Move zeek::net namespace to zeek::run_state namespace.

This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated
2025-10-02 14:48:21 +00:00 · 2020-08-19 17:41:24 -07:00 · 2020-08-19 17:41:24 -07:00 · 0ac3fafe13
commit 0ac3fafe13
parent d608e7c9a5
64 changed files with 477 additions and 467 deletions
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -253,7 +253,6 @@ set(MAIN_SRCS
    List.cc
    Reporter.cc
    NFA.cc
-    Net.cc
    NetVar.cc
    Notifier.cc
    Obj.cc
@ -271,6 +270,7 @@ set(MAIN_SRCS
    RuleAction.cc
    RuleCondition.cc
    RuleMatcher.cc
+    RunState.cc
    ScannedFile.cc
    Scope.cc
    ScriptCoverageManager.cc
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -7,7 +7,7 @@
 #include <ctype.h>

 #include "Desc.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "Event.h"
 #include "Sessions.h"
@ -194,8 +194,8 @@ void Connection::NextPacket(double t, bool is_orig,
                            // arguments for reproducing packets
                            const zeek::Packet *pkt)
 	{
-	zeek::net::current_timestamp = t;
-	zeek::net::current_pkt = pkt;
+	zeek::run_state::current_timestamp = t;
+	zeek::run_state::current_pkt = pkt;

 	if ( Skipping() )
 		return;
@ -218,13 +218,13 @@ void Connection::NextPacket(double t, bool is_orig,
 	else
 		last_time = t;

-	zeek::net::current_timestamp = 0;
-	zeek::net::current_pkt = nullptr;
+	zeek::run_state::current_timestamp = 0;
+	zeek::run_state::current_pkt = nullptr;
 	}

 void Connection::SetLifetime(double lifetime)
 	{
-	ADD_TIMER(&Connection::DeleteTimer, zeek::net::network_time + lifetime, 0,
+	ADD_TIMER(&Connection::DeleteTimer, zeek::run_state::network_time + lifetime, 0,
 	          zeek::detail::TIMER_CONN_DELETE);
 	}

@ -329,7 +329,7 @@ void Connection::EnableStatusUpdateTimer()
 	if ( connection_status_update && zeek::detail::connection_status_update_interval )
 		{
 		ADD_TIMER(&Connection::StatusUpdateTimer,
-		          zeek::net::network_time + zeek::detail::connection_status_update_interval, 0,
+		          zeek::run_state::network_time + zeek::detail::connection_status_update_interval, 0,
 		          zeek::detail::TIMER_CONN_STATUS_UPDATE);
 		installed_status_timer = 1;
 		}
@ -339,7 +339,7 @@ void Connection::StatusUpdateTimer(double t)
 	{
 	EnqueueEvent(connection_status_update, nullptr, ConnVal());
 	ADD_TIMER(&Connection::StatusUpdateTimer,
-	          zeek::net::network_time + zeek::detail::connection_status_update_interval, 0,
+	          zeek::run_state::network_time + zeek::detail::connection_status_update_interval, 0,
 	          zeek::detail::TIMER_CONN_STATUS_UPDATE);
 	}

--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@ -34,7 +34,7 @@
 #include "ZeekString.h"
 #include "Expr.h"
 #include "Event.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Val.h"
 #include "NetVar.h"
 #include "ID.h"
@ -1338,7 +1338,7 @@ double DNS_Mgr::GetNextTimeout()
 	if ( asyncs_timeouts.empty() )
 		return -1;

-	return zeek::net::network_time + DNS_TIMEOUT;
+	return zeek::run_state::network_time + DNS_TIMEOUT;
 	}

 void DNS_Mgr::Process()
@ -1350,7 +1350,7 @@ void DNS_Mgr::Process()
 		{
 		AsyncRequest* req = asyncs_timeouts.top();

-		if ( req->time + DNS_TIMEOUT > zeek::util::current_time() && ! zeek::net::terminating )
+		if ( req->time + DNS_TIMEOUT > zeek::util::current_time() && ! zeek::run_state::terminating )
 			break;

 		if ( ! req->processed )
--- a/src/Debug.cc
+++ b/src/Debug.cc
@ -158,7 +158,7 @@ int TraceState::LogTrace(const char* fmt, ...)
 	va_start(args, fmt);

 	// Prefix includes timestamp and file/line info.
-	fprintf(trace_file, "%.6f ", zeek::net::network_time);
+	fprintf(trace_file, "%.6f ", zeek::run_state::network_time);

 	const zeek::detail::Stmt* stmt;
 	zeek::detail::Location loc;
--- a/src/DebugLogger.cc
+++ b/src/DebugLogger.cc
@ -4,7 +4,7 @@
 #include <unistd.h>

 #include "DebugLogger.h"
-#include "Net.h"
+#include "RunState.h"
 #include "plugin/Plugin.h"

 zeek::detail::DebugLogger zeek::detail::debug_logger;
@ -159,7 +159,7 @@ void DebugLogger::Log(DebugStream stream, const char* fmt, ...)
 		return;

 	fprintf(file, "%17.06f/%17.06f [%s] ",
-			zeek::net::network_time, zeek::util::current_time(true), g->prefix);
+			zeek::run_state::network_time, zeek::util::current_time(true), g->prefix);

 	for ( int i = g->indent; i > 0; --i )
 		fputs("   ", file);
@ -182,7 +182,7 @@ void DebugLogger::Log(const zeek::plugin::Plugin& plugin, const char* fmt, ...)
 		return;

 	fprintf(file, "%17.06f/%17.06f [plugin %s] ",
-			zeek::net::network_time, zeek::util::current_time(true), plugin.Name().c_str());
+			zeek::run_state::network_time, zeek::util::current_time(true), plugin.Name().c_str());

 	va_list ap;
 	va_start(ap, fmt);
--- a/src/Discard.cc
+++ b/src/Discard.cc
@ -7,7 +7,7 @@
 #include <algorithm>

 #include "ZeekString.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Func.h"
 #include "Var.h"
 #include "Val.h"
--- a/src/Event.cc
+++ b/src/Event.cc
@ -11,7 +11,7 @@
 #include "plugin/Manager.h"
 #include "iosource/Manager.h"
 #include "iosource/PktSrc.h"
-#include "Net.h"
+#include "RunState.h"

 zeek::EventMgr zeek::event_mgr;
 zeek::EventMgr& mgr = zeek::event_mgr;
@ -226,8 +226,8 @@ void EventMgr::Process()
 	// reading live (which includes pseudo-realtime), advance the time
 	// here to the current time since otherwise it won't move forward.
 	zeek::iosource::PktSrc* pkt_src = zeek::iosource_mgr->GetPktSrc();
-	if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::net::reading_live )
-		zeek::net::detail::net_update_time(zeek::util::current_time());
+	if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::run_state::reading_live )
+		zeek::run_state::detail::net_update_time(zeek::util::current_time());

 	queue_flare.Extinguish();

--- a/src/Expr.cc
+++ b/src/Expr.cc
@ -11,7 +11,7 @@
 #include "Scope.h"
 #include "Stmt.h"
 #include "EventRegistry.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Traverse.h"
 #include "Trigger.h"
 #include "IPAddr.h"
@ -3861,7 +3861,7 @@ bool ScheduleExpr::IsPure() const

 ValPtr ScheduleExpr::Eval(Frame* f) const
 	{
-	if ( zeek::net::terminating )
+	if ( zeek::run_state::terminating )
 		return nullptr;

 	auto when_val = when->Eval(f);
@ -3872,7 +3872,7 @@ ValPtr ScheduleExpr::Eval(Frame* f) const
 	double dt = when_val->InternalDouble();

 	if ( when->GetType()->Tag() == zeek::TYPE_INTERVAL )
-		dt += zeek::net::network_time;
+		dt += zeek::run_state::network_time;

 	auto args = eval_list(f, event->Args());

--- a/src/File.cc
+++ b/src/File.cc
@ -25,7 +25,7 @@
 #include "Type.h"
 #include "Expr.h"
 #include "NetVar.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Event.h"
 #include "Reporter.h"
 #include "Desc.h"
@ -119,7 +119,7 @@ const char* File::Name() const
 bool File::Open(FILE* file, const char* mode)
 	{
 	static bool fds_maximized = false;
-	open_time = zeek::net::network_time ? zeek::net::network_time : zeek::util::current_time();
+	open_time = zeek::run_state::network_time ? zeek::run_state::network_time : zeek::util::current_time();

 	if ( ! fds_maximized )
 		{
--- a/src/Frag.cc
+++ b/src/Frag.cc
@ -8,6 +8,7 @@
 #include "NetVar.h"
 #include "Sessions.h"
 #include "Reporter.h"
+#include "RunState.h"

 constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64;
 constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000;
@ -154,7 +155,7 @@ void FragReassembler::AddFragment(double t, const zeek::IP_Hdr* ip, const u_char
 	pkt += hdr_len;
 	len -= hdr_len;

-	NewBlock(zeek::net::network_time, offset, len, pkt);
+	NewBlock(zeek::run_state::network_time, offset, len, pkt);
 	}

 void FragReassembler::Weird(const char* name) const
@ -278,7 +279,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */)
 			{
 			zeek::reporter->InternalWarning("bad fragment reassembly");
 			DeleteTimer();
-			Expire(zeek::net::network_time);
+			Expire(zeek::run_state::network_time);
 			delete [] pkt_start;
 			return;
 			}
--- a/src/Func.cc
+++ b/src/Func.cc
@ -39,7 +39,7 @@
 #include "Expr.h"
 #include "Stmt.h"
 #include "Scope.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "File.h"
 #include "Frame.h"
--- a/src/Net.h
+++ b/src/Net.h
@ -1,124 +1,4 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-#pragma once
-
-#include "zeek-config.h"
-
-#include <sys/stat.h> // for ino_t
-
-#include <list>
-#include <vector>
-#include <string>
-#include <optional>
+#warning "Net.h is deprecated and will be removed in v4.1. Use RunState.h and/or ScannedFile.h instead."

