1:10]) == 9
+    assert len(g[:1000]) == 100
+    assert len(g[1000:1001]) == 0
+    assert g[0]
+
+
+def test_filegenerator():
+    with tutils.tmpdir() as t:
+        path = os.path.join(t, "foo")
+        f = open(path, "wb")
+        f.write("x" * 10000)
+        f.close()
+        g = generators.FileGenerator(path)
+        assert len(g) == 10000
+        assert g[0] == "x"
+        assert g[-1] == "x"
+        assert g[0:5] == "xxxxx"
+        assert repr(g)
+        # remove all references to FileGenerator instance to close the file
+        # handle.
+        del g
+
+
+def test_transform_generator():
+    def trans(offset, data):
+        return "a" * len(data)
+    g = "one"
+    t = generators.TransformGenerator(g, trans)
+    assert len(t) == len(g)
+    assert t[0] == "a"
+    assert t[:] == "a" * len(g)
+    assert repr(t)
diff --git a/test/pathod/test_language_http.py b/test/pathod/test_language_http.py
new file mode 100644
index 00000000..26bb6a45
--- /dev/null
+++ b/test/pathod/test_language_http.py
@@ -0,0 +1,358 @@
+import cStringIO
+
+from libpathod import language
+from libpathod.language import http, base
+import tutils
+
+
+def parse_request(s):
+    return language.parse_pathoc(s).next()
+
+
+def test_make_error_response():
+    d = cStringIO.StringIO()
+    s = http.make_error_response("foo")
+    language.serve(s, d, {})
+
+
+class TestRequest:
+
+    def test_nonascii(self):
+        tutils.raises("ascii", parse_request, "get:\xf0")
+
+    def test_err(self):
+        tutils.raises(language.ParseException, parse_request, 'GET')
+
+    def test_simple(self):
+        r = parse_request('GET:"/foo"')
+        assert r.method.string() == "GET"
+        assert r.path.string() == "/foo"
+        r = parse_request('GET:/foo')
+        assert r.path.string() == "/foo"
+        r = parse_request('GET:@1k')
+        assert len(r.path.string()) == 1024
+
+    def test_multiple(self):
+        r = list(language.parse_pathoc("GET:/ PUT:/"))
+        assert r[0].method.string() == "GET"
+        assert r[1].method.string() == "PUT"
+        assert len(r) == 2
+
+        l = """
+            GET
+            "/foo"
+            ir,@1
+
+            PUT
+
+            "/foo
+
+
+
+            bar"
+
+            ir,@1
+        """
+        r = list(language.parse_pathoc(l))
+        assert len(r) == 2
+        assert r[0].method.string() == "GET"
+        assert r[1].method.string() == "PUT"
+
+        l = """
+            get:"http://localhost:9999/p/200":ir,@1
+            get:"http://localhost:9999/p/200":ir,@2
+        """
+        r = list(language.parse_pathoc(l))
+        assert len(r) == 2
+        assert r[0].method.string() == "GET"
+        assert r[1].method.string() == "GET"
+
+    def test_nested_response(self):
+        l = "get:/p:s'200'"
+        r = list(language.parse_pathoc(l))
+        assert len(r) == 1
+        assert len(r[0].tokens) == 3
+        assert isinstance(r[0].tokens[2], http.NestedResponse)
+        assert r[0].values({})
+
+    def test_render(self):
+        s = cStringIO.StringIO()
+        r = parse_request("GET:'/foo'")
+        assert language.serve(
+            r,
+            s,
+            language.Settings(request_host="foo.com")
+        )
+
+    def test_multiline(self):
+        l = """
+            GET
+            "/foo"
+            ir,@1
+        """
+        r = parse_request(l)
+        assert r.method.string() == "GET"
+        assert r.path.string() == "/foo"
+        assert r.actions
+
+        l = """
+            GET
+
+            "/foo
+
+
+
+            bar"
+
+            ir,@1
+        """
+        r = parse_request(l)
+        assert r.method.string() == "GET"
+        assert r.path.string().endswith("bar")
+        assert r.actions
+
+    def test_spec(self):
+        def rt(s):
+            s = parse_request(s).spec()
+            assert parse_request(s).spec() == s
+        rt("get:/foo")
+        rt("get:/foo:da")
+
+    def test_freeze(self):
+        r = parse_request("GET:/:b@100").freeze(language.Settings())
+        assert len(r.spec()) > 100
+
+    def test_path_generator(self):
+        r = parse_request("GET:@100").freeze(language.Settings())
+        assert len(r.spec()) > 100
+
+    def test_websocket(self):
+        r = parse_request('ws:/path/')
+        res = r.resolve(language.Settings())
+        assert res.method.string().lower() == "get"
+        assert res.tok(http.Path).value.val == "/path/"
+        assert res.tok(http.Method).value.val.lower() == "get"
+        assert http.get_header("Upgrade", res.headers).value.val == "websocket"
+
+        r = parse_request('ws:put:/path/')
+        res = r.resolve(language.Settings())
+        assert r.method.string().lower() == "put"
+        assert res.tok(http.Path).value.val == "/path/"
+        assert res.tok(http.Method).value.val.lower() == "put"
+        assert http.get_header("Upgrade", res.headers).value.val == "websocket"
+
+
+class TestResponse:
+
+    def dummy_response(self):
+        return language.parse_pathod("400'msg'").next()
+
+    def test_response(self):
+        r = language.parse_pathod("400:m'msg'").next()
+        assert r.status_code.string() == "400"
+        assert r.reason.string() == "msg"
+
+        r = language.parse_pathod("400:m'msg':b@100b").next()
+        assert r.reason.string() == "msg"
+        assert r.body.values({})
+        assert str(r)
+
+        r = language.parse_pathod("200").next()
+        assert r.status_code.string() == "200"
+        assert not r.reason
+        assert "OK" in [i[:] for i in r.preamble({})]
+
+    def test_render(self):
+        s = cStringIO.StringIO()
+        r = language.parse_pathod("400:m'msg'").next()
+        assert language.serve(r, s, {})
+
+        r = language.parse_pathod("400:p0,100:dr").next()
+        assert "p0" in r.spec()
+        s = r.preview_safe()
+        assert "p0" not in s.spec()
+
+    def test_raw(self):
+        s = cStringIO.StringIO()
+        r = language.parse_pathod("400:b'foo'").next()
+        language.serve(r, s, {})
+        v = s.getvalue()
+        assert "Content-Length" in v
+
+        s = cStringIO.StringIO()
+        r = language.parse_pathod("400:b'foo':r").next()
+        language.serve(r, s, {})
+        v = s.getvalue()
+        assert "Content-Length" not in v
+
+    def test_length(self):
+        def testlen(x):
+            s = cStringIO.StringIO()
+            x = x.next()
+            language.serve(x, s, language.Settings())
+            assert x.length(language.Settings()) == len(s.getvalue())
+        testlen(language.parse_pathod("400:m'msg':r"))
+        testlen(language.parse_pathod("400:m'msg':h'foo'='bar':r"))
+        testlen(language.parse_pathod("400:m'msg':h'foo'='bar':b@100b:r"))
+
+    def test_maximum_length(self):
+        def testlen(x):
+            x = x.next()
+            s = cStringIO.StringIO()
+            m = x.maximum_length({})
+            language.serve(x, s, {})
+            assert m >= len(s.getvalue())
+
+        r = language.parse_pathod("400:m'msg':b@100:d0")
+        testlen(r)
+
+        r = language.parse_pathod("400:m'msg':b@100:d0:i0,'foo'")
+        testlen(r)
+
+        r = language.parse_pathod("400:m'msg':b@100:d0:i0,'foo'")
+        testlen(r)
+
+    def test_parse_err(self):
+        tutils.raises(
+            language.ParseException, language.parse_pathod, "400:msg,b:"
+        )
+        try:
+            language.parse_pathod("400'msg':b:")
+        except language.ParseException as v:
+            assert v.marked()
+            assert str(v)
+
+    def test_nonascii(self):
+        tutils.raises("ascii", language.parse_pathod, "foo:b\xf0")
+
+    def test_parse_header(self):
+        r = language.parse_pathod('400:h"foo"="bar"').next()
+        assert http.get_header("foo", r.headers)
+
+    def test_parse_pause_before(self):
+        r = language.parse_pathod("400:p0,10").next()
+        assert r.actions[0].spec() == "p0,10"
+
+    def test_parse_pause_after(self):
+        r = language.parse_pathod("400:pa,10").next()
+        assert r.actions[0].spec() == "pa,10"
+
+    def test_parse_pause_random(self):
+        r = language.parse_pathod("400:pr,10").next()
+        assert r.actions[0].spec() == "pr,10"
+
+    def test_parse_stress(self):
+        # While larger values are known to work on linux, len() technically
+        # returns an int and a python 2.7 int on windows has 32bit precision.
