Convert more redef-able constants to runtime options

2025-10-04 15:48:19 +00:00 · 2018-08-24 16:05:44 -05:00 · 2018-08-24 16:05:44 -05:00 · 01a899255e
commit 01a899255e
parent 4912513517
36 changed files with 72 additions and 72 deletions
--- a/scripts/base/protocols/conn/contents.bro
+++ b/scripts/base/protocols/conn/contents.bro
@ -18,7 +18,7 @@ module Conn;
 export {
 	## The prefix given to files containing extracted connections as they
 	## are opened on disk.
-	const extraction_prefix = "contents" &redef;
+	option extraction_prefix = "contents";
 	
 	## If this variable is set to ``T``, then all contents of all
 	## connections will be extracted.
--- a/scripts/base/protocols/conn/inactivity.bro
+++ b/scripts/base/protocols/conn/inactivity.bro
@ -6,15 +6,15 @@ module Conn;
 export {
 	## Define inactivity timeouts by the service detected being used over
 	## the connection.
-	const analyzer_inactivity_timeouts: table[Analyzer::Tag] of interval = {
+	option analyzer_inactivity_timeouts: table[Analyzer::Tag] of interval = {
 		# For interactive services, allow longer periods of inactivity.
 		[[Analyzer::ANALYZER_SSH, Analyzer::ANALYZER_FTP]] = 1 hrs,
-	} &redef;
+	};
 	
 	## Define inactivity timeouts based on common protocol ports.
-	const port_inactivity_timeouts: table[port] of interval = {
+	option port_inactivity_timeouts: table[port] of interval = {
 		[[21/tcp, 22/tcp, 23/tcp, 513/tcp]] = 1 hrs,
-	} &redef;
+	};
 	
 }
 	
--- a/scripts/base/protocols/dce-rpc/main.bro
+++ b/scripts/base/protocols/dce-rpc/main.bro
@ -28,11 +28,11 @@ export {

 	## These are DCE-RPC operations that are ignored, typically due to
 	## the operations being noisy and low value on most networks.
-	const ignored_operations: table[string] of set[string] = {
+	option ignored_operations: table[string] of set[string] = {
 		["winreg"] = set("BaseRegCloseKey", "BaseRegGetVersion", "BaseRegOpenKey", "BaseRegQueryValue", "BaseRegDeleteKeyEx", "OpenLocalMachine", "BaseRegEnumKey", "OpenClassesRoot"),
 		["spoolss"] = set("RpcSplOpenPrinter", "RpcClosePrinter"),
 		["wkssvc"] = set("NetrWkstaGetInfo"),
-	} &redef;
+	};

 	type State: record {
 		uuid       : string &optional;
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@ -118,12 +118,12 @@ export {
 	## is reached (this shouldn't happen unless either the DNS server/resolver
 	## is broken, Bro is not seeing all the DNS traffic, or an AXFR query
 	## response is ongoing).
-	const max_pending_msgs = 50 &redef;
+	option max_pending_msgs = 50;

 	## Give up trying to match pending DNS queries or replies across all
 	## query/transaction IDs once there is at least one unmatched query or
 	## reply across this number of different query IDs.
-	const max_pending_query_ids = 50 &redef;
+	option max_pending_query_ids = 50;

 	## A record type which tracks the status of DNS queries for a given
 	## :bro:type:`connection`.
--- a/scripts/base/protocols/ftp/utils-commands.bro
+++ b/scripts/base/protocols/ftp/utils-commands.bro
@ -18,7 +18,7 @@ export {
 	type PendingCmds: table[count] of CmdArg;
 	
 	## Possible response codes for a wide variety of FTP commands.
-	const cmd_reply_code: set[string, count] = {
+	option cmd_reply_code: set[string, count] = {
 		# According to RFC 959
 		["<init>", [120, 220, 421]],
 		["USER", [230, 331, 332, 421, 530, 500, 501]],
@ -72,7 +72,7 @@ export {
 		["<init>", 0],    # unexpected command-reply pair
 		["<missing>", 0], # unexpected command-reply pair
 		["QUIT", 0],      # unexpected command-reply pair
-	} &redef;
+	};
 }

 function add_pending_cmd(pc: PendingCmds, cmd: string, arg: string): CmdArg
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@ -96,7 +96,7 @@ export {
 	};