+#include "RunState.h"
 #include "ScannedFile.h"
-
-ZEEK_FORWARD_DECLARE_NAMESPACED(IOSource, zeek, iosource);
-ZEEK_FORWARD_DECLARE_NAMESPACED(PktSrc, zeek, iosource);
-ZEEK_FORWARD_DECLARE_NAMESPACED(PktDumper, zeek, iosource);
-ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
-
-namespace zeek::net {
-namespace detail {
-
-extern void net_init(const std::optional<std::string>& interfaces,
-                     const std::optional<std::string>& pcap_input_file,
-                     const std::optional<std::string>& pcap_output_file,
-                     bool do_watchdog);
-extern void net_run();
-extern void net_get_final_stats();
-extern void net_finish(int drain_events);
-extern void net_delete();	// Reclaim all memory, etc.
-extern void net_update_time(double new_network_time);
-extern void net_packet_dispatch(double t, const zeek::Packet* pkt,
-                                zeek::iosource::PktSrc* src_ps);
-extern void expire_timers(zeek::iosource::PktSrc* src_ps = nullptr);
-extern void zeek_terminate_loop(const char* reason);
-
-extern zeek::iosource::PktSrc* current_pktsrc;
-extern zeek::iosource::IOSource* current_iosrc;
-extern zeek::iosource::PktDumper* pkt_dumper;	// where to save packets
-
-// True if we have timers scheduled for the future on which we need
-// to wait.  "Need to wait" here means that we're running live (though
-// perhaps not reading_live, but just running in real-time) as opposed
-// to reading a trace (in which case we don't want to wait in real-time
-// on future timers).
-extern bool have_pending_timers;
-
-} // namespace detail
-
-// Functions to temporarily suspend processing of live input (network packets
-// and remote events/state). Turning this is on is sure to lead to data loss!
-extern void net_suspend_processing();
-extern void net_continue_processing();
-bool net_is_processing_suspended();
-
-// Whether we're reading live traffic.
-extern bool reading_live;
-
-// Same but for reading from traces instead.  We have two separate
-// variables because it's possible that neither is true, and we're
-// instead just running timers (per the variable after this one).
-extern bool reading_traces;
-
-// If > 0, we are reading from traces but trying to mimic real-time behavior.
-// (In this case, both reading_traces and reading_live are true.)  The value
-// is the speedup (1 = real-time, 0.5 = half real-time, etc.).
-extern double pseudo_realtime;
-
-// When we started processing the current packet and corresponding event
-// queue.
-extern double processing_start_time;
-
-// When the Bro process was started.
-extern double zeek_start_time;
-
-// Time at which the Bro process was started with respect to network time,
-// i.e. the timestamp of the first packet.
-extern double zeek_start_network_time;
-
-// Time according to last packet timestamp (or current time)
-extern double network_time;
-
-// True if we're a in the process of cleaning-up just before termination.
-extern bool terminating;
-
-// True if Bro is currently parsing scripts.
-extern bool is_parsing;
-
-extern const zeek::Packet* current_pkt;
-extern int current_dispatched;
-extern double current_timestamp;
-
-} // namespace zeek::net
-
-constexpr auto net_init [[deprecated("Remove in v4.1. Use zeek::net::detail::net_init.")]] = zeek::net::detail::net_init;
-constexpr auto net_run [[deprecated("Remove in v4.1. Use zeek::net::detail::net_run.")]] = zeek::net::detail::net_run;
-constexpr auto net_get_final_stats [[deprecated("Remove in v4.1. Use zeek::net::detail::net_get_final_stats.")]] = zeek::net::detail::net_get_final_stats;
-constexpr auto net_finish [[deprecated("Remove in v4.1. Use zeek::net::detail::net_finish.")]] = zeek::net::detail::net_finish;
-constexpr auto net_delete [[deprecated("Remove in v4.1. Use zeek::net::detail::net_delete.")]] = zeek::net::detail::net_delete;
-constexpr auto net_update_time [[deprecated("Remove in v4.1. Use zeek::net::detail::net_update_time.")]] = zeek::net::detail::net_update_time;
-constexpr auto net_packet_dispatch [[deprecated("Remove in v4.1. Use zeek::net::detail::net_packet_dispatch.")]] = zeek::net::detail::net_packet_dispatch;
-constexpr auto expire_timers [[deprecated("Remove in v4.1. Use zeek::net::detail::expire_timers.")]] = zeek::net::detail::expire_timers;
-constexpr auto zeek_terminate_loop [[deprecated("Remove in v4.1. Use zeek::net::detail::zeek_terminate_loop.")]] = zeek::net::detail::zeek_terminate_loop;
-extern zeek::iosource::PktSrc*& current_pktsrc [[deprecated("Remove in v4.1. Use zeek::net::detail::current_pktsrc.")]];
-extern zeek::iosource::IOSource*& current_iosrc [[deprecated("Remove in v4.1. Use zeek::net::detail::current_iosrc.")]];
-extern zeek::iosource::PktDumper*& pkt_dumper [[deprecated("Remove in v4.1. Use zeek::net::detail::pkt_dumper.")]];
-extern bool& have_pending_timers [[deprecated("Remove in v4.1. Use zeek::net::detail::have_pending_timers.")]];
-
-constexpr auto net_suspend_processing [[deprecated("Remove in v4.1. Use zeek::net::net_suspend_processing.")]] = zeek::net::net_suspend_processing;
-constexpr auto net_continue_processing [[deprecated("Remove in v4.1. Use zeek::net::net_continue_processing.")]] = zeek::net::net_continue_processing;
-constexpr auto net_is_processing_suspended [[deprecated("Remove in v4.1. Use zeek::net::net_is_processing_suspended.")]] = zeek::net::net_is_processing_suspended;
-
-extern bool& reading_live [[deprecated("Remove in v4.1. Use zeek::net::reading_live.")]];
-extern bool& reading_traces [[deprecated("Remove in v4.1. Use zeek::net::reading_traces.")]];
-extern double& pseudo_realtime [[deprecated("Remove in v4.1. Use zeek::net::pseudo_realtime.")]];
-extern double& processing_start_time [[deprecated("Remove in v4.1. Use zeek::net::processing_start_time.")]];
-extern double& bro_start_time [[deprecated("Remove in v4.1. Use zeek::net::zeek_start_time.")]];
-extern double& bro_start_network_time [[deprecated("Remove in v4.1. Use zeek::net::zeek_start_network_time.")]];
-extern bool& terminating [[deprecated("Remove in v4.1. Use zeek::net::terminating.")]];
-extern bool& is_parsing [[deprecated("Remove in v4.1. Use zeek::net::is_parsing.")]];
-extern const zeek::Packet*& current_pkt [[deprecated("Remove in v4.1. Use zeek::net::current_pkt.")]];
-extern int& current_dispatched [[deprecated("Remove in v4.1. Use zeek::net::current_dispatched.")]];
-extern double& current_timestamp [[deprecated("Remove in v4.1. Use zeek::net::current_timestamp.")]];
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@ -12,7 +12,7 @@
 #include "Event.h"
 #include "Expr.h"
 #include "NetVar.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Conn.h"
 #include "Timer.h"
 #include "ID.h"
@ -226,7 +226,7 @@ void Reporter::InternalWarning(const char* fmt, ...)

 void Reporter::Syslog(const char* fmt, ...)
 	{
-	if ( zeek::net::reading_traces )
+	if ( zeek::run_state::reading_traces )
 		return;

 	va_list ap;
@ -313,7 +313,7 @@ bool Reporter::PermitNetWeird(const char* name)
 	++count;

 	if ( count == 1 )
-		zeek::detail::timer_mgr->Add(new NetWeirdTimer(zeek::net::network_time, name,
+		zeek::detail::timer_mgr->Add(new NetWeirdTimer(zeek::run_state::network_time, name,
 		                                               weird_sampling_duration));

 	if ( count <= weird_sampling_threshold )
@ -333,7 +333,7 @@ bool Reporter::PermitFlowWeird(const char* name,
 	auto& map = flow_weird_state[endpoints];

 	if ( map.empty() )
-		zeek::detail::timer_mgr->Add(new FlowWeirdTimer(zeek::net::network_time, endpoints,
+		zeek::detail::timer_mgr->Add(new FlowWeirdTimer(zeek::run_state::network_time, endpoints,
 		                                                weird_sampling_duration));

 	auto& count = map[name];
@ -360,7 +360,7 @@ bool Reporter::PermitExpiredConnWeird(const char* name, const zeek::RecordVal& c
 	auto& map = expired_conn_weird_state[conn_tuple];

 	if ( map.empty() )
-		zeek::detail::timer_mgr->Add(new ConnTupleWeirdTimer(zeek::net::network_time,
+		zeek::detail::timer_mgr->Add(new ConnTupleWeirdTimer(zeek::run_state::network_time,
 		                                                     std::move(conn_tuple),
 		                                                     weird_sampling_duration));

@ -563,7 +563,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out,

 		if ( time )
 			vl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(
-				                zeek::net::network_time ? zeek::net::network_time : zeek::util::current_time()));
+				                zeek::run_state::network_time ? zeek::run_state::network_time : zeek::util::current_time()));

 		vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(buffer));

@ -595,10 +595,10 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out,
 		{
 		std::string s = "";

-		if ( zeek::net::zeek_start_network_time != 0.0 )
+		if ( zeek::run_state::zeek_start_network_time != 0.0 )
 			{
 			char tmp[32];
-			snprintf(tmp, 32, "%.6f", zeek::net::network_time);
+			snprintf(tmp, 32, "%.6f", zeek::run_state::network_time);
 			s += std::string(tmp) + " ";
 			}

--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -22,6 +22,7 @@
 #include "module_util.h"
 #include "Var.h"
 #include "IPAddr.h"
+#include "RunState.h"

 using namespace std;

@ -1236,9 +1237,9 @@ void RuleMatcher::DumpStats(zeek::File* f)

 	f->Write(zeek::util::fmt("%.6f computed dfa states = %d; classes = ??; "
 	                         "computed trans. = %d; matchers = %d; mem = %d\n",
-	                         zeek::net::network_time, stats.dfa_states, stats.computed,
+	                         zeek::run_state::network_time, stats.dfa_states, stats.computed,
 	                         stats.matchers, stats.mem));
-	f->Write(zeek::util::fmt("%.6f DFA cache hits = %d; misses = %d\n", zeek::net::network_time,
+	f->Write(zeek::util::fmt("%.6f DFA cache hits = %d; misses = %d\n", zeek::run_state::network_time,
 	                         stats.hits, stats.misses));

 	DumpStateStats(f, root);
@ -1256,7 +1257,8 @@ void RuleMatcher::DumpStateStats(zeek::File* f, RuleHdrTest* hdr_test)
 			RuleHdrTest::PatternSet* set = hdr_test->psets[i][j];
 			assert(set->re);

-			f->Write(zeek::util::fmt("%.6f %d DFA states in %s group %d from sigs ", zeek::net::network_time,
+			f->Write(zeek::util::fmt("%.6f %d DFA states in %s group %d from sigs ",
+			                         zeek::run_state::network_time,
 			                         set->re->DFA()->NumStates(),
 			                         Rule::TypeToString((Rule::PatternType)i), j));

--- a/src/RunState.cc
+++ b/src/RunState.cc
@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.