+        # Therefore, we should keep the body length < 2147483647 bytes in our
+        # tests.
+        r = language.parse_pathod("400:b@1g").next()
+        assert r.length({})
+
+    def test_spec(self):
+        def rt(s):
+            s = language.parse_pathod(s).next().spec()
+            assert language.parse_pathod(s).next().spec() == s
+        rt("400:b@100g")
+        rt("400")
+        rt("400:da")
+
+    def test_websockets(self):
+        r = language.parse_pathod("ws").next()
+        tutils.raises("no websocket key", r.resolve, language.Settings())
+        res = r.resolve(language.Settings(websocket_key="foo"))
+        assert res.status_code.string() == "101"
+
+
+def test_ctype_shortcut():
+    e = http.ShortcutContentType.expr()
+    v = e.parseString("c'foo'")[0]
+    assert v.key.val == "Content-Type"
+    assert v.value.val == "foo"
+
+    s = v.spec()
+    assert s == e.parseString(s)[0].spec()
+
+    e = http.ShortcutContentType.expr()
+    v = e.parseString("c@100")[0]
+    v2 = v.freeze({})
+    v3 = v2.freeze({})
+    assert v2.value.val == v3.value.val
+
+
+def test_location_shortcut():
+    e = http.ShortcutLocation.expr()
+    v = e.parseString("l'foo'")[0]
+    assert v.key.val == "Location"
+    assert v.value.val == "foo"
+
+    s = v.spec()
+    assert s == e.parseString(s)[0].spec()
+
+    e = http.ShortcutLocation.expr()
+    v = e.parseString("l@100")[0]
+    v2 = v.freeze({})
+    v3 = v2.freeze({})
+    assert v2.value.val == v3.value.val
+
+
+def test_shortcuts():
+    assert language.parse_pathod(
+        "400:c'foo'").next().headers[0].key.val == "Content-Type"
+    assert language.parse_pathod(
+        "400:l'foo'").next().headers[0].key.val == "Location"
+
+    assert "Android" in tutils.render(parse_request("get:/:ua"))
+    assert "User-Agent" in tutils.render(parse_request("get:/:ua"))
+
+
+def test_user_agent():
+    e = http.ShortcutUserAgent.expr()
+    v = e.parseString("ua")[0]
+    assert "Android" in v.string()
+
+    e = http.ShortcutUserAgent.expr()
+    v = e.parseString("u'a'")[0]
+    assert "Android" not in v.string()
+
+    v = e.parseString("u@100'")[0]
+    assert len(str(v.freeze({}).value)) > 100
+    v2 = v.freeze({})
+    v3 = v2.freeze({})
+    assert v2.value.val == v3.value.val
+
+
+def test_nested_response():
+    e = http.NestedResponse.expr()
+    v = e.parseString("s'200'")[0]
+    assert v.value.val == "200"
+    tutils.raises(
+        language.ParseException,
+        e.parseString,
+        "s'foo'"
+    )
+
+    v = e.parseString('s"200:b@1"')[0]
+    assert "@1" in v.spec()
+    f = v.freeze({})
+    assert "@1" not in f.spec()
+
+
+def test_nested_response_freeze():
+    e = http.NestedResponse(
+        base.TokValueLiteral(
+            "200:b'foo':i10,'\\x27'".encode(
+                "string_escape"
+            )
+        )
+    )
+    assert e.freeze({})
+    assert e.values({})
+
+
+def test_unique_components():
+    tutils.raises(
+        "multiple body clauses",
+        language.parse_pathod,
+        "400:b@1:b@1"
+    )
diff --git a/test/pathod/test_language_http2.py b/test/pathod/test_language_http2.py
new file mode 100644
index 00000000..9be49452
--- /dev/null
+++ b/test/pathod/test_language_http2.py
@@ -0,0 +1,233 @@
+import cStringIO
+
+import netlib
+from netlib import tcp
+from netlib.http import user_agents
+
+from libpathod import language
+from libpathod.language import http2, base
+import tutils
+
+
+def parse_request(s):
+    return language.parse_pathoc(s, True).next()
+
+
+def parse_response(s):
+    return language.parse_pathod(s, True).next()
+
+
+def default_settings():
+    return language.Settings(
+        request_host="foo.com",
+        protocol=netlib.http.http2.HTTP2Protocol(tcp.TCPClient(('localhost', 1234)))
+    )
+
+
+def test_make_error_response():
+    d = cStringIO.StringIO()
+    s = http2.make_error_response("foo", "bar")
+    language.serve(s, d, default_settings())
+
+
+class TestRequest:
+
+    def test_cached_values(self):
+        req = parse_request("get:/")
+        req_id = id(req)
+        assert req_id == id(req.resolve(default_settings()))
+        assert req.values(default_settings()) == req.values(default_settings())
+
+    def test_nonascii(self):
+        tutils.raises("ascii", parse_request, "get:\xf0")
+
+    def test_err(self):
+        tutils.raises(language.ParseException, parse_request, 'GET')
+
+    def test_simple(self):
+        r = parse_request('GET:"/foo"')
+        assert r.method.string() == "GET"
+        assert r.path.string() == "/foo"
+        r = parse_request('GET:/foo')
+        assert r.path.string() == "/foo"
+
+    def test_multiple(self):
+        r = list(language.parse_pathoc("GET:/ PUT:/"))
+        assert r[0].method.string() == "GET"
+        assert r[1].method.string() == "PUT"
+        assert len(r) == 2
+
+        l = """
+            GET
+            "/foo"
+
+            PUT
+
+            "/foo
+
+
+
+            bar"
+        """
+        r = list(language.parse_pathoc(l, True))
+        assert len(r) == 2
+        assert r[0].method.string() == "GET"
+        assert r[1].method.string() == "PUT"
+
+        l = """
+            get:"http://localhost:9999/p/200"
+            get:"http://localhost:9999/p/200"
+        """
+        r = list(language.parse_pathoc(l, True))
+        assert len(r) == 2
+        assert r[0].method.string() == "GET"
+        assert r[1].method.string() == "GET"
+
+    def test_render_simple(self):
+        s = cStringIO.StringIO()
+        r = parse_request("GET:'/foo'")
+        assert language.serve(
+            r,
+            s,
+            default_settings(),
+        )
+
+    def test_raw_content_length(self):
+        r = parse_request('GET:/:r')
+        assert len(r.headers) == 0
+
+        r = parse_request('GET:/:r:b"foobar"')
+        assert len(r.headers) == 0
+
+        r = parse_request('GET:/')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("content-length", "0")
+
+        r = parse_request('GET:/:b"foobar"')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("content-length", "6")
+
+        r = parse_request('GET:/:b"foobar":h"content-length"="42"')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("content-length", "42")
+
