Convert more redef-able constants to runtime options

scripts/policy/protocols/conn/known-hosts.bro

@@ -29,7 +29,7 @@ export {
 	
 	## The hosts whose existence should be logged and tracked.
 	## See :bro:type:`Host` for possible choices.
-	const host_tracking = LOCAL_HOSTS &redef;
+	option host_tracking = LOCAL_HOSTS;
 	
 	## Holds the set of all known hosts.  Keys in the store are addresses
 	## and their associated value will always be the "true" boolean.
@@ -44,7 +44,7 @@ export {
 
 	## The timeout interval to use for operations against
 	## :bro:see:`Known::host_store`.
-	const host_store_timeout = 15sec &redef;
+	option host_store_timeout = 15sec;
 
 	## The set of all known addresses to store for preventing duplicate 
 	## logging of addresses.  It can also be used from other scripts to 

scripts/policy/protocols/conn/known-services.bro

@@ -35,7 +35,7 @@ export {
 	
 	## The hosts whose services should be tracked and logged.
 	## See :bro:type:`Host` for possible choices.
-	const service_tracking = LOCAL_HOSTS &redef;
+	option service_tracking = LOCAL_HOSTS;
 
 	type AddrPortPair: record {
 		host: addr;
@@ -56,7 +56,7 @@ export {
 
 	## The timeout interval to use for operations against
 	## :bro:see:`Known::service_store`.
-	const service_store_timeout = 15sec &redef;
+	option service_store_timeout = 15sec;
 
 	## Tracks the set of daily-detected services for preventing the logging
 	## of duplicates, but can also be inspected by other scripts for

scripts/policy/protocols/http/software.bro

@@ -15,7 +15,7 @@ export {
 	};
 
 	## The pattern of HTTP User-Agents which you would like to ignore.
-	const ignored_user_agents = /NO_DEFAULT/ &redef;
+	option ignored_user_agents = /NO_DEFAULT/;
 }
 
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=2

scripts/policy/protocols/modbus/track-memmap.bro

@@ -12,7 +12,7 @@ export {
 	redef enum Log::ID += { Modbus::REGISTER_CHANGE_LOG };
 
 	## The hosts that should have memory mapping enabled.
-	const track_memmap: Host = ALL_HOSTS &redef;
+	option track_memmap: Host = ALL_HOSTS;
 
 	type MemmapInfo: record {
 		## Timestamp for the detected register change.

scripts/policy/protocols/smtp/blocklists.bro

@@ -17,7 +17,7 @@ export {
 
 	# This matches content in SMTP error messages that indicate some
 	# block list doesn't like the connection/mail.
-	const blocklist_error_messages = 
+	option blocklist_error_messages =
 		  /spamhaus\.org\//
 		| /sophos\.com\/security\//
 		| /spamcop\.net\/bl/
@@ -32,7 +32,7 @@ export {
 		| /rbl\.knology\.net\//
 		| /intercept\.datapacket\.net\//
 		| /uceprotect\.net\//
-		| /hostkarma\.junkemailfilter\.com\// &redef;
+		| /hostkarma\.junkemailfilter\.com\//;
 	
 }
 

scripts/policy/protocols/smtp/software.bro

@@ -33,17 +33,17 @@ export {
 	## with incorrect data.  If you would like to detect mail clients for
 	## incoming messages (network traffic originating from a non-local
 	## address), set this variable to EXTERNAL_HOSTS or ALL_HOSTS.
-	const detect_clients_in_messages_from = LOCAL_HOSTS &redef;
+	option detect_clients_in_messages_from = LOCAL_HOSTS;
 	
 	## A regular expression to match USER-AGENT-like headers to find if a 
 	## message was sent with a webmail interface.
-	const webmail_user_agents = 
+	option webmail_user_agents =
 	                     /^iPlanet Messenger/ 
 	                   | /^Sun Java\(tm\) System Messenger Express/
 	                   | /\(IMP\)/  # Horde Internet Messaging Program
 	                   | /^SquirrelMail/
 	                   | /^NeoMail/ 
-	                   | /ZimbraWebClient/ &redef;
+	                   | /ZimbraWebClient/;
 }
 
 event mime_one_header(c: connection, h: mime_header_rec) &priority=4

scripts/policy/protocols/ssh/interesting-hostnames.bro

@@ -17,14 +17,14 @@ export {
 	};
 	
 	## Strange/bad host names to see successful SSH logins from or to.
-	const interesting_hostnames =
+	option interesting_hostnames =
 			/^d?ns[0-9]*\./ |
 			/^smtp[0-9]*\./ |
 			/^mail[0-9]*\./ |
 			/^pop[0-9]*\./  |
 			/^imap[0-9]*\./ |
 			/^www[0-9]*\./  |
-			/^ftp[0-9]*\./  &redef;
+			/^ftp[0-9]*\./;
 }
 
 function check_ssh_hostname(id: conn_id, uid: string, host: addr)

scripts/policy/protocols/ssl/extract-certs-pem.bro

@@ -19,7 +19,7 @@ export {
 	## Control if host certificates offered by the defined hosts
 	## will be written to the PEM certificates file.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
-	const extract_certs_pem = LOCAL_HOSTS &redef;
+	option extract_certs_pem = LOCAL_HOSTS;
 }
 
 # This is an internally maintained variable to prevent relogging of

scripts/policy/protocols/ssl/known-certs.bro

@@ -29,7 +29,7 @@ export {
 	
 	## The certificates whose existence should be logged and tracked.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
-	const cert_tracking = LOCAL_HOSTS &redef;
+	option cert_tracking = LOCAL_HOSTS;
 
 	## Toggles between different implementations of this script.
 	## When true, use a Broker data store, else use a regular Bro set
@@ -52,11 +52,11 @@ export {
 
 	## The expiry interval of new entries in :bro:see:`Known::cert_store`.
 	## This also changes the interval at which certs get logged.
-	const cert_store_expiry = 1day &redef;
+	option cert_store_expiry = 1day;
 
 	## The timeout interval to use for operations against
 	## :bro:see:`Known::cert_store`.
-	const cert_store_timeout = 15sec &redef;
+	option cert_store_timeout = 15sec;
 
 	## The set of all known certificates to store for preventing duplicate 
 	## logging. It can also be used from other scripts to 

scripts/policy/protocols/ssl/notary.bro

@@ -12,7 +12,7 @@ export {
 	};
 
 	## The notary domain to query.
-	const domain = "notary.icsi.berkeley.edu" &redef;
+	option domain = "notary.icsi.berkeley.edu";
 }
 
 redef record SSL::Info += {

scripts/policy/protocols/ssl/weak-keys.bro

@@ -42,7 +42,7 @@ export {
 
 	## Warn if a server negotiates an unsafe cipher suite. By default, we only warn when
 	## encountering old export cipher suites, or RC4 (see RFC7465).
-	const unsafe_ciphers_regex = /(_EXPORT_)|(_RC4_)/ &redef;
+	option unsafe_ciphers_regex = /(_EXPORT_)|(_RC4_)/;
 }
 
 # We check key lengths only for DSA or RSA certificates. For others, we do