 #include "zeek-config.h"
-#include "Net.h"
+#include "RunState.h"

 #include <sys/types.h>
 #ifdef TIME_WITH_SYS_TIME
@ -45,7 +45,7 @@ extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
 static double last_watchdog_proc_time = 0.0;	// value of above during last watchdog
 extern int signal_val;

-namespace zeek::net {
+namespace zeek::run_state {
 namespace detail {

 zeek::iosource::PktDumper* pkt_dumper = nullptr;
@ -438,23 +438,23 @@ void net_continue_processing()

 bool net_is_processing_suspended()	{ return _processing_suspended; }

-} // namespace zeek::net
+} // namespace zeek::run_state

 // Remove all of these in v4.1.
-zeek::iosource::PktSrc*& current_pktsrc = zeek::net::detail::current_pktsrc;
-zeek::iosource::IOSource*& current_iosrc = zeek::net::detail::current_iosrc;
-zeek::iosource::PktDumper*& pkt_dumper = zeek::net::detail::pkt_dumper;
-bool& have_pending_timers = zeek::net::detail::have_pending_timers;
+zeek::iosource::PktSrc*& current_pktsrc = zeek::run_state::detail::current_pktsrc;
+zeek::iosource::IOSource*& current_iosrc = zeek::run_state::detail::current_iosrc;
+zeek::iosource::PktDumper*& pkt_dumper = zeek::run_state::detail::pkt_dumper;
+bool& have_pending_timers = zeek::run_state::detail::have_pending_timers;

-bool& reading_live = zeek::net::reading_live;
-bool& reading_traces = zeek::net::reading_traces;
-double& pseudo_realtime = zeek::net::pseudo_realtime;
-double& processing_start_time = zeek::net::processing_start_time;
-double& bro_start_time = zeek::net::zeek_start_time;
-double& bro_start_network_time = zeek::net::zeek_start_network_time;
-bool& terminating = zeek::net::terminating;
-bool& is_parsing = zeek::net::is_parsing;
+bool& reading_live = zeek::run_state::reading_live;
+bool& reading_traces = zeek::run_state::reading_traces;
+double& pseudo_realtime = zeek::run_state::pseudo_realtime;
+double& processing_start_time = zeek::run_state::processing_start_time;
+double& bro_start_time = zeek::run_state::zeek_start_time;
+double& bro_start_network_time = zeek::run_state::zeek_start_network_time;
+bool& terminating = zeek::run_state::terminating;
+bool& is_parsing = zeek::run_state::is_parsing;

-const zeek::Packet*& current_pkt = zeek::net::current_pkt;
-int& current_dispatched = zeek::net::current_dispatched;
-double& current_timestamp = zeek::net::current_timestamp;
+const zeek::Packet*& current_pkt = zeek::run_state::current_pkt;
+int& current_dispatched = zeek::run_state::current_dispatched;
+double& current_timestamp = zeek::run_state::current_timestamp;
--- a/src/RunState.h
+++ b/src/RunState.h
@ -0,0 +1,118 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#pragma once
+
+#include "zeek-config.h"
+
+#include <string>
+#include <optional>
+
+ZEEK_FORWARD_DECLARE_NAMESPACED(IOSource, zeek, iosource);
+ZEEK_FORWARD_DECLARE_NAMESPACED(PktSrc, zeek, iosource);
+ZEEK_FORWARD_DECLARE_NAMESPACED(PktDumper, zeek, iosource);
+ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
+
+namespace zeek::run_state {
+namespace detail {
+
+extern void net_init(const std::optional<std::string>& interfaces,
+                     const std::optional<std::string>& pcap_input_file,
+                     const std::optional<std::string>& pcap_output_file,
+                     bool do_watchdog);
+extern void net_run();
+extern void net_get_final_stats();
+extern void net_finish(int drain_events);
+extern void net_delete();	// Reclaim all memory, etc.
+extern void net_update_time(double new_network_time);
+extern void net_packet_dispatch(double t, const zeek::Packet* pkt,
+                                zeek::iosource::PktSrc* src_ps);
+extern void expire_timers(zeek::iosource::PktSrc* src_ps = nullptr);
+extern void zeek_terminate_loop(const char* reason);
+
+extern zeek::iosource::PktSrc* current_pktsrc;
+extern zeek::iosource::IOSource* current_iosrc;
+extern zeek::iosource::PktDumper* pkt_dumper;	// where to save packets
+
+// True if we have timers scheduled for the future on which we need
+// to wait.  "Need to wait" here means that we're running live (though
+// perhaps not reading_live, but just running in real-time) as opposed
+// to reading a trace (in which case we don't want to wait in real-time
+// on future timers).
+extern bool have_pending_timers;
+
+} // namespace detail
+
+// Functions to temporarily suspend processing of live input (network packets
+// and remote events/state). Turning this is on is sure to lead to data loss!
+extern void net_suspend_processing();
+extern void net_continue_processing();
+bool net_is_processing_suspended();
+
+// Whether we're reading live traffic.
+extern bool reading_live;
+
+// Same but for reading from traces instead.  We have two separate
+// variables because it's possible that neither is true, and we're
+// instead just running timers (per the variable after this one).
+extern bool reading_traces;
+
+// If > 0, we are reading from traces but trying to mimic real-time behavior.
+// (In this case, both reading_traces and reading_live are true.)  The value
+// is the speedup (1 = real-time, 0.5 = half real-time, etc.).
+extern double pseudo_realtime;
+
+// When we started processing the current packet and corresponding event
+// queue.
+extern double processing_start_time;
+
+// When the Bro process was started.
+extern double zeek_start_time;
+
+// Time at which the Bro process was started with respect to network time,
+// i.e. the timestamp of the first packet.
+extern double zeek_start_network_time;
+
+// Time according to last packet timestamp (or current time)
+extern double network_time;
+
+// True if we're a in the process of cleaning-up just before termination.
+extern bool terminating;
+
+// True if Bro is currently parsing scripts.
+extern bool is_parsing;
+
+extern const zeek::Packet* current_pkt;
+extern int current_dispatched;
+extern double current_timestamp;
+
+} // namespace zeek::run_state
+
+constexpr auto net_init [[deprecated("Remove in v4.1. Use zeek::run_state::detail::net_init.")]] = zeek::run_state::detail::net_init;
+constexpr auto net_run [[deprecated("Remove in v4.1. Use zeek::run_state::detail::net_run.")]] = zeek::run_state::detail::net_run;
+constexpr auto net_get_final_stats [[deprecated("Remove in v4.1. Use zeek::run_state::detail::net_get_final_stats.")]] = zeek::run_state::detail::net_get_final_stats;
+constexpr auto net_finish [[deprecated("Remove in v4.1. Use zeek::run_state::detail::net_finish.")]] = zeek::run_state::detail::net_finish;
+constexpr auto net_delete [[deprecated("Remove in v4.1. Use zeek::run_state::detail::net_delete.")]] = zeek::run_state::detail::net_delete;
+constexpr auto net_update_time [[deprecated("Remove in v4.1. Use zeek::run_state::detail::net_update_time.")]] = zeek::run_state::detail::net_update_time;
+constexpr auto net_packet_dispatch [[deprecated("Remove in v4.1. Use zeek::run_state::detail::net_packet_dispatch.")]] = zeek::run_state::detail::net_packet_dispatch;
+constexpr auto expire_timers [[deprecated("Remove in v4.1. Use zeek::run_state::detail::expire_timers.")]] = zeek::run_state::detail::expire_timers;
+constexpr auto zeek_terminate_loop [[deprecated("Remove in v4.1. Use zeek::run_state::detail::zeek_terminate_loop.")]] = zeek::run_state::detail::zeek_terminate_loop;
+extern zeek::iosource::PktSrc*& current_pktsrc [[deprecated("Remove in v4.1. Use zeek::run_state::detail::current_pktsrc.")]];
+extern zeek::iosource::IOSource*& current_iosrc [[deprecated("Remove in v4.1. Use zeek::run_state::detail::current_iosrc.")]];
+extern zeek::iosource::PktDumper*& pkt_dumper [[deprecated("Remove in v4.1. Use zeek::run_state::detail::pkt_dumper.")]];
+extern bool& have_pending_timers [[deprecated("Remove in v4.1. Use zeek::run_state::detail::have_pending_timers.")]];
+
+constexpr auto net_suspend_processing [[deprecated("Remove in v4.1. Use zeek::run_state::net_suspend_processing.")]] = zeek::run_state::net_suspend_processing;
+constexpr auto net_continue_processing [[deprecated("Remove in v4.1. Use zeek::run_state::net_continue_processing.")]] = zeek::run_state::net_continue_processing;
+constexpr auto net_is_processing_suspended [[deprecated("Remove in v4.1. Use zeek::run_state::net_is_processing_suspended.")]] = zeek::run_state::net_is_processing_suspended;
+
+extern bool& reading_live [[deprecated("Remove in v4.1. Use zeek::run_state::reading_live.")]];
+extern bool& reading_traces [[deprecated("Remove in v4.1. Use zeek::run_state::reading_traces.")]];
+extern double& pseudo_realtime [[deprecated("Remove in v4.1. Use zeek::run_state::pseudo_realtime.")]];
+extern double& processing_start_time [[deprecated("Remove in v4.1. Use zeek::run_state::processing_start_time.")]];
+extern double& bro_start_time [[deprecated("Remove in v4.1. Use zeek::run_state::zeek_start_time.")]];
+extern double& bro_start_network_time [[deprecated("Remove in v4.1. Use zeek::run_state::zeek_start_network_time.")]];
+extern bool& terminating [[deprecated("Remove in v4.1. Use zeek::run_state::terminating.")]];
+extern bool& is_parsing [[deprecated("Remove in v4.1. Use zeek::run_state::is_parsing.")]];
+extern const zeek::Packet*& current_pkt [[deprecated("Remove in v4.1. Use zeek::run_state::current_pkt.")]];
+extern int& current_dispatched [[deprecated("Remove in v4.1. Use zeek::run_state::current_dispatched.")]];
+extern double& current_timestamp [[deprecated("Remove in v4.1. Use zeek::run_state::current_timestamp.")]];
--- a/src/ScannedFile.h
+++ b/src/ScannedFile.h
@ -31,7 +31,6 @@ public:
 	std::string canonical_path; // normalized, absolute path via realpath()

 	static auto constexpr canonical_stdin_path = "<stdin>";
-
 };

 extern std::list<ScannedFile> files_scanned;
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -11,7 +11,7 @@
 #include <unistd.h>

 #include "Desc.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Event.h"
 #include "Timer.h"
 #include "NetVar.h"
@ -633,11 +633,11 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
 			{
 			EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr(),
 			                     tunnel_type);
-			ip_tunnels[tunnel_idx] = TunnelActivity(ec, zeek::net::network_time);
-	        zeek::detail::timer_mgr->Add(new detail::IPTunnelTimer(zeek::net::network_time, tunnel_idx));
+			ip_tunnels[tunnel_idx] = TunnelActivity(ec, zeek::run_state::network_time);
+	        zeek::detail::timer_mgr->Add(new detail::IPTunnelTimer(zeek::run_state::network_time, tunnel_idx));
 			}
 		else
-			it->second.second = zeek::net::network_time;
+			it->second.second = zeek::run_state::network_time;

 		if ( gre_version == 0 )
 			DoNextInnerPacket(t, pkt, caplen, len, data, gre_link_type,
@ -759,9 +759,9 @@ void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt,
 		ts = pkt->ts;
 	else
 		{
-		ts.tv_sec = (time_t) zeek::net::network_time;
+		ts.tv_sec = (time_t) zeek::run_state::network_time;
 		ts.tv_usec = (suseconds_t)
-		    ((zeek::net::network_time - (double)ts.tv_sec) * 1000000);
+		    ((zeek::run_state::network_time - (double)ts.tv_sec) * 1000000);
 		}

 	const u_char* data = nullptr;
@ -797,9 +797,9 @@ void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt,
 		ts = pkt->ts;
 	else
 		{
-		ts.tv_sec = (time_t) zeek::net::network_time;
+		ts.tv_sec = (time_t) zeek::run_state::network_time;
 		ts.tv_usec = (suseconds_t)
-		    ((zeek::net::network_time - (double)ts.tv_sec) * 1000000);
+		    ((zeek::run_state::network_time - (double)ts.tv_sec) * 1000000);
 		}