+        r = parse_request('GET:/:r:b"foobar":h"content-length"="42"')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("content-length", "42")
+
+    def test_content_type(self):
+        r = parse_request('GET:/:r:c"foobar"')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("content-type", "foobar")
+
+    def test_user_agent(self):
+        r = parse_request('GET:/:r:ua')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("user-agent", user_agents.get_by_shortcut('a')[2])
+
+    def test_render_with_headers(self):
+        s = cStringIO.StringIO()
+        r = parse_request('GET:/foo:h"foo"="bar"')
+        assert language.serve(
+            r,
+            s,
+            default_settings(),
+        )
+
+    def test_nested_response(self):
+        l = "get:/p/:s'200'"
+        r = parse_request(l)
+        assert len(r.tokens) == 3
+        assert isinstance(r.tokens[2], http2.NestedResponse)
+        assert r.values(default_settings())
+
+
+    def test_render_with_body(self):
+        s = cStringIO.StringIO()
+        r = parse_request("GET:'/foo':bfoobar")
+        assert language.serve(
+            r,
+            s,
+            default_settings(),
+        )
+
+    def test_spec(self):
+        def rt(s):
+            s = parse_request(s).spec()
+            assert parse_request(s).spec() == s
+        rt("get:/foo")
+
+
+class TestResponse:
+
+    def test_cached_values(self):
+        res = parse_response("200")
+        res_id = id(res)
+        assert res_id == id(res.resolve(default_settings()))
+        assert res.values(default_settings()) == res.values(default_settings())
+
+    def test_nonascii(self):
+        tutils.raises("ascii", parse_response, "200:\xf0")
+
+    def test_err(self):
+        tutils.raises(language.ParseException, parse_response, 'GET:/')
+
+    def test_raw_content_length(self):
+        r = parse_response('200:r')
+        assert len(r.headers) == 0
+
+        r = parse_response('200')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("content-length", "0")
+
+    def test_content_type(self):
+        r = parse_response('200:r:c"foobar"')
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("content-type", "foobar")
+
+    def test_simple(self):
+        r = parse_response('200:r:h"foo"="bar"')
+        assert r.status_code.string() == "200"
+        assert len(r.headers) == 1
+        assert r.headers[0].values(default_settings()) == ("foo", "bar")
+        assert r.body is None
+
+        r = parse_response('200:r:h"foo"="bar":bfoobar:h"bla"="fasel"')
+        assert r.status_code.string() == "200"
+        assert len(r.headers) == 2
+        assert r.headers[0].values(default_settings()) == ("foo", "bar")
+        assert r.headers[1].values(default_settings()) == ("bla", "fasel")
+        assert r.body.string() == "foobar"
+
+    def test_render_simple(self):
+        s = cStringIO.StringIO()
+        r = parse_response('200')
+        assert language.serve(
+            r,
+            s,
+            default_settings(),
+        )
+
+    def test_render_with_headers(self):
+        s = cStringIO.StringIO()
+        r = parse_response('200:h"foo"="bar"')
+        assert language.serve(
+            r,
+            s,
+            default_settings(),
+        )
+
+    def test_render_with_body(self):
+        s = cStringIO.StringIO()
+        r = parse_response('200:bfoobar')
+        assert language.serve(
+            r,
+            s,
+            default_settings(),
+        )
+
+    def test_spec(self):
+        def rt(s):
+            s = parse_response(s).spec()
+            assert parse_response(s).spec() == s
+        rt("200:bfoobar")
diff --git a/test/pathod/test_language_websocket.py b/test/pathod/test_language_websocket.py
new file mode 100644
index 00000000..d98fd33e
--- /dev/null
+++ b/test/pathod/test_language_websocket.py
@@ -0,0 +1,142 @@
+
+from libpathod import language
+from libpathod.language import websockets
+import netlib.websockets
+import tutils
+
+
+def parse_request(s):
+    return language.parse_pathoc(s).next()
+
+
+class TestWebsocketFrame:
+
+    def _test_messages(self, specs, message_klass):
+        for i in specs:
+            wf = parse_request(i)
+            assert isinstance(wf, message_klass)
+            assert wf
+            assert wf.values(language.Settings())
+            assert wf.resolve(language.Settings())
+
+            spec = wf.spec()
+            wf2 = parse_request(spec)
+            assert wf2.spec() == spec
+
+    def test_server_values(self):
+        specs = [
+            "wf",
+            "wf:dr",
+            "wf:b'foo'",
+            "wf:mask:r'foo'",
+            "wf:l1024:b'foo'",
+            "wf:cbinary",
+            "wf:c1",
+            "wf:mask:knone",
+            "wf:fin",
+            "wf:fin:rsv1:rsv2:rsv3:mask",
+            "wf:-fin:-rsv1:-rsv2:-rsv3:-mask",
+            "wf:k@4",
+            "wf:x10",
+        ]
+        self._test_messages(specs, websockets.WebsocketFrame)
+
+    def test_parse_websocket_frames(self):
+        wf = language.parse_websocket_frame("wf:x10")
+        assert len(list(wf)) == 10
+        tutils.raises(
+            language.ParseException,
+            language.parse_websocket_frame,
+            "wf:x"
+        )
+
+    def test_client_values(self):
+        specs = [
+            "wf:f'wf'",
+        ]
+        self._test_messages(specs, websockets.WebsocketClientFrame)
+
+    def test_nested_frame(self):
+        wf = parse_request("wf:f'wf'")
+        assert wf.nested_frame
+
+    def test_flags(self):
+        wf = parse_request("wf:fin:mask:rsv1:rsv2:rsv3")
+        frm = netlib.websockets.Frame.from_bytes(tutils.render(wf))
+        assert frm.header.fin
+        assert frm.header.mask
+        assert frm.header.rsv1
+        assert frm.header.rsv2
+        assert frm.header.rsv3
+
+        wf = parse_request("wf:-fin:-mask:-rsv1:-rsv2:-rsv3")
+        frm = netlib.websockets.Frame.from_bytes(tutils.render(wf))
+        assert not frm.header.fin
+        assert not frm.header.mask
+        assert not frm.header.rsv1
+        assert not frm.header.rsv2
+        assert not frm.header.rsv3
+
+    def fr(self, spec, **kwargs):
+        settings = language.base.Settings(**kwargs)
+        wf = parse_request(spec)