 	## A list of HTTP headers typically used to indicate proxied requests.
-	const proxy_headers: set[string] = {
+	option proxy_headers: set[string] = {
 		"FORWARDED",
 		"X-FORWARDED-FOR",
 		"X-FORWARDED-FROM",
@ -104,7 +104,7 @@ export {
 		"VIA",
 		"XROXY-CONNECTION",
 		"PROXY-CONNECTION",
-	} &redef;
+	};

 	## A list of HTTP methods. Other methods will generate a weird. Note
 	## that the HTTP analyzer will only accept methods consisting solely
--- a/scripts/base/protocols/ntlm/main.bro
+++ b/scripts/base/protocols/ntlm/main.bro
@ -33,7 +33,7 @@ export {
 	};

 	## DOS and NT status codes that indicate authentication failure.
-	const auth_failure_statuses: set[count] = {
+	option auth_failure_statuses: set[count] = {
 		0x052e0001, # logonfailure
 		0x08c00002, # badClient
 		0x08c10002, # badLogonTime
@ -46,7 +46,7 @@ export {
 		0xC0000070, # INVALID_WORKSTATION
 		0xC0000071, # PASSWORD_EXPIRED
 		0xC0000072, # ACCOUNT_DISABLED
-	} &redef;
+	};
 }

 redef DPD::ignore_violations += { Analyzer::ANALYZER_NTLM };
@ -129,4 +129,4 @@ event connection_state_remove(c: connection) &priority=-5
 		{
 		Log::write(NTLM::LOG, c$ntlm);
 		}
-	}
+	}
--- a/scripts/base/protocols/rdp/main.bro
+++ b/scripts/base/protocols/rdp/main.bro
@ -58,11 +58,11 @@ export {

 	## If true, detach the RDP analyzer from the connection to prevent
 	## continuing to process encrypted traffic.
-	const disable_analyzer_after_detection = F &redef;
+	option disable_analyzer_after_detection = F;

 	## The amount of time to monitor an RDP session from when it is first 
 	## identified. When this interval is reached, the session is logged.
-	const rdp_check_interval = 10secs &redef;
+	option rdp_check_interval = 10secs;

 	## Event that can be handled to access the rdp record as it is sent on
 	## to the logging framework.
--- a/scripts/base/protocols/smtp/main.bro
+++ b/scripts/base/protocols/smtp/main.bro
@ -76,7 +76,7 @@ export {
 	##    LOCAL_HOSTS - only capture the path until the external host is discovered.
 	##    ALL_HOSTS - always capture the entire path.
 	##    NO_HOSTS - never capture the path.
-	const mail_path_capture = ALL_HOSTS &redef;
+	option mail_path_capture = ALL_HOSTS;

 	## Create an extremely shortened representation of a log line.
 	global describe: function(rec: Info): string;
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@ -50,12 +50,12 @@ export {

 	## The set of compression algorithms. We can't accurately determine
 	## authentication success or failure when compression is enabled.
-	const compression_algorithms = set("zlib", "zlib@openssh.com") &redef;
+	option compression_algorithms = set("zlib", "zlib@openssh.com");

 	## If true, after detection detach the SSH analyzer from the connection
 	## to prevent continuing to process encrypted traffic. Helps with performance
 	## (especially with large file transfers).
-	const disable_analyzer_after_detection = T &redef;
+	option disable_analyzer_after_detection = T;

 	## Event that can be handled to access the SSH record as it is sent on
 	## to the logging framework.
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@ -91,12 +91,12 @@ export {
 	## The Certificate Transparency log bundle. By default, the ct-list.bro
 	## script sets this to the current list of known logs. Entries
 	## are indexed by (binary) log-id.
-	const ct_logs: table[string] of CTInfo = {} &redef;
+	option ct_logs: table[string] of CTInfo = {};

 	## If true, detach the SSL analyzer from the connection to prevent
 	## continuing to process encrypted traffic. Helps with performance
 	## (especially with large file transfers).
-	const disable_analyzer_after_detection = T &redef;
+	option disable_analyzer_after_detection = T;

 	## Delays an SSL record for a specific token: the record will not be
 	## logged as long as the token exists or until 15 seconds elapses.