 	EncapsulationStack* outer = prev ?
@ -1311,7 +1311,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,

 void NetSessions::DumpPacket(const zeek::Packet *pkt, int len)
 	{
-	if ( ! zeek::net::detail::pkt_dumper )
+	if ( ! zeek::run_state::detail::pkt_dumper )
 		return;

 	if ( len != 0 )
@ -1322,7 +1322,7 @@ void NetSessions::DumpPacket(const zeek::Packet *pkt, int len)
 			const_cast<zeek::Packet *>(pkt)->cap_len = len;
 		}

-	zeek::net::detail::pkt_dumper->Dump(pkt);
+	zeek::run_state::detail::pkt_dumper->Dump(pkt);
 	}

 void NetSessions::Weird(const char* name, const zeek::Packet* pkt,
@ -1351,7 +1351,7 @@ unsigned int NetSessions::ConnectionMemoryUsage()
 	{
 	unsigned int mem = 0;

-	if ( zeek::net::terminating )
+	if ( zeek::run_state::terminating )
 		// Connections have been flushed already.
 		return 0;

@ -1371,7 +1371,7 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals()
 	{
 	unsigned int mem = 0;

-	if ( zeek::net::terminating )
+	if ( zeek::run_state::terminating )
 		// Connections have been flushed already.
 		return 0;

@ -1389,7 +1389,7 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals()

 unsigned int NetSessions::MemoryAllocation()
 	{
-	if ( zeek::net::terminating )
+	if ( zeek::run_state::terminating )
 		// Connections have been flushed already.
 		return 0;

--- a/src/Stats.cc
+++ b/src/Stats.cc
@ -3,7 +3,7 @@
 #include "Conn.h"
 #include "File.h"
 #include "Event.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "ID.h"
 #include "Sessions.h"
@ -51,7 +51,7 @@ void ProfileTimer::Dispatch(double t, bool is_expire)

 	// Reinstall timer.
 	if ( ! is_expire )
-		zeek::detail::timer_mgr->Add(new ProfileTimer(zeek::net::network_time + interval,
+		zeek::detail::timer_mgr->Add(new ProfileTimer(zeek::run_state::network_time + interval,
 		                                              logger, interval));
 	}

@ -71,11 +71,11 @@ ProfileLogger::~ProfileLogger()

 void ProfileLogger::Log()
 	{
-	if ( zeek::net::terminating )
+	if ( zeek::run_state::terminating )
 		// Connections have been flushed already.
 		return;

-	file->Write(zeek::util::fmt("%.06f ------------------------\n", zeek::net::network_time));
+	file->Write(zeek::util::fmt("%.06f ------------------------\n", zeek::run_state::network_time));

 	// Do expensive profiling only occasionally.
 	bool expensive = false;
@ -108,27 +108,27 @@ void ProfileLogger::Log()
 		first_utime = utime;
 		first_stime = stime;

-		file->Write(zeek::util::fmt("%.06f Command line: ", zeek::net::network_time ));
+		file->Write(zeek::util::fmt("%.06f Command line: ", zeek::run_state::network_time ));
 		for ( int i = 0; i < zeek_argc; i++ )
 			{
 			file->Write(zeek_argv[i]);
 			file->Write(" ");
 			}
-		file->Write(zeek::util::fmt("\n%.06f ------------------------\n", zeek::net::network_time));
+		file->Write(zeek::util::fmt("\n%.06f ------------------------\n", zeek::run_state::network_time));
 		}

 	file->Write(zeek::util::fmt("%.06f Memory: total=%" PRId64 "K total_adj=%" PRId64 "K malloced: %" PRId64 "K\n",
-		zeek::net::network_time, total / 1024, (total - first_total) / 1024,
+		zeek::run_state::network_time, total / 1024, (total - first_total) / 1024,
 		malloced / 1024));

 	file->Write(zeek::util::fmt("%.06f Run-time: user+sys=%.1f user=%.1f sys=%.1f real=%.1f\n",
-		zeek::net::network_time, (utime + stime) - (first_utime + first_stime),
+		zeek::run_state::network_time, (utime + stime) - (first_utime + first_stime),
 		utime - first_utime, stime - first_stime, rtime - first_rtime));

 	int conn_mem_use = expensive ? sessions->ConnectionMemoryUsage() : 0;

 	file->Write(zeek::util::fmt("%.06f Conns: total=%" PRIu64 " current=%" PRIu64 "/%" PRIi32 " mem=%" PRIi32 "K avg=%.1f table=%" PRIu32 "K connvals=%" PRIu32 "K\n",
-		zeek::net::network_time,
+		zeek::run_state::network_time,
 		Connection::TotalConnections(),
 		Connection::CurrentConnections(),
 		sessions->CurrentConnections(),
@ -142,19 +142,19 @@ void ProfileLogger::Log()
 	sessions->GetStats(s);

 	file->Write(zeek::util::fmt("%.06f Conns: tcp=%zu/%zu udp=%zu/%zu icmp=%zu/%zu\n",
-		zeek::net::network_time,
+		zeek::run_state::network_time,
 		s.num_TCP_conns, s.max_TCP_conns,
 		s.num_UDP_conns, s.max_UDP_conns,
 		s.num_ICMP_conns, s.max_ICMP_conns
 		));

 	sessions->tcp_stats.PrintStats(file,
-			zeek::util::fmt("%.06f TCP-States:", zeek::net::network_time));
+			zeek::util::fmt("%.06f TCP-States:", zeek::run_state::network_time));

 	// Alternatively, if you prefer more compact output...
 	/*
 	file->Write(zeek::util::fmt("%.8f TCP-States: I=%d S=%d SA=%d SR=%d E=%d EF=%d ER=%d F=%d P=%d\n",
-		       zeek::net::network_time,
+		       zeek::run_state::network_time,
 		       sessions->tcp_stats.StateInactive(),
 		       sessions->tcp_stats.StateRequest(),
 		       sessions->tcp_stats.StateSuccRequest(),
@ -168,9 +168,9 @@ void ProfileLogger::Log()
 	*/

 	file->Write(zeek::util::fmt("%.06f Connections expired due to inactivity: %" PRIu64 "\n",
-		zeek::net::network_time, killed_by_inactivity));
+		zeek::run_state::network_time, killed_by_inactivity));

-	file->Write(zeek::util::fmt("%.06f Total reassembler data: %" PRIu64 "K\n", zeek::net::network_time,
+	file->Write(zeek::util::fmt("%.06f Total reassembler data: %" PRIu64 "K\n", zeek::run_state::network_time,
 		Reassembler::TotalMemoryAllocation() / 1024));

 	// Signature engine.
@ -180,38 +180,38 @@ void ProfileLogger::Log()
 		zeek::detail::rule_matcher->GetStats(&stats);

 		file->Write(zeek::util::fmt("%06f RuleMatcher: matchers=%d nfa_states=%d dfa_states=%d "
-			"ncomputed=%d mem=%dK\n", zeek::net::network_time, stats.matchers,
+			"ncomputed=%d mem=%dK\n", zeek::run_state::network_time, stats.matchers,
 			stats.nfa_states, stats.dfa_states, stats.computed, stats.mem / 1024));
 		}

 	file->Write(zeek::util::fmt("%.06f Timers: current=%d max=%d lag=%.2fs\n",
-	                zeek::net::network_time,
+	                zeek::run_state::network_time,
 	                zeek::detail::timer_mgr->Size(), zeek::detail::timer_mgr->PeakSize(),
-	                zeek::net::network_time - zeek::detail::timer_mgr->LastTimestamp()));
+	                zeek::run_state::network_time - zeek::detail::timer_mgr->LastTimestamp()));

 	zeek::detail::DNS_Mgr::Stats dstats;
 	zeek::detail::dns_mgr->GetStats(&dstats);

 	file->Write(zeek::util::fmt("%.06f DNS_Mgr: requests=%lu succesful=%lu failed=%lu pending=%lu cached_hosts=%lu cached_addrs=%lu\n",
-					zeek::net::network_time,
+					zeek::run_state::network_time,
 					dstats.requests, dstats.successful, dstats.failed, dstats.pending,
 					dstats.cached_hosts, dstats.cached_addresses));

 	zeek::detail::trigger::Manager::Stats tstats;
 	zeek::detail::trigger_mgr->GetStats(&tstats);

-	file->Write(zeek::util::fmt("%.06f Triggers: total=%lu pending=%lu\n", zeek::net::network_time, tstats.total, tstats.pending));
+	file->Write(zeek::util::fmt("%.06f Triggers: total=%lu pending=%lu\n", zeek::run_state::network_time, tstats.total, tstats.pending));

 	unsigned int* current_timers = zeek::detail::TimerMgr::CurrentTimers();
 	for ( int i = 0; i < zeek::detail::NUM_TIMER_TYPES; ++i )
 		{
 		if ( current_timers[i] )
-			file->Write(zeek::util::fmt("%.06f         %s = %d\n", zeek::net::network_time,
+			file->Write(zeek::util::fmt("%.06f         %s = %d\n", zeek::run_state::network_time,
 			                zeek::detail::timer_type_to_string(static_cast<zeek::detail::TimerType>(i)),
 			                current_timers[i]));
 		}