+        return netlib.websockets.Frame.from_bytes(tutils.render(wf, settings))
+
+    def test_construction(self):
+        assert self.fr("wf:c1").header.opcode == 1
+        assert self.fr("wf:c0").header.opcode == 0
+        assert self.fr("wf:cbinary").header.opcode ==\
+            netlib.websockets.OPCODE.BINARY
+        assert self.fr("wf:ctext").header.opcode ==\
+            netlib.websockets.OPCODE.TEXT
+
+    def test_rawbody(self):
+        frm = self.fr("wf:mask:r'foo'")
+        assert len(frm.payload) == 3
+        assert frm.payload != "foo"
+
+        assert self.fr("wf:r'foo'").payload == "foo"
+
+    def test_construction(self):
+        # Simple server frame
+        frm = self.fr("wf:b'foo'")
+        assert not frm.header.mask
+        assert not frm.header.masking_key
+
+        # Simple client frame
+        frm = self.fr("wf:b'foo'", is_client=True)
+        assert frm.header.mask
+        assert frm.header.masking_key
+        frm = self.fr("wf:b'foo':k'abcd'", is_client=True)
+        assert frm.header.mask
+        assert frm.header.masking_key == 'abcd'
+
+        # Server frame, mask explicitly set
+        frm = self.fr("wf:b'foo':mask")
+        assert frm.header.mask
+        assert frm.header.masking_key
+        frm = self.fr("wf:b'foo':k'abcd'")
+        assert frm.header.mask
+        assert frm.header.masking_key == 'abcd'
+
+        # Client frame, mask explicitly unset
+        frm = self.fr("wf:b'foo':-mask", is_client=True)
+        assert not frm.header.mask
+        assert not frm.header.masking_key
+
+        frm = self.fr("wf:b'foo':-mask:k'abcd'", is_client=True)
+        assert not frm.header.mask
+        # We're reading back a corrupted frame - the first 3 characters of the
+        # mask is mis-interpreted as the payload
+        assert frm.payload == "abc"
+
+    def test_knone(self):
+        with tutils.raises("expected 4 bytes"):
+            self.fr("wf:b'foo':mask:knone")
+
+    def test_length(self):
+        assert self.fr("wf:l3:b'foo'").header.payload_length == 3
+        frm = self.fr("wf:l2:b'foo'")
+        assert frm.header.payload_length == 2
+        assert frm.payload == "fo"
+        tutils.raises("expected 1024 bytes", self.fr, "wf:l1024:b'foo'")
diff --git a/test/pathod/test_language_writer.py b/test/pathod/test_language_writer.py
new file mode 100644
index 00000000..1a532903
--- /dev/null
+++ b/test/pathod/test_language_writer.py
@@ -0,0 +1,91 @@
+import cStringIO
+
+from libpathod import language
+from libpathod.language import writer
+
+
+def test_send_chunk():
+    v = "foobarfoobar"
+    for bs in range(1, len(v) + 2):
+        s = cStringIO.StringIO()
+        writer.send_chunk(s, v, bs, 0, len(v))
+        assert s.getvalue() == v
+        for start in range(len(v)):
+            for end in range(len(v)):
+                s = cStringIO.StringIO()
+                writer.send_chunk(s, v, bs, start, end)
+                assert s.getvalue() == v[start:end]
+
+
+def test_write_values_inject():
+    tst = "foo"
+
+    s = cStringIO.StringIO()
+    writer.write_values(s, [tst], [(0, "inject", "aaa")], blocksize=5)
+    assert s.getvalue() == "aaafoo"
+
+    s = cStringIO.StringIO()
+    writer.write_values(s, [tst], [(1, "inject", "aaa")], blocksize=5)
+    assert s.getvalue() == "faaaoo"
+
+    s = cStringIO.StringIO()
+    writer.write_values(s, [tst], [(1, "inject", "aaa")], blocksize=5)
+    assert s.getvalue() == "faaaoo"
+
+
+def test_write_values_disconnects():
+    s = cStringIO.StringIO()
+    tst = "foo" * 100
+    writer.write_values(s, [tst], [(0, "disconnect")], blocksize=5)
+    assert not s.getvalue()
+
+
+def test_write_values():
+    tst = "foobarvoing"
+    s = cStringIO.StringIO()
+    writer.write_values(s, [tst], [])
+    assert s.getvalue() == tst
+
+    for bs in range(1, len(tst) + 2):
+        for off in range(len(tst)):
+            s = cStringIO.StringIO()
+            writer.write_values(
+                s, [tst], [(off, "disconnect")], blocksize=bs
+            )
+            assert s.getvalue() == tst[:off]
+
+
+def test_write_values_pauses():
+    tst = "".join(str(i) for i in range(10))
+    for i in range(2, 10):
+        s = cStringIO.StringIO()
+        writer.write_values(
+            s, [tst], [(2, "pause", 0), (1, "pause", 0)], blocksize=i
+        )
+        assert s.getvalue() == tst
+
+    for i in range(2, 10):
+        s = cStringIO.StringIO()
+        writer.write_values(s, [tst], [(1, "pause", 0)], blocksize=i)
+        assert s.getvalue() == tst
+
+    tst = ["".join(str(i) for i in range(10))] * 5
+    for i in range(2, 10):
+        s = cStringIO.StringIO()
+        writer.write_values(s, tst[:], [(1, "pause", 0)], blocksize=i)
+        assert s.getvalue() == "".join(tst)
+
+
+def test_write_values_after():
+    s = cStringIO.StringIO()
+    r = language.parse_pathod("400:da").next()
+    language.serve(r, s, {})
+
+    s = cStringIO.StringIO()
+    r = language.parse_pathod("400:pa,0").next()
+    language.serve(r, s, {})
+
+    s = cStringIO.StringIO()
+    r = language.parse_pathod("400:ia,'xx'").next()
+    language.serve(r, s, {})
+    assert s.getvalue().endswith('xx')
diff --git a/test/pathod/test_log.py b/test/pathod/test_log.py
new file mode 100644
index 00000000..8f38c040
--- /dev/null
+++ b/test/pathod/test_log.py
@@ -0,0 +1,25 @@
+import StringIO
+from libpathod import log
+from netlib.exceptions import TcpDisconnect
+import netlib.tcp
+
+
+class DummyIO(StringIO.StringIO):
+
+    def start_log(self, *args, **kwargs):
+        pass
+
+    def get_log(self, *args, **kwargs):
+        return ""
+
+
+def test_disconnect():
+    outf = DummyIO()
+    rw = DummyIO()
+    l = log.ConnectionLogger(outf, False, rw, rw)
+    try:
+        with l.ctx() as lg:
+            lg("Test")
+    except TcpDisconnect:
+        pass
+    assert "Test" in outf.getvalue()
diff --git a/test/pathod/test_pathoc.py b/test/pathod/test_pathoc.py
new file mode 100644
index 00000000..7c912773
--- /dev/null
+++ b/test/pathod/test_pathoc.py
@@ -0,0 +1,310 @@
+import json
+import cStringIO
+import re
+import OpenSSL
+import pytest
+from mock import Mock
+
+from netlib import tcp, http, socks
+from netlib.exceptions import HttpException, TcpException, NetlibException