-	file->Write(zeek::util::fmt("%0.6f Threads: current=%d\n", zeek::net::network_time, zeek::thread_mgr->NumThreads()));
+	file->Write(zeek::util::fmt("%0.6f Threads: current=%d\n", zeek::run_state::network_time, zeek::thread_mgr->NumThreads()));

 	const threading::Manager::msg_stats_list& thread_stats = zeek::thread_mgr->GetMsgThreadStats();
 	for ( threading::Manager::msg_stats_list::const_iterator i = thread_stats.begin();
@ -221,7 +221,7 @@ void ProfileLogger::Log()
 		file->Write(zeek::util::fmt("%0.6f   %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64
 				" (#queue r/w: in=%" PRIu64 "/%" PRIu64 " out=%" PRIu64 "/%" PRIu64 ")"
 			        "\n",
-			    zeek::net::network_time,
+			    zeek::run_state::network_time,
 			    i->first.c_str(),
 			    s.sent_in, s.sent_out,
 			    s.pending_in, s.pending_out,
@ -237,7 +237,7 @@ void ProfileLogger::Log()
 			"events_in=%zu events_out=%zu "
 			"logs_in=%zu logs_out=%zu "
 			"ids_in=%zu ids_out=%zu ",
-			zeek::net::network_time, cs.num_peers, cs.num_stores,
+			zeek::run_state::network_time, cs.num_peers, cs.num_stores,
 			cs.num_pending_queries,
 			cs.num_events_incoming, cs.num_events_outgoing,
 			cs.num_logs_incoming, cs.num_logs_outgoing,
@ -254,7 +254,7 @@ void ProfileLogger::Log()
 		int total_table_rentries = 0;

 		file->Write(zeek::util::fmt("%.06f Global_sizes > 100k: %dK\n",
-				zeek::net::network_time, mem / 1024));
+				zeek::run_state::network_time, mem / 1024));

 		for ( const auto& global : globals )
 			{
@ -295,7 +295,7 @@ void ProfileLogger::Log()
 				if ( print )
 					{
 					file->Write(zeek::util::fmt("%.06f                %s = %dK",
-						zeek::net::network_time, id->Name(),
+						zeek::run_state::network_time, id->Name(),
 						size / 1024));

 					if ( entries >= 0 )
@ -308,9 +308,9 @@ void ProfileLogger::Log()
 			}

 		file->Write(zeek::util::fmt("%.06f Global_sizes total: %dK\n",
-				zeek::net::network_time, mem / 1024));
+				zeek::run_state::network_time, mem / 1024));
 		file->Write(zeek::util::fmt("%.06f Total number of table entries: %d/%d\n",
-				zeek::net::network_time,
+				zeek::run_state::network_time,
 				total_table_entries, total_table_rentries));
 		}

@ -330,16 +330,16 @@ void ProfileLogger::SegmentProfile(const char* name, const zeek::detail::Locatio
 	{
 	if ( name )
 		file->Write(zeek::util::fmt("%.06f segment-%s dt=%.06f dmem=%d\n",
-				zeek::net::network_time, name, dtime, dmem));
+				zeek::run_state::network_time, name, dtime, dmem));
 	else if ( loc )
 		file->Write(zeek::util::fmt("%.06f segment-%s:%d dt=%.06f dmem=%d\n",
-				zeek::net::network_time,
+				zeek::run_state::network_time,
 				loc->filename ? loc->filename : "nofile",
 				loc->first_line,
 				dtime, dmem));
 	else
 		file->Write(zeek::util::fmt("%.06f segment-XXX dt=%.06f dmem=%d\n",
-				zeek::net::network_time, dtime, dmem));
+				zeek::run_state::network_time, dtime, dmem));
 	}


--- a/src/Stmt.cc
+++ b/src/Stmt.cc
@ -169,7 +169,7 @@ ExprListStmt::~ExprListStmt() = default;

 ValPtr ExprListStmt::Exec(Frame* f, StmtFlowType& flow) const
 	{
-	last_access = zeek::net::network_time;
+	last_access = zeek::run_state::network_time;
 	flow = FLOW_NEXT;

 	auto vals = eval_list(f, l.get());
@ -233,7 +233,7 @@ static void print_log(const std::vector<ValPtr>& vals)
 		vec->Assign(vec->Size(), zeek::make_intrusive<zeek::StringVal>(d.Description()));
 		}

-	record->Assign(0, zeek::make_intrusive<zeek::TimeVal>(zeek::net::network_time));
+	record->Assign(0, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::network_time));
 	record->Assign(1, std::move(vec));
 	zeek::log_mgr->Write(plval.get(), record.get());
 	}
--- a/src/Stmt.h
+++ b/src/Stmt.h
@ -16,7 +16,7 @@
 ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail);

-namespace zeek::net { extern double network_time; }
+namespace zeek::run_state { extern double network_time; }

 namespace zeek::detail {

@ -53,7 +53,7 @@ public:

 	ForStmt* AsForStmt();

-	void RegisterAccess() const	{ last_access = zeek::net::network_time; access_count++; }
+	void RegisterAccess() const	{ last_access = zeek::run_state::network_time; access_count++; }
 	void AccessStats(ODesc* d) const;
 	uint32_t GetAccessCount() const { return access_count; }

--- a/src/Timer.cc
+++ b/src/Timer.cc
@ -5,7 +5,7 @@
 #include "util.h"
 #include "Timer.h"
 #include "Desc.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "broker/Manager.h"
 #include "iosource/Manager.h"
@ -96,13 +96,13 @@ void TimerMgr::Process()
 	// pseudo-realtime), advance the timer here to the current time since otherwise it won't
 	// move forward and the timers won't fire correctly.
 	iosource::PktSrc* pkt_src = zeek::iosource_mgr->GetPktSrc();
-	if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::net::reading_live || zeek::net::net_is_processing_suspended() )
-		zeek::net::detail::net_update_time(zeek::util::current_time());
+	if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::run_state::reading_live || zeek::run_state::net_is_processing_suspended() )
+		zeek::run_state::detail::net_update_time(zeek::util::current_time());

 	// Just advance the timer manager based on the current network time. This won't actually
 	// change the time, but will dispatch any timers that need dispatching.
-	zeek::net::current_dispatched += Advance(zeek::net::network_time,
-	                                         max_timer_expires - zeek::net::current_dispatched);
+	zeek::run_state::current_dispatched += Advance(zeek::run_state::network_time,
+	                                         max_timer_expires - zeek::run_state::current_dispatched);
 	}

 void TimerMgr::InitPostScript()
@ -186,7 +186,7 @@ double PQ_TimerMgr::GetNextTimeout()
 	{
 	Timer* top = Top();
 	if ( top )
-		return std::max(0.0, top->Time() - zeek::net::network_time);
+		return std::max(0.0, top->Time() - zeek::run_state::network_time);

 	return -1;
 	}
--- a/src/Trigger.cc
+++ b/src/Trigger.cc
@ -85,12 +85,12 @@ TraversalCode zeek::detail::trigger::TriggerTraversalCallback::PreExpr(const zee
 class TriggerTimer final : public Timer {
 public:
 	TriggerTimer(double arg_timeout, Trigger* arg_trigger)
-	: Timer(zeek::net::network_time + arg_timeout, TIMER_TRIGGER)
+	: Timer(zeek::run_state::network_time + arg_timeout, TIMER_TRIGGER)
 		{
 		Ref(arg_trigger);
 		trigger = arg_trigger;
 		timeout = arg_timeout;
-		time = zeek::net::network_time;
+		time = zeek::run_state::network_time;
 		}

 	~TriggerTimer()
@ -505,7 +505,7 @@ Manager::~Manager()

 double Manager::GetNextTimeout()
 	{
-	return pending->empty() ? -1 : zeek::net::network_time + 0.100;
+	return pending->empty() ? -1 : zeek::run_state::network_time + 0.100;
 	}

 void Manager::Process()
--- a/src/Val.cc
+++ b/src/Val.cc
@ -20,7 +20,7 @@
 #include "ZeekString.h"
 #include "CompHash.h"
 #include "Dict.h"
-#include "Net.h"
+#include "RunState.h"
 #include "File.h"
 #include "Func.h"
 #include "Desc.h"
@ -1412,7 +1412,7 @@ TableVal::TableVal(TableTypePtr t, detail::AttributesPtr a) : Val(t)
 	Init(std::move(t));
 	SetAttrs(std::move(a));

-	if ( ! zeek::net::is_parsing )
+	if ( ! zeek::run_state::is_parsing )
 		return;

 	for ( const auto& t : table_type->GetIndexTypes() )
@ -1946,7 +1946,7 @@ const ValPtr& TableVal::Find(const ValPtr& index)
 		if ( v )
 			{
 			if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) )
-				v->SetExpireAccess(net::network_time);
+				v->SetExpireAccess(run_state::network_time);

 			if ( v->GetVal() )
 				return v->GetVal();
@ -1970,7 +1970,7 @@ const ValPtr& TableVal::Find(const ValPtr& index)
 			if ( v )
 				{
 				if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) )
-					v->SetExpireAccess(net::network_time);
+					v->SetExpireAccess(run_state::network_time);

 				if ( v->GetVal() )
 					return v->GetVal();
@ -2042,7 +2042,7 @@ TableValPtr TableVal::LookupSubnetValues(const SubNetVal* search)
 		if ( entry )
 			{
 			if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) )
-				entry->SetExpireAccess(net::network_time);
+				entry->SetExpireAccess(run_state::network_time);
 			}
 		}

@ -2068,7 +2068,7 @@ bool TableVal::UpdateTimestamp(Val* index)
 	if ( ! v )
 		return false;

-	v->SetExpireAccess(net::network_time);
+	v->SetExpireAccess(run_state::network_time);

 	return true;
 	}
@ -2204,7 +2204,7 @@ void TableVal::SendToStore(const Val* index, const TableEntryVal* new_entry_val,
 					if ( attrs->Find(zeek::detail::ATTR_EXPIRE_CREATE) )
 						{
 						// for create expiry, we have to substract the already elapsed time from the expiry.
-						auto e = expire_time - (net::network_time - new_entry_val->ExpireAccessTime());
+						auto e = expire_time - (run_state::network_time - new_entry_val->ExpireAccessTime());
 						if ( e <= 0 )
 							// element already expired? Let's not insert it.
 							break;
@ -2528,7 +2528,7 @@ void TableVal::InitDefaultFunc(zeek::detail::Frame* f)

 void TableVal::InitTimer(double delay)
 	{
-	timer = new TableValTimer(this, net::network_time + delay);
+	timer = new TableValTimer(this, run_state::network_time + delay);
 	zeek::detail::timer_mgr->Add(timer);
 	}

@ -2595,7 +2595,7 @@ void TableVal::DoExpire(double t)
 					{
 					// User doesn't want us to expire
 					// this now.
-					v->SetExpireAccess(net::network_time - timeout + secs);
+					v->SetExpireAccess(run_state::network_time - timeout + secs);
 					delete k;
 					continue;
 					}
@ -2874,7 +2874,7 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t))
 	auto vl = val.record_val = new std::vector<ValPtr>;
 	vl->reserve(n);

-	if ( zeek::net::is_parsing )
+	if ( zeek::run_state::is_parsing )
 		parse_time_records[rt].emplace_back(NewRef{}, this);

 	if ( ! init_fields )
--- a/src/Val.h
+++ b/src/Val.h
@ -54,9 +54,11 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(HashKey, zeek::detail);

 namespace zeek {
-namespace net {
-	extern double network_time;
-	extern double zeek_start_network_time;
+namespace run_state {
+
+extern double network_time;
+extern double zeek_start_network_time;
+
 }

 using FuncPtr = zeek::IntrusivePtr<Func>;
@ -731,7 +733,7 @@ public:
 		: val(std::move(v))
 		{
 		expire_access_time =
-			int(net::network_time - net::zeek_start_network_time);
+			int(run_state::network_time - run_state::zeek_start_network_time);
 		}

 	TableEntryVal* Clone(Val::CloneState* state);
@ -744,9 +746,9 @@ public:

 	// Returns/sets time of last expiration relevant access to this value.
 	double ExpireAccessTime() const
-		{ return net::zeek_start_network_time + expire_access_time; }
+		{ return run_state::zeek_start_network_time + expire_access_time; }
 	void SetExpireAccess(double time)
-		{ expire_access_time = int(time - net::zeek_start_network_time); }
+		{ expire_access_time = int(time - run_state::zeek_start_network_time); }

 protected:
 	friend class TableVal;
--- a/src/WeirdState.cc
+++ b/src/WeirdState.cc
@ -1,5 +1,5 @@
 #include "WeirdState.h"
-#include "Net.h"
+#include "RunState.h"
 #include "util.h"

 namespace zeek::detail {
@ -14,10 +14,10 @@ bool PermitWeird(WeirdStateMap& wsm, const char* name, uint64_t threshold,
 		return true;

 	if ( state.count == threshold + 1)
-		state.sampling_start_time = zeek::net::network_time;
+		state.sampling_start_time = zeek::run_state::network_time;
 	else
 		{
-		if ( zeek::net::network_time > state.sampling_start_time + duration )
+		if ( zeek::run_state::network_time > state.sampling_start_time + duration )
 			{
 			state.sampling_start_time = 0;
 			state.count = 1;
--- a/src/analyzer/Manager.cc
+++ b/src/analyzer/Manager.cc
@ -5,6 +5,7 @@
 #include "Hash.h"
 #include "Val.h"
 #include "IntrusivePtr.h"
+#include "RunState.h"

 #include "protocol/conn-size/ConnSize.h"
 #include "protocol/icmp/ICMP.h"
@ -499,14 +500,14 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)

 void Manager::ExpireScheduledAnalyzers()
 	{
-	if ( ! zeek::net::network_time )
+	if ( ! zeek::run_state::network_time )
 		return;

 	while ( conns_by_timeout.size() )
 		{
 		ScheduledAnalyzer* a = conns_by_timeout.top();

-		if ( a->timeout > zeek::net::network_time )
+		if ( a->timeout > zeek::run_state::network_time )
 			return;

 		conns_by_timeout.pop();
@ -540,7 +541,7 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp,
 			TransportProto proto, const Tag& analyzer,
 			double timeout)
 	{
-	if ( ! zeek::net::network_time )
+	if ( ! zeek::run_state::network_time )
 		{
 		reporter->Warning("cannot schedule analyzers before processing begins; ignored");
 		return;
@ -554,7 +555,7 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp,
 	ScheduledAnalyzer* a = new ScheduledAnalyzer;
 	a->conn = ConnIndex(orig, resp, resp_p, proto);
 	a->analyzer = analyzer;
-	a->timeout = zeek::net::network_time + timeout;
+	a->timeout = zeek::run_state::network_time + timeout;

 	conns.insert(std::make_pair(a->conn, a));
 	conns_by_timeout.push(a);
@ -597,7 +598,7 @@ Manager::tag_set Manager::GetScheduled(const Connection* conn)

 	for ( conns_map::iterator i = all.first; i != all.second; i++ )
 		{
-		if ( i->second->timeout > zeek::net::network_time )
+		if ( i->second->timeout > zeek::run_state::network_time )
 			result.insert(i->second->analyzer);
 		}

--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@ -7,6 +7,7 @@
 #include "analyzer/protocol/tcp/TCP.h"
 #include "IP.h"
 #include "Reporter.h"
+#include "RunState.h"

 #include "events.bif.h"

@ -90,7 +91,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig)

 	if ( duration_thresh != 0 )
 		{
-		if ( ( zeek::net::network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed )
+		if ( ( zeek::run_state::network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed )
 			{
 			EnqueueConnEvent(conn_duration_threshold_crossed,
 					ConnVal(),
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -13,7 +13,7 @@
 #include "NetVar.h"
 #include "Sessions.h"
 #include "Event.h"
-#include "Net.h"
+#include "RunState.h"

 #include "events.bif.h"

@ -1908,7 +1908,7 @@ DNS_Analyzer::DNS_Analyzer(zeek::Connection* conn)
 	else
 		{
 		ADD_ANALYZER_TIMER(&DNS_Analyzer::ExpireTimer,
-		                   zeek::net::network_time + zeek::detail::dns_session_timeout, true,
+		                   zeek::run_state::network_time + zeek::detail::dns_session_timeout, true,
 		                   zeek::detail::TIMER_DNS_EXPIRE);
 		}
 	}
@ -1956,7 +1956,7 @@ void DNS_Analyzer::ExpireTimer(double t)
 	// The - 1.0 in the following is to allow 1 second for the
 	// common case of a single request followed by a single reply,
 	// so we don't needlessly set the timer twice in that case.
-	if ( t - Conn()->LastTime() >= zeek::detail::dns_session_timeout - 1.0 || zeek::net::terminating )
+	if ( t - Conn()->LastTime() >= zeek::detail::dns_session_timeout - 1.0 || zeek::run_state::terminating )
 		{
 		Event(connection_timeout);
 		zeek::sessions->Remove(Conn());
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -62,7 +62,7 @@ HTTP_Entity::HTTP_Entity(HTTP_Message* arg_message, zeek::analyzer::mime::MIME_E
 void HTTP_Entity::EndOfData()
 	{
 	if ( DEBUG_http )
-		DEBUG_MSG("%.6f: end of data\n", zeek::net::network_time);
+		DEBUG_MSG("%.6f: end of data\n", zeek::run_state::network_time);

 	if ( zip )
 		{
@ -84,7 +84,7 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF)
 	if ( DEBUG_http )
 		{
 		DEBUG_MSG("%.6f HTTP_Entity::Deliver len=%d, in_header=%d\n",
-		          zeek::net::network_time, len, in_header);
+		          zeek::run_state::network_time, len, in_header);
 		}

 	if ( end_of_data )
@ -511,7 +511,7 @@ void HTTP_Entity::SubmitAllHeaders()
 	ASSERT(! in_header);

 	if ( DEBUG_http )
-		DEBUG_MSG("%.6f end of headers\n", zeek::net::network_time);
+		DEBUG_MSG("%.6f end of headers\n", zeek::run_state::network_time);

 	if ( Parent() &&
 	     Parent()->MIMEContentType() == zeek::analyzer::mime::CONTENT_TYPE_MULTIPART )
@ -609,7 +609,7 @@ HTTP_Message::HTTP_Message(HTTP_Analyzer* arg_analyzer,
 	entity_data_buffer = nullptr;
 	BeginEntity(top_level);

-	start_time = zeek::net::network_time;
+	start_time = zeek::run_state::network_time;
 	body_length = 0;
 	content_gap_length = 0;
 	header_length = init_header_length;
@ -642,7 +642,7 @@ void HTTP_Message::Done(bool interrupted, const char* detail)

 	zeek::analyzer::mime::MIME_Message::Done();

-	// DEBUG_MSG("%.6f HTTP message done.\n", zeek::net::network_time);
+	// DEBUG_MSG("%.6f HTTP message done.\n", zeek::run_state::network_time);
 	top_level->EndOfData();

 	if ( is_orig || MyHTTP_Analyzer()->HTTP_ReplyCode() != 206 )
@ -684,7 +684,7 @@ bool HTTP_Message::Undelivered(int64_t len)
 void HTTP_Message::BeginEntity(zeek::analyzer::mime::MIME_Entity* entity)
 	{
 	if ( DEBUG_http )
-		DEBUG_MSG("%.6f: begin entity (%d)\n", zeek::net::network_time, is_orig);
+		DEBUG_MSG("%.6f: begin entity (%d)\n", zeek::run_state::network_time, is_orig);

 	current_entity = (HTTP_Entity*) entity;

@ -698,7 +698,7 @@ void HTTP_Message::BeginEntity(zeek::analyzer::mime::MIME_Entity* entity)
 void HTTP_Message::EndEntity(zeek::analyzer::mime::MIME_Entity* entity)
 	{
 	if ( DEBUG_http )
-		DEBUG_MSG("%.6f: end entity (%d)\n", zeek::net::network_time, is_orig);
+		DEBUG_MSG("%.6f: end entity (%d)\n", zeek::run_state::network_time, is_orig);

 	if ( entity == top_level )
 		{
@ -1126,7 +1126,7 @@ void HTTP_Analyzer::EndpointEOF(bool is_orig)
 	{
 	zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);

-	// DEBUG_MSG("%.6f eof\n", zeek::net::network_time);
+	// DEBUG_MSG("%.6f eof\n", zeek::run_state::network_time);

 	if ( is_orig )
 		RequestMade(false, "message ends as connection contents are completely delivered");
@ -1138,7 +1138,7 @@ void HTTP_Analyzer::ConnectionFinished(bool half_finished)
 	{
 	zeek::analyzer::tcp::TCP_ApplicationAnalyzer::ConnectionFinished(half_finished);

-	// DEBUG_MSG("%.6f connection finished\n", zeek::net::network_time);
+	// DEBUG_MSG("%.6f connection finished\n", zeek::run_state::network_time);
 	RequestMade(true, "message ends as connection is finished");
 	ReplyMade(true, "message ends as connection is finished");
 	}
@ -1170,7 +1170,7 @@ void HTTP_Analyzer::GenStats()
 		r->Assign(2, zeek::make_intrusive<zeek::DoubleVal>(request_version.ToDouble()));
 		r->Assign(3, zeek::make_intrusive<zeek::DoubleVal>(reply_version.ToDouble()));

-		// DEBUG_MSG("%.6f http_stats\n", zeek::net::network_time);
+		// DEBUG_MSG("%.6f http_stats\n", zeek::run_state::network_time);
 		EnqueueConnEvent(http_stats, ConnVal(), std::move(r));
 		}
 	}
@ -1369,7 +1369,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, const char* detail)
 void HTTP_Analyzer::HTTP_Event(const char* category, zeek::StringValPtr detail)
 	{
 	if ( http_event )
-		// DEBUG_MSG("%.6f http_event\n", zeek::net::network_time);
+		// DEBUG_MSG("%.6f http_event\n", zeek::run_state::network_time);
 		EnqueueConnEvent(http_event,
 			ConnVal(),
 			zeek::make_intrusive<zeek::StringVal>(category),
@ -1403,7 +1403,7 @@ void HTTP_Analyzer::HTTP_Request()
 		connect_request = true;

 	if ( http_request )
-		// DEBUG_MSG("%.6f http_request\n", zeek::net::network_time);
+		// DEBUG_MSG("%.6f http_request\n", zeek::run_state::network_time);
 		EnqueueConnEvent(http_request,
 			ConnVal(),
 			request_method,
@ -1438,7 +1438,7 @@ void HTTP_Analyzer::RequestMade(bool interrupted, const char* msg)
 	if ( request_message )
 		request_message->Done(interrupted, msg);