+from netlib.http import http1, http2
+
+from libpathod import pathoc, test, version, pathod, language
+from netlib.tutils import raises
+import tutils
+
+
+def test_response():
+    r = http.Response("HTTP/1.1", 200, "Message", {}, None, None)
+    assert repr(r)
+
+
+class _TestDaemon:
+    ssloptions = pathod.SSLOptions()
+
+    @classmethod
+    def setup_class(cls):
+        cls.d = test.Daemon(
+            ssl=cls.ssl,
+            ssloptions=cls.ssloptions,
+            staticdir=tutils.test_data.path("data"),
+            anchors=[
+                (re.compile("/anchor/.*"), "202")
+            ]
+        )
+
+    @classmethod
+    def teardown_class(cls):
+        cls.d.shutdown()
+
+    def setUp(self):
+        self.d.clear_log()
+
+    def test_info(self):
+        c = pathoc.Pathoc(
+            ("127.0.0.1", self.d.port),
+            ssl=self.ssl,
+            fp=None
+        )
+        c.connect()
+        resp = c.request("get:/api/info")
+        assert tuple(json.loads(resp.content)["version"]) == version.IVERSION
+
+    def tval(
+        self,
+        requests,
+        showreq=False,
+        showresp=False,
+        explain=False,
+        showssl=False,
+        hexdump=False,
+        timeout=None,
+        ignorecodes=(),
+        ignoretimeout=None,
+        showsummary=True
+    ):
+        s = cStringIO.StringIO()
+        c = pathoc.Pathoc(
+            ("127.0.0.1", self.d.port),
+            ssl=self.ssl,
+            showreq=showreq,
+            showresp=showresp,
+            explain=explain,
+            hexdump=hexdump,
+            ignorecodes=ignorecodes,
+            ignoretimeout=ignoretimeout,
+            showsummary=showsummary,
+            fp=s
+        )
+        c.connect(showssl=showssl, fp=s)
+        if timeout:
+            c.settimeout(timeout)
+        for i in requests:
+            r = language.parse_pathoc(i).next()
+            if explain:
+                r = r.freeze(language.Settings())
+            try:
+                c.request(r)
+            except NetlibException:
+                pass
+        return s.getvalue()
+
+
+class TestDaemonSSL(_TestDaemon):
+    ssl = True
+    ssloptions = pathod.SSLOptions(
+        request_client_cert=True,
+        sans=["test1.com", "test2.com"],
+        alpn_select=b'h2',
+    )
+
+    def test_sni(self):
+        c = pathoc.Pathoc(
+            ("127.0.0.1", self.d.port),
+            ssl=True,
+            sni="foobar.com",
+            fp=None
+        )
+        c.connect()
+        c.request("get:/p/200")
+        r = c.request("get:/api/log")
+        d = json.loads(r.content)
+        assert d["log"][0]["request"]["sni"] == "foobar.com"
+
+    def test_showssl(self):
+        assert "certificate chain" in self.tval(["get:/p/200"], showssl=True)
+
+    def test_clientcert(self):
+        c = pathoc.Pathoc(
+            ("127.0.0.1", self.d.port),
+            ssl=True,
+            clientcert=tutils.test_data.path("data/clientcert/client.pem"),
+            fp=None
+        )
+        c.connect()
+        c.request("get:/p/200")
+        r = c.request("get:/api/log")
+        d = json.loads(r.content)
+        assert d["log"][0]["request"]["clientcert"]["keyinfo"]
+
+    def test_http2_without_ssl(self):
+        fp = cStringIO.StringIO()
+        c = pathoc.Pathoc(
+            ("127.0.0.1", self.d.port),
+            use_http2=True,
+            ssl=False,
+            fp = fp
+        )
+        tutils.raises(NotImplementedError, c.connect)
+
+
+class TestDaemon(_TestDaemon):
+    ssl = False
+
+    def test_ssl_error(self):
+        c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=True, fp=None)
+        tutils.raises("ssl handshake", c.connect)
+
+    def test_showssl(self):
+        assert not "certificate chain" in self.tval(
+            ["get:/p/200"],
+            showssl=True)
+
+    def test_ignorecodes(self):
+        assert "200" in self.tval(["get:'/p/200:b@1'"])
+        assert "200" in self.tval(["get:'/p/200:b@1'"])
+        assert "200" in self.tval(["get:'/p/200:b@1'"])
+        assert "200" not in self.tval(["get:'/p/200:b@1'"], ignorecodes=[200])
+        assert "200" not in self.tval(
+            ["get:'/p/200:b@1'"],
+            ignorecodes=[
+                200,
+                201])
+        assert "202" in self.tval(["get:'/p/202:b@1'"], ignorecodes=[200, 201])
+
+    def test_timeout(self):
+        assert "Timeout" in self.tval(["get:'/p/200:p0,100'"], timeout=0.01)
+        assert "HTTP" in self.tval(
+            ["get:'/p/200:p5,100'"],
+            showresp=True,
+            timeout=1
+        )
+        assert not "HTTP" in self.tval(
+            ["get:'/p/200:p3,100'"],
+            showresp=True,
+            timeout=1,
+            ignoretimeout=True
+        )
+
+    def test_showresp(self):
+        reqs = ["get:/api/info:p0,0", "get:/api/info:p0,0"]
+        assert self.tval(reqs).count("200") == 2
+        assert self.tval(reqs, showresp=True).count("HTTP/1.1 200 OK") == 2
+        assert self.tval(
+            reqs, showresp=True, hexdump=True
+        ).count("0000000000") == 2
+
+    def test_showresp_httperr(self):
+        v = self.tval(["get:'/p/200:d20'"], showresp=True, showsummary=True)
+        assert "Invalid headers" in v
+        assert "HTTP/" in v
+
+    def test_explain(self):
+        reqs = ["get:/p/200:b@100"]
+        assert "b@100" not in self.tval(reqs, explain=True)
+
+    def test_showreq(self):
+        reqs = ["get:/api/info:p0,0", "get:/api/info:p0,0"]
+        assert self.tval(reqs, showreq=True).count("GET /api") == 2
+        assert self.tval(
+            reqs, showreq=True, hexdump=True
+        ).count("0000000000") == 2
+
+    def test_conn_err(self):
+        assert "Invalid server response" in self.tval(["get:'/p/200:d2'"])
+
+    def test_websocket_shutdown(self):
+        c = pathoc.Pathoc(("127.0.0.1", self.d.port), fp=None)
+        c.connect()
+        c.request("ws:/")
+        c.stop()
+
+    @pytest.mark.xfail
+    def test_wait_finish(self):
+        c = pathoc.Pathoc(
+            ("127.0.0.1", self.d.port),
+            fp=None,
+            ws_read_limit=1
+        )
+        c.connect()
+        c.request("ws:/")
+        c.request("wf:f'wf:x100'")
+        [i for i in c.wait(timeout=0, finish=False)]