-	// DEBUG_MSG("%.6f request made\n", zeek::net::network_time);
+	// DEBUG_MSG("%.6f request made\n", zeek::run_state::network_time);

 	request_method = nullptr;
 	unescaped_URI = nullptr;
@ -1459,7 +1459,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg)

 	reply_ongoing = 0;

-	// DEBUG_MSG("%.6f reply made\n", zeek::net::network_time);
+	// DEBUG_MSG("%.6f reply made\n", zeek::run_state::network_time);

 	if ( reply_message )
 		reply_message->Done(interrupted, msg);
@ -1644,7 +1644,7 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, zeek::analyzer::mime::MIME_Header*
 				is_orig, false, true, false);

 		if ( DEBUG_http )
-			DEBUG_MSG("%.6f http_header\n", zeek::net::network_time);
+			DEBUG_MSG("%.6f http_header\n", zeek::run_state::network_time);

 		auto upper_hn = zeek::analyzer::mime::to_string_val(h->get_name());
 		upper_hn->ToUpper();
@ -1692,7 +1692,7 @@ void HTTP_Analyzer::InitHTTPMessage(zeek::analyzer::tcp::ContentLine_Analyzer* c
 		delete message;
 		}

-	// DEBUG_MSG("%.6f init http message\n", zeek::net::network_time);
+	// DEBUG_MSG("%.6f init http message\n", zeek::run_state::network_time);
 	message = new HTTP_Message(this, cl, is_orig, expect_body,
 					init_header_length);
 	}
--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@ -7,7 +7,7 @@
 #include "zeek-config.h"

 #include "IP.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "Event.h"
 #include "Conn.h"
@ -76,7 +76,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
 			}
 		}

-	Conn()->SetLastTime(zeek::net::current_timestamp);
+	Conn()->SetLastTime(zeek::run_state::current_timestamp);

 	if ( zeek::detail::rule_matcher )
 		{
@ -99,9 +99,9 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
 		len_stat += len;

 	if ( ip->NextProto() == IPPROTO_ICMP )
-		NextICMP4(zeek::net::current_timestamp, icmpp, len, caplen, data, ip);
+		NextICMP4(zeek::run_state::current_timestamp, icmpp, len, caplen, data, ip);
 	else if ( ip->NextProto() == IPPROTO_ICMPV6 )
-		NextICMP6(zeek::net::current_timestamp, icmpp, len, caplen, data, ip);
+		NextICMP6(zeek::run_state::current_timestamp, icmpp, len, caplen, data, ip);
 	else
 		{
 		zeek::reporter->AnalyzerError(
@ -345,7 +345,7 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& da
 		{
 		bad_hdr_len = 0;
 		ip_len = ip_hdr->TotalLen();
-		bad_checksum = ! zeek::net::current_pkt->l3_checksummed &&
+		bad_checksum = ! zeek::run_state::current_pkt->l3_checksummed &&
 			(ones_complement_checksum((void*) ip_hdr->IP4_Hdr(), ip_hdr_len, 0) != 0xffff);

 		src_addr = ip_hdr->SrcAddr();
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -9,7 +9,7 @@
 #include "NetVar.h"
 #include "Sessions.h"
 #include "Event.h"
-#include "Net.h"
+#include "RunState.h"

 #include "events.bif.h"

@ -471,7 +471,7 @@ NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(zeek::Connection* conn)
 	else
 		{
 		ADD_ANALYZER_TIMER(&NetbiosSSN_Analyzer::ExpireTimer,
-		                   zeek::net::network_time + netbios_ssn_session_timeout, true,
+		                   zeek::run_state::network_time + netbios_ssn_session_timeout, true,
 		                   zeek::detail::TIMER_NB_EXPIRE);
 		}
 	}
@ -526,8 +526,8 @@ void NetbiosSSN_Analyzer::ExpireTimer(double t)
 	// The - 1.0 in the following is to allow 1 second for the
 	// common case of a single request followed by a single reply,
 	// so we don't needlessly set the timer twice in that case.
-	if ( zeek::net::terminating ||
-	     zeek::net::network_time - Conn()->LastTime() >=
+	if ( zeek::run_state::terminating ||
+	     zeek::run_state::network_time - Conn()->LastTime() >=
 		     netbios_ssn_session_timeout - 1.0 )
 		{
 		Event(connection_timeout);
--- a/src/analyzer/protocol/pia/PIA.cc
+++ b/src/analyzer/protocol/pia/PIA.cc
@ -5,6 +5,7 @@
 #include "IP.h"
 #include "DebugLogger.h"
 #include "Reporter.h"
+#include "RunState.h"
 #include "analyzer/protocol/tcp/TCP_Flags.h"
 #include "analyzer/protocol/tcp/TCP_Reassembler.h"

@ -385,10 +386,10 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule
 		// worth the effort.

 		if ( b->is_orig )
-			reass_orig->DataSent(zeek::net::network_time, orig_seq = b->seq,
+			reass_orig->DataSent(zeek::run_state::network_time, orig_seq = b->seq,
 			                     b->len, b->data, tcp::TCP_Flags(), true);
 		else
-			reass_resp->DataSent(zeek::net::network_time, resp_seq = b->seq,
+			reass_resp->DataSent(zeek::run_state::network_time, resp_seq = b->seq,
 			                     b->len, b->data, tcp::TCP_Flags(), true);
 		}

@ -397,11 +398,11 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule
 	if ( current->data )
 		{
 		if ( current->is_orig )
-			reass_orig->DataSent(zeek::net::network_time,
+			reass_orig->DataSent(zeek::run_state::network_time,
 					orig_seq = current->seq,
 					current->len, current->data, analyzer::tcp::TCP_Flags(), true);
 		else
-			reass_resp->DataSent(zeek::net::network_time,
+			reass_resp->DataSent(zeek::run_state::network_time,
 					resp_seq = current->seq,
 					current->len, current->data, analyzer::tcp::TCP_Flags(), true);
 		}
--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -3,17 +3,17 @@
 #include "zeek-config.h"
 #include "RPC.h"

+#include <stdlib.h>
 #include <string>

 #include "NetVar.h"
 #include "XDR.h"
 #include "Reporter.h"
 #include "Sessions.h"
+#include "RunState.h"

 #include "events.bif.h"

-#include <stdlib.h>
-
 namespace { // local namespace
 	const bool DEBUG_rpc_resync = false;
 }
@ -327,7 +327,7 @@ void RPC_Interpreter::Timeout()
 			const u_char* buf = nullptr;
 			int n = 0;

-			if ( ! RPC_BuildReply(c, BifEnum::RPC_TIMEOUT, buf, n, zeek::net::network_time, zeek::net::network_time, 0) )
+			if ( ! RPC_BuildReply(c, BifEnum::RPC_TIMEOUT, buf, n, zeek::run_state::network_time, zeek::run_state::network_time, 0) )
 				Weird("bad_RPC");
 			}
 		}
@ -534,7 +534,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig)
 				// TCP keep-alive retransmissions.
 				DEBUG_MSG("%.6f RPC resync: "
 						  "discard small pieces: %d\n",
-							  zeek::net::network_time, len);
+							  zeek::run_state::network_time, len);
 				Conn()->Weird("RPC_resync", zeek::util::fmt("discard %d bytes\n", len));
 				}

@ -634,7 +634,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig)

 	while (len > 0)
 		{
-		last_time = zeek::net::network_time;
+		last_time = zeek::run_state::network_time;

 		switch (state) {
 		case WAIT_FOR_MESSAGE:
@ -649,7 +649,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig)
 			msg_buf.Init(MAX_RPC_LEN, 0);
 			last_frag = false;
 			state = WAIT_FOR_MARKER;
-			start_time = zeek::net::network_time;
+			start_time = zeek::run_state::network_time;
 			// no break. fall through

 		case WAIT_FOR_MARKER:
@ -675,7 +675,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig)
 				last_frag = (marker & 0x80000000) != 0;
 				marker &= 0x7fffffff;
 					//printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <> processed= %llu <> len = %d\n",
-					//		zeek::net::network_time, IsOrig(), marker, last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len);
+					//		zeek::run_state::network_time, IsOrig(), marker, last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len);

 				if ( ! msg_buf.AddToExpected(marker) )
 					Conn()->Weird("RPC_message_too_long", zeek::util::fmt("%" PRId64, msg_buf.GetExpected()));
@ -729,7 +729,7 @@ RPC_Analyzer::RPC_Analyzer(const char* name, zeek::Connection* conn,
 	{
 	if ( Conn()->ConnTransport() == TRANSPORT_UDP )
 		ADD_ANALYZER_TIMER(&RPC_Analyzer::ExpireTimer,
-		                   zeek::net::network_time + zeek::detail::rpc_timeout, true,
+		                   zeek::run_state::network_time + zeek::detail::rpc_timeout, true,
 		                   zeek::detail::TIMER_RPC_EXPIRE);
 	}

@ -746,12 +746,12 @@ void RPC_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,

 	if ( orig )
 		{
-		if ( ! interp->DeliverRPC(data, len, len, true, zeek::net::network_time, zeek::net::network_time) )
+		if ( ! interp->DeliverRPC(data, len, len, true, zeek::run_state::network_time, zeek::run_state::network_time) )
 			Weird("bad_RPC");
 		}
 	else
 		{
-		if ( ! interp->DeliverRPC(data, len, len, false, zeek::net::network_time, zeek::net::network_time) )
+		if ( ! interp->DeliverRPC(data, len, len, false, zeek::run_state::network_time, zeek::run_state::network_time) )
 			Weird("bad_RPC");
 		}
 	}
--- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc
+++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc
@ -6,7 +6,7 @@
 #include <stdlib.h>

 #include "Event.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "analyzer/protocol/tcp/TCP.h"
 #include "Sessions.h"
@ -178,9 +178,9 @@ void SteppingStone_Analyzer::DeliverPacket(int len, const u_char* data,
 	                                                            ip, caplen);

 	if ( is_orig )
-		orig_endp->DataSent(zeek::net::network_time, seq, len, caplen, data, nullptr, nullptr);
+		orig_endp->DataSent(zeek::run_state::network_time, seq, len, caplen, data, nullptr, nullptr);
 	else
-		resp_endp->DataSent(zeek::net::network_time, seq, len, caplen, data, nullptr, nullptr);
+		resp_endp->DataSent(zeek::run_state::network_time, seq, len, caplen, data, nullptr, nullptr);
 	}

 void SteppingStone_Analyzer::DeliverStream(int len, const u_char* data,
@ -190,14 +190,14 @@ void SteppingStone_Analyzer::DeliverStream(int len, const u_char* data,

 	if ( is_orig )
 		{
-		orig_endp->DataSent(zeek::net::network_time, orig_stream_pos, len, len,
+		orig_endp->DataSent(zeek::run_state::network_time, orig_stream_pos, len, len,
 		                    data, nullptr, nullptr);
 		orig_stream_pos += len;
 		}

 	else
 		{
-		resp_endp->DataSent(zeek::net::network_time, resp_stream_pos, len, len,
+		resp_endp->DataSent(zeek::run_state::network_time, resp_stream_pos, len, len,
 		                    data, nullptr, nullptr);
 		resp_stream_pos += len;
 		}
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@ -8,7 +8,7 @@
 #include "analyzer/protocol/pia/PIA.h"