+        [i for i in c.wait(timeout=0)]
+
+    def test_connect_fail(self):
+        to = ("foobar", 80)
+        c = pathoc.Pathoc(("127.0.0.1", self.d.port), fp=None)
+        c.rfile, c.wfile = cStringIO.StringIO(), cStringIO.StringIO()
+        with raises("connect failed"):
+            c.http_connect(to)
+        c.rfile = cStringIO.StringIO(
+            "HTTP/1.1 500 OK\r\n"
+        )
+        with raises("connect failed"):
+            c.http_connect(to)
+        c.rfile = cStringIO.StringIO(
+            "HTTP/1.1 200 OK\r\n"
+        )
+        c.http_connect(to)
+
+    def test_socks_connect(self):
+        to = ("foobar", 80)
+        c = pathoc.Pathoc(("127.0.0.1", self.d.port), fp=None)
+        c.rfile, c.wfile = tutils.treader(""), cStringIO.StringIO()
+        tutils.raises(pathoc.PathocError, c.socks_connect, to)
+
+        c.rfile = tutils.treader(
+            "\x05\xEE"
+        )
+        tutils.raises("SOCKS without authentication", c.socks_connect, ("example.com", 0xDEAD))
+
+        c.rfile = tutils.treader(
+            "\x05\x00" +
+            "\x05\xEE\x00\x03\x0bexample.com\xDE\xAD"
+        )
+        tutils.raises("SOCKS server error", c.socks_connect, ("example.com", 0xDEAD))
+
+        c.rfile = tutils.treader(
+            "\x05\x00" +
+            "\x05\x00\x00\x03\x0bexample.com\xDE\xAD"
+        )
+        c.socks_connect(("example.com", 0xDEAD))
+
+
+class TestDaemonHTTP2(_TestDaemon):
+    ssl = True
+
+    if tcp.HAS_ALPN:
+
+        def test_http2(self):
+            c = pathoc.Pathoc(
+                ("127.0.0.1", self.d.port),
+                fp=None,
+                ssl=True,
+                use_http2=True,
+            )
+            assert isinstance(c.protocol, http2.HTTP2Protocol)
+
+            c = pathoc.Pathoc(
+                ("127.0.0.1", self.d.port),
+            )
+            assert c.protocol == http1
+
+        def test_http2_alpn(self):
+            c = pathoc.Pathoc(
+                ("127.0.0.1", self.d.port),
+                fp=None,
+                ssl=True,
+                use_http2=True,
+                http2_skip_connection_preface=True,
+            )
+
+            tmp_convert_to_ssl = c.convert_to_ssl
+            c.convert_to_ssl = Mock()
+            c.convert_to_ssl.side_effect = tmp_convert_to_ssl
+            c.connect()
+
+            _, kwargs = c.convert_to_ssl.call_args
+            assert set(kwargs['alpn_protos']) == set([b'http/1.1', b'h2'])
+
+        def test_request(self):
+            c = pathoc.Pathoc(
+                ("127.0.0.1", self.d.port),
+                fp=None,
+                ssl=True,
+                use_http2=True,
+            )
+            c.connect()
+            resp = c.request("get:/p/200")
+            assert resp.status_code == 200
diff --git a/test/pathod/test_pathoc_cmdline.py b/test/pathod/test_pathoc_cmdline.py
new file mode 100644
index 00000000..74dfef57
--- /dev/null
+++ b/test/pathod/test_pathoc_cmdline.py
@@ -0,0 +1,59 @@
+from libpathod import pathoc_cmdline as cmdline
+import tutils
+import cStringIO
+import mock
+
+
+@mock.patch("argparse.ArgumentParser.error")
+def test_pathoc(perror):
+    assert cmdline.args_pathoc(["pathoc", "foo.com", "get:/"])
+    s = cStringIO.StringIO()
+    with tutils.raises(SystemExit):
+        cmdline.args_pathoc(["pathoc", "--show-uas"], s, s)
+
+    a = cmdline.args_pathoc(["pathoc", "foo.com:8888", "get:/"])
+    assert a.port == 8888
+
+    a = cmdline.args_pathoc(["pathoc", "foo.com:xxx", "get:/"])
+    assert perror.called
+    perror.reset_mock()
+
+    a = cmdline.args_pathoc(["pathoc", "-I", "10, 20", "foo.com:8888", "get:/"])
+    assert a.ignorecodes == [10, 20]
+
+    a = cmdline.args_pathoc(["pathoc", "-I", "xx, 20", "foo.com:8888", "get:/"])
+    assert perror.called
+    perror.reset_mock()
+
+    a = cmdline.args_pathoc(["pathoc", "-c", "foo:10", "foo.com:8888", "get:/"])
+    assert a.connect_to == ["foo", 10]
+
+    a = cmdline.args_pathoc(["pathoc", "foo.com", "get:/", "--http2"])
+    assert a.use_http2 == True
+    assert a.ssl == True
+
+    a = cmdline.args_pathoc(["pathoc", "foo.com", "get:/", "--http2-skip-connection-preface"])
+    assert a.use_http2 == True
+    assert a.ssl == True
+    assert a.http2_skip_connection_preface == True
+
+    a = cmdline.args_pathoc(["pathoc", "-c", "foo", "foo.com:8888", "get:/"])
+    assert perror.called
+    perror.reset_mock()
+
+    a = cmdline.args_pathoc(
+        ["pathoc", "-c", "foo:bar", "foo.com:8888", "get:/"])
+    assert perror.called
+    perror.reset_mock()
+
+    a = cmdline.args_pathoc(
+        [
+            "pathoc",
+            "foo.com:8888",
+            tutils.test_data.path("data/request")
+        ]
+    )
+    assert len(list(a.requests)) == 1
+
+    with tutils.raises(SystemExit):
+        cmdline.args_pathoc(["pathoc", "foo.com", "invalid"], s, s)
diff --git a/test/pathod/test_pathod.py b/test/pathod/test_pathod.py
new file mode 100644
index 00000000..ee5fc7bd
--- /dev/null
+++ b/test/pathod/test_pathod.py
@@ -0,0 +1,289 @@
+import sys
+import cStringIO
+import OpenSSL
+
+from libpathod import pathod, version
+from netlib import tcp, http
+from netlib.exceptions import HttpException, TlsException
+import tutils
+
+
+class TestPathod(object):
+
+    def test_logging(self):
+        s = cStringIO.StringIO()
+        p = pathod.Pathod(("127.0.0.1", 0), logfp=s)
+        assert len(p.get_log()) == 0
+        id = p.add_log(dict(s="foo"))
+        assert p.log_by_id(id)
+        assert len(p.get_log()) == 1
+        p.clear_log()
+        assert len(p.get_log()) == 0
+
+        for _ in range(p.LOGBUF + 1):
+            p.add_log(dict(s="foo"))
+        assert len(p.get_log()) <= p.LOGBUF
+
+
+class TestNoWeb(tutils.DaemonTests):
+    noweb = True
+
+    def test_noweb(self):
+        assert self.get("200:da").status_code == 200
+        assert self.getpath("/").status_code == 800
+
+
+class TestTimeout(tutils.DaemonTests):
+    timeout = 0.01
+
+    def test_noweb(self):
+        # FIXME: Add float values to spec language, reduce test timeout to
+        # increase test performance
+        # This is a bodge - we have some platform difference that causes
+        # different exceptions to be raised here.
+        tutils.raises(Exception, self.pathoc, ["get:/:p1,1"])
+        assert self.d.last_log()["type"] == "timeout"
+
+
+class TestNoApi(tutils.DaemonTests):
+    noapi = True
+
+    def test_noapi(self):
+        assert self.getpath("/log").status_code == 404
+        r = self.getpath("/")
+        assert r.status_code == 200
+        assert not "Log" in r.content
+
+
+class TestNotAfterConnect(tutils.DaemonTests):
+    ssl = False
+    ssloptions = dict(
+        not_after_connect=True
+    )
+
+    def test_connect(self):
+        r, _ = self.pathoc(
+            [r"get:'http://foo.com/p/202':da"],
+            connect_to=("localhost", self.d.port)
+        )
+        assert r[0].status_code == 202
+
+
+class TestCustomCert(tutils.DaemonTests):
+    ssl = True
+    ssloptions = dict(
+        certs=[("*", tutils.test_data.path("data/testkey.pem"))],
+    )
+
+    def test_connect(self):
+        r, _ = self.pathoc([r"get:/p/202"])
+        r = r[0]
+        assert r.status_code == 202
+        assert r.sslinfo
+        assert "test.com" in str(r.sslinfo.certchain[0].get_subject())
+
+
+class TestSSLCN(tutils.DaemonTests):
+    ssl = True
+    ssloptions = dict(
+        cn="foo.com"
+    )
+
+    def test_connect(self):
+        r, _ = self.pathoc([r"get:/p/202"])
+        r = r[0]
+        assert r.status_code == 202
+        assert r.sslinfo
+        assert r.sslinfo.certchain[0].get_subject().CN == "foo.com"
+
+
+class TestNohang(tutils.DaemonTests):
+    nohang = True
+
+    def test_nohang(self):
+        r = self.get("200:p0,0")
+        assert r.status_code == 800
+        l = self.d.last_log()
+        assert "Pauses have been disabled" in l["response"]["msg"]
+
+
+class TestHexdump(tutils.DaemonTests):
+    hexdump = True
+
+    def test_hexdump(self):
+        r = self.get(r"200:b'\xf0'")
+
+
+class TestNocraft(tutils.DaemonTests):
+    nocraft = True
+
+    def test_nocraft(self):
+        r = self.get(r"200:b'\xf0'")
+        assert r.status_code == 800
+        assert "Crafting disabled" in r.content
+
+
+class CommonTests(tutils.DaemonTests):
+
+    def test_binarydata(self):
+        r = self.get(r"200:b'\xf0'")
+        l = self.d.last_log()
+        # FIXME: Other binary data elements
+
+    def test_sizelimit(self):
+        r = self.get("200:b@1g")
+        assert r.status_code == 800
+        l = self.d.last_log()
+        assert "too large" in l["response"]["msg"]
+
+    def test_preline(self):
+        r, _ = self.pathoc([r"get:'/p/200':i0,'\r\n'"])
+        assert r[0].status_code == 200
+
+    def test_info(self):
+        assert tuple(self.d.info()["version"]) == version.IVERSION
+
+    def test_logs(self):
+        assert self.d.clear_log()
+        assert not self.d.last_log()
+        rsp = self.get("202:da")
+        assert len(self.d.log()) == 1
+        assert self.d.clear_log()
+        assert len(self.d.log()) == 0
+
+    def test_disconnect(self):
+        rsp = self.get("202:b@100k:d200")
+        assert len(rsp.content) < 200
+
+    def test_parserr(self):
+        rsp = self.get("400:msg,b:")
+        assert rsp.status_code == 800
+
+    def test_static(self):
+        rsp = self.get("200:b<file")
+        assert rsp.status_code == 200
+        assert rsp.content.strip() == "testfile"
+
+    def test_anchor(self):
+        rsp = self.getpath("anchor/foo")
+        assert rsp.status_code == 202
+
+    def test_invalid_first_line(self):
+        c = tcp.TCPClient(("localhost", self.d.port))
+        c.connect()
+        if self.ssl:
+            c.convert_to_ssl()
+        c.wfile.write("foo\n\n\n")
+        c.wfile.flush()
+        l = self.d.last_log()
+        assert l["type"] == "error"
+        assert "foo" in l["msg"]
+
+    def test_invalid_content_length(self):
+        tutils.raises(
+            HttpException,
+            self.pathoc,
+            ["get:/:h'content-length'='foo'"]
+        )
+        l = self.d.last_log()
+        assert l["type"] == "error"
+        assert "Unparseable Content Length" in l["msg"]
+
+    def test_invalid_headers(self):
+        tutils.raises(HttpException, self.pathoc, ["get:/:h'\t'='foo'"])
+        l = self.d.last_log()
+        assert l["type"] == "error"
+        assert "Invalid headers" in l["msg"]
+
+    def test_access_denied(self):
+        rsp = self.get("=nonexistent")
+        assert rsp.status_code == 800
+
+    def test_source_access_denied(self):
+        rsp = self.get("200:b</foo")
+        assert rsp.status_code == 800
+        assert "File access denied" in rsp.content
+
+    def test_proxy(self):
+        r, _ = self.pathoc([r"get:'http://foo.com/p/202':da"])
+        assert r[0].status_code == 202
+
+    def test_websocket(self):
+        r, _ = self.pathoc(["ws:/p/"], ws_read_limit=0)
+        assert r[0].status_code == 101
+
+        r, _ = self.pathoc(["ws:/p/ws"], ws_read_limit=0)
+        assert r[0].status_code == 101
+
+    def test_websocket_frame(self):
+        r, _ = self.pathoc(
+            ["ws:/p/", "wf:f'wf:b\"test\"':pa,1"],
+            ws_read_limit=1
+        )
+        assert r[1].payload == "test"
+
+    def test_websocket_frame_reflect_error(self):
+        r, _ = self.pathoc(
+            ["ws:/p/", "wf:-mask:knone:f'wf:b@10':i13,'a'"],
+            ws_read_limit=1,
+            timeout=1
+        )
+        # FIXME: Race Condition?
+        assert "Parse error" in self.d.text_log()
+
+    def test_websocket_frame_disconnect_error(self):
+        self.pathoc(["ws:/p/", "wf:b@10:d3"], ws_read_limit=0)
+        assert self.d.last_log()
+
+
+class TestDaemon(CommonTests):
+    ssl = False
+
+    def test_connect(self):
+        r, _ = self.pathoc(
+            [r"get:'http://foo.com/p/202':da"],
+            connect_to=("localhost", self.d.port),
+            ssl=True
+        )
+        assert r[0].status_code == 202
+
+    def test_connect_err(self):
+        tutils.raises(
+            HttpException,
+            self.pathoc,
+            [r"get:'http://foo.com/p/202':da"],
+            connect_to=("localhost", self.d.port)
+        )
+
+
+class TestDaemonSSL(CommonTests):
+    ssl = True
+
+    def test_ssl_conn_failure(self):
+        c = tcp.TCPClient(("localhost", self.d.port))
+        c.rbufsize = 0
+        c.wbufsize = 0
+        c.connect()
+        c.wfile.write("\0\0\0\0")
+        tutils.raises(TlsException, c.convert_to_ssl)
+        l = self.d.last_log()
+        assert l["type"] == "error"
+        assert "SSL" in l["msg"]
+
+    def test_ssl_cipher(self):
+        r, _ = self.pathoc([r"get:/p/202"])
+        assert r[0].status_code == 202
+        assert self.d.last_log()["cipher"][1] > 0
+
+
+class TestHTTP2(tutils.DaemonTests):
+    ssl = True
+    noweb = True
+    noapi = True
+    nohang = True
+
+    if tcp.HAS_ALPN:
+
+        def test_http2(self):
+            r, _ = self.pathoc(["GET:/"], ssl=True, use_http2=True)
+            assert r[0].status_code == 800
diff --git a/test/pathod/test_pathod_cmdline.py b/test/pathod/test_pathod_cmdline.py
new file mode 100644
index 00000000..829c4b32
--- /dev/null
+++ b/test/pathod/test_pathod_cmdline.py
@@ -0,0 +1,85 @@
+from libpathod import pathod_cmdline as cmdline
+import tutils
+import cStringIO
+import mock
+
+
+@mock.patch("argparse.ArgumentParser.error")
+def test_pathod(perror):
+    assert cmdline.args_pathod(["pathod"])
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "--cert",
+            tutils.test_data.path("data/testkey.pem")
+        ]
+    )
+    assert a.ssl_certs
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "--cert",
+            "nonexistent"
+        ]
+    )
+    assert perror.called
+    perror.reset_mock()
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "-a",
+            "foo=200"
+        ]
+    )
+    assert a.anchors
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "-a",
+            "foo=" + tutils.test_data.path("data/response")
+        ]
+    )
+    assert a.anchors
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "-a",
+            "?=200"
+        ]
+    )
+    assert perror.called
+    perror.reset_mock()
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "-a",
+            "foo"
+        ]
+    )
+    assert perror.called
+    perror.reset_mock()
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "--limit-size",
+            "200k"
+        ]
+    )
+    assert a.sizelimit
+
+    a = cmdline.args_pathod(
+        [
+            "pathod",
+            "--limit-size",
+            "q"
+        ]
+    )
+    assert perror.called
+    perror.reset_mock()
diff --git a/test/pathod/test_test.py b/test/pathod/test_test.py
new file mode 100644
index 00000000..bd92d864
--- /dev/null
+++ b/test/pathod/test_test.py
@@ -0,0 +1,45 @@
+import logging
+import requests
+from libpathod import test
+import tutils
+logging.disable(logging.CRITICAL)
+
+
+class TestDaemonManual:
+
+    def test_simple(self):
+        with test.Daemon() as d:
+            rsp = requests.get("http://localhost:%s/p/202:da" % d.port)
+            assert rsp.ok
+            assert rsp.status_code == 202
+        with tutils.raises(requests.ConnectionError):
+            requests.get("http://localhost:%s/p/202:da" % d.port)
+
+    def test_startstop_ssl(self):
+        d = test.Daemon(ssl=True)
+        rsp = requests.get(
+            "https://localhost:%s/p/202:da" %
+            d.port,
+            verify=False)
+        assert rsp.ok
+        assert rsp.status_code == 202
+        d.shutdown()
+        with tutils.raises(requests.ConnectionError):
+            requests.get("http://localhost:%s/p/202:da" % d.port)
+
+    def test_startstop_ssl_explicit(self):
+        ssloptions = dict(
+            certfile=tutils.test_data.path("data/testkey.pem"),
+            cacert=tutils.test_data.path("data/testkey.pem"),
+            ssl_after_connect=False
+        )
+        d = test.Daemon(ssl=ssloptions)
+        rsp = requests.get(
+            "https://localhost:%s/p/202:da" %
+            d.port,
+            verify=False)
+        assert rsp.ok
+        assert rsp.status_code == 202
+        d.shutdown()
+        with tutils.raises(requests.ConnectionError):
+            requests.get("http://localhost:%s/p/202:da" % d.port)
diff --git a/test/pathod/test_utils.py b/test/pathod/test_utils.py
new file mode 100644
index 00000000..7d24e9e4
--- /dev/null
+++ b/test/pathod/test_utils.py
@@ -0,0 +1,39 @@
+from libpathod import utils
+import tutils
+
+
+def test_membool():
+    m = utils.MemBool()
+    assert not m.v
+    assert m(1)
+    assert m.v == 1
+    assert m(2)
+    assert m.v == 2
+
+
+def test_parse_size():
+    assert utils.parse_size("100") == 100
+    assert utils.parse_size("100k") == 100 * 1024
+    tutils.raises("invalid size spec", utils.parse_size, "foo")
+    tutils.raises("invalid size spec", utils.parse_size, "100kk")
+
+
+def test_parse_anchor_spec():
+    assert utils.parse_anchor_spec("foo=200") == ("foo", "200")
+    assert utils.parse_anchor_spec("foo") is None
+
+
+def test_data_path():
+    tutils.raises(ValueError, utils.data.path, "nonexistent")
+
+
+def test_inner_repr():
+    assert utils.inner_repr("\x66") == "\x66"
+    assert utils.inner_repr(u"foo") == "foo"
+
+
+def test_escape_unprintables():
+    s = "".join([chr(i) for i in range(255)])
+    e = utils.escape_unprintables(s)
+    assert e.encode('ascii')
+    assert not "PATHOD_MARKER" in e
diff --git a/test/pathod/tutils.py b/test/pathod/tutils.py
new file mode 100644
index 00000000..664cdd52
--- /dev/null
+++ b/test/pathod/tutils.py
@@ -0,0 +1,128 @@
+import tempfile
+import os
+import re
+import shutil
+import cStringIO
+from contextlib import contextmanager
+
+import netlib
+from libpathod import utils, test, pathoc, pathod, language
+from netlib import tcp
+import requests
+
+def treader(bytes):
+    """
+        Construct a tcp.Read object from bytes.
+    """
+    fp = cStringIO.StringIO(bytes)
+    return tcp.Reader(fp)
+
+
+class DaemonTests(object):
+    noweb = False
+    noapi = False
+    nohang = False
+    ssl = False
+    timeout = None
+    hexdump = False
+    ssloptions = None
+    nocraft = False
+
+    @classmethod
+    def setup_class(cls):
+        opts = cls.ssloptions or {}
+        cls.confdir = tempfile.mkdtemp()
+        opts["confdir"] = cls.confdir
+        so = pathod.SSLOptions(**opts)
+        cls.d = test.Daemon(
+            staticdir=test_data.path("data"),
+            anchors=[
+                (re.compile("/anchor/.*"), "202:da")
+            ],
+            ssl=cls.ssl,
+            ssloptions=so,
+            sizelimit=1 * 1024 * 1024,
+            noweb=cls.noweb,
+            noapi=cls.noapi,
+            nohang=cls.nohang,
+            timeout=cls.timeout,
+            hexdump=cls.hexdump,
+            nocraft=cls.nocraft,
+            logreq=True,
+            logresp=True,
+            explain=True
+        )
+
+    @classmethod
+    def teardown_class(cls):
+        cls.d.shutdown()
+        shutil.rmtree(cls.confdir)
+
+    def teardown(self):
+        if not (self.noweb or self.noapi):
+            self.d.clear_log()
+
+    def getpath(self, path, params=None):
+        scheme = "https" if self.ssl else "http"
+        resp = requests.get(
+            "%s://localhost:%s/%s" % (
+                scheme,
+                self.d.port,
+                path
+            ),
+            verify=False,
+            params=params
+        )
+        return resp
+
+    def get(self, spec):
+        resp = requests.get(self.d.p(spec), verify=False)
+        return resp
+
+    def pathoc(
+        self,
+        specs,
+        timeout=None,
+        connect_to=None,
+        ssl=None,
+        ws_read_limit=None,
+        use_http2=False,
+    ):
+        """
+            Returns a (messages, text log) tuple.
+        """
+        if ssl is None:
+            ssl = self.ssl
+        logfp = cStringIO.StringIO()
+        c = pathoc.Pathoc(
+            ("localhost", self.d.port),
+            ssl=ssl,
+            ws_read_limit=ws_read_limit,
+            timeout=timeout,
+            fp=logfp,
+            use_http2=use_http2,
+        )
+        c.connect(connect_to)
+        ret = []
+        for i in specs:
+            resp = c.request(i)
+            if resp:
+                ret.append(resp)
+        for frm in c.wait():
+            ret.append(frm)
+        c.stop()
+        return ret, logfp.getvalue()
+
+
+tmpdir = netlib.tutils.tmpdir
+
+raises = netlib.tutils.raises
+
+test_data = utils.Data(__name__)
+
+
+def render(r, settings=language.Settings()):
+    r = r.resolve(settings)
+    s = cStringIO.StringIO()
+    assert language.serve(r, s, settings)
+    return s.getvalue()