 #include "IP.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "File.h"
 #include "Event.h"
@ -127,7 +127,7 @@ TCP_Analyzer::TCP_Analyzer(zeek::Connection* conn)
 	{
 	// Set a timer to eventually time out this connection.
 	ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer,
-	                   zeek::net::network_time + zeek::detail::tcp_SYN_timeout, false,
+	                   zeek::run_state::network_time + zeek::detail::tcp_SYN_timeout, false,
 	                   zeek::detail::TIMER_TCP_EXPIRE);

 	deferred_gen_event = close_deferred = 0;
@ -166,7 +166,7 @@ void TCP_Analyzer::Done()
 	{
 	Analyzer::Done();

-	if ( zeek::net::terminating && connection_pending && is_active && ! BothClosed() )
+	if ( zeek::run_state::terminating && connection_pending && is_active && ! BothClosed() )
 		Event(connection_pending);

 	LOOP_OVER_GIVEN_CHILDREN(i, packet_children)
@ -275,7 +275,7 @@ const struct tcphdr* TCP_Analyzer::ExtractTCP_Header(const u_char*& data,
 bool TCP_Analyzer::ValidateChecksum(const struct tcphdr* tp,
 				TCP_Endpoint* endpoint, int len, int caplen)
 	{
-	if ( ! zeek::net::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >= len &&
+	if ( ! zeek::run_state::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >= len &&
 	     ! endpoint->ValidChecksum(tp, len) )
 		{
 		Weird("bad_TCP_checksum");
@ -1074,7 +1074,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 	uint32_t seq_one_past_segment = base_seq + seg_len;

 	init_endpoint(endpoint, flags, base_seq, seq_one_past_segment,
-	              zeek::net::current_timestamp);
+	              zeek::run_state::current_timestamp);

 	bool seq_underflow = false;
 	uint64_t rel_seq = get_relative_seq(endpoint, base_seq, endpoint->LastSeq(),
@ -1091,7 +1091,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 	update_window(endpoint, ntohs(tp->th_win), base_seq, ack_seq, flags);

 	if ( ! orig->did_close || ! resp->did_close )
-		Conn()->SetLastTime(zeek::net::current_timestamp);
+		Conn()->SetLastTime(zeek::run_state::current_timestamp);

 	if ( flags.SYN() )
 		{
@ -1113,7 +1113,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		{
 		++endpoint->FIN_cnt;

-		if ( endpoint->FIN_cnt >= zeek::detail::tcp_storm_thresh && zeek::net::current_timestamp <
+		if ( endpoint->FIN_cnt >= zeek::detail::tcp_storm_thresh && zeek::run_state::current_timestamp <
 		     endpoint->last_time + zeek::detail::tcp_storm_interarrival_thresh )
 			Weird("FIN_storm");

@ -1124,7 +1124,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		{
 		++endpoint->RST_cnt;

-		if ( endpoint->RST_cnt >= zeek::detail::tcp_storm_thresh && zeek::net::current_timestamp <
+		if ( endpoint->RST_cnt >= zeek::detail::tcp_storm_thresh && zeek::run_state::current_timestamp <
 		     endpoint->last_time + zeek::detail::tcp_storm_interarrival_thresh )
 			Weird("RST_storm");

@ -1171,11 +1171,11 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		}

 	int32_t delta_last = update_last_seq(endpoint, seq_one_past_segment, flags, len);
-	endpoint->last_time = zeek::net::current_timestamp;
+	endpoint->last_time = zeek::run_state::current_timestamp;

 	bool do_close;
 	bool gen_event;
-	UpdateStateMachine(zeek::net::current_timestamp, endpoint, peer, base_seq, ack_seq,
+	UpdateStateMachine(zeek::run_state::current_timestamp, endpoint, peer, base_seq, ack_seq,
 	                   len, delta_last, is_orig, flags, do_close, gen_event);

 	if ( flags.ACK() )
@ -1210,7 +1210,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 	if ( DEBUG_tcp_data_sent )
 		{
 		DEBUG_MSG("%.6f before DataSent: len=%d caplen=%d skip=%d\n",
-		          zeek::net::network_time, len, caplen, Skipping());
+		          zeek::run_state::network_time, len, caplen, Skipping());
 		}

 	uint64_t rel_data_seq = flags.SYN() ? rel_seq + 1 : rel_seq;
@ -1218,7 +1218,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 	int need_contents = 0;
 	if ( len > 0 && (caplen >= len || packet_children.size()) &&
 	     ! flags.RST() && ! Skipping() && ! seq_underflow )
-		need_contents = DeliverData(zeek::net::current_timestamp, data, len, caplen, ip,
+		need_contents = DeliverData(zeek::run_state::current_timestamp, data, len, caplen, ip,
 		                            tp, endpoint, rel_data_seq, is_orig, flags);

 	endpoint->CheckEOF();
@ -1664,7 +1664,7 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer,
 	if ( DEBUG_tcp_connection_close )
 		{
 		DEBUG_MSG("%.6f close_complete=%d tcp_close_delay=%f\n",
-		          zeek::net::network_time, close_complete,
+		          zeek::run_state::network_time, close_complete,
 		          zeek::detail::tcp_close_delay);
 		}

@ -2058,7 +2058,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl
 			}

 		DEBUG_MSG("%.6f rexmit %" PRIu64" + %d <= %" PRIu64" data_in_flight = %d\n",
-		          zeek::net::network_time, seq, len, max_top_seq, data_in_flight);
+		          zeek::run_state::network_time, seq, len, max_top_seq, data_in_flight);

 		if ( tcp_rexmit )
 			endp->TCP()->EnqueueConnEvent(tcp_rexmit,
@ -2129,9 +2129,9 @@ void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 	TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);

 	if ( is_orig )
-		orig_stats->DataSent(zeek::net::network_time, seq, len, caplen, data, ip, nullptr);
+		orig_stats->DataSent(zeek::run_state::network_time, seq, len, caplen, data, ip, nullptr);
 	else
-		resp_stats->DataSent(zeek::net::network_time, seq, len, caplen, data, ip, nullptr);
+		resp_stats->DataSent(zeek::run_state::network_time, seq, len, caplen, data, ip, nullptr);
 	}

 } // namespace zeek::analyzer::tcp
--- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc
+++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc
@ -2,7 +2,7 @@

 #include <errno.h>

-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "analyzer/protocol/tcp/TCP.h"
 #include "TCP_Reassembler.h"
--- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc
+++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
@ -195,7 +195,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
 		DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64", last_reassm=%" PRIu64", "
 		          "endp: FIN_cnt=%d, RST_cnt=%d, "
 		          "peer: FIN_cnt=%d, RST_cnt=%d\n",
-		          zeek::net::network_time, IsOrig(), up_to_seq, last_reassem_seq,
+		          zeek::run_state::network_time, IsOrig(), up_to_seq, last_reassem_seq,
 		          endpoint->FIN_cnt, endpoint->RST_cnt,
 		          peer->FIN_cnt, peer->RST_cnt);
 		}
@ -225,7 +225,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
 			{
 			DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%" PRIu64", len=%" PRIu64", "
 					  "skip_deliveries=%d\n",
-					  zeek::net::network_time, IsOrig(), last_reassem_seq,
+					  zeek::run_state::network_time, IsOrig(), last_reassem_seq,
 					  up_to_seq - last_reassem_seq,
 					  skip_deliveries);
 			}
@ -440,7 +440,7 @@ void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it)
 void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64_t n)
 	{
 	if ( DEBUG_tcp_contents )
-		DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", zeek::net::network_time,  n, IsOrig());
+		DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", zeek::run_state::network_time,  n, IsOrig());

 	if ( rexmit_inconsistency &&
 	     memcmp((const void*) b1, (const void*) b2, n) &&
@ -477,7 +477,7 @@ bool TCP_Reassembler::DataSent(double t, uint64_t seq, int len,
 	if ( DEBUG_tcp_contents )
 		{
 		DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%" PRIu64" upper=%" PRIu64" ack=%" PRIu64"\n",
-		          zeek::net::network_time, IsOrig(), seq, upper_seq, ack);
+		          zeek::run_state::network_time, IsOrig(), seq, upper_seq, ack);
 		}

 	if ( skip_deliveries )
@ -581,7 +581,7 @@ void TCP_Reassembler::CheckEOF()
 		if ( DEBUG_tcp_connection_close )
 			{
 			DEBUG_MSG("%.6f EOF for %d\n",
-			          zeek::net::network_time, endp->IsOrig());
+			          zeek::run_state::network_time, endp->IsOrig());
 			}

 		did_EOF = true;
--- a/src/analyzer/protocol/teredo/Teredo.cc
+++ b/src/analyzer/protocol/teredo/Teredo.cc
@ -6,6 +6,7 @@
 #include "Reporter.h"
 #include "Sessions.h"
 #include "ZeekString.h"
+#include "RunState.h"

 #include "events.bif.h"

@ -232,7 +233,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,

 	zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::TEREDO);

-	zeek::sessions->DoNextInnerPacket(zeek::net::network_time, nullptr, inner, e, ec);
+	zeek::sessions->DoNextInnerPacket(zeek::run_state::network_time, nullptr, inner, e, ec);
 	}

 } // namespace zeek::analyzer::teredo
--- a/src/analyzer/protocol/udp/UDP.cc
+++ b/src/analyzer/protocol/udp/UDP.cc
@ -4,7 +4,7 @@

 #include "zeek-config.h"

-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "analyzer/protocol/udp/UDP.h"
 #include "analyzer/Manager.h"
@ -62,7 +62,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,

 	int chksum = up->uh_sum;

-	auto validate_checksum = ! zeek::net::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >=len;
+	auto validate_checksum = ! zeek::run_state::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >=len;
 	constexpr auto vxlan_len = 8;
 	constexpr auto eth_len = 14;

@ -130,7 +130,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 	ulen -= sizeof(struct udphdr);
 	caplen -= sizeof(struct udphdr);

-	Conn()->SetLastTime(zeek::net::current_timestamp);
+	Conn()->SetLastTime(zeek::run_state::current_timestamp);

 	if ( udp_contents )
 		{
--- a/src/analyzer/protocol/vxlan/VXLAN.cc
+++ b/src/analyzer/protocol/vxlan/VXLAN.cc
@ -6,7 +6,7 @@
 #include "TunnelEncapsulation.h"
 #include "Conn.h"
 #include "IP.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Sessions.h"
 #include "Reporter.h"

@ -61,8 +61,8 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 	len -= vxlan_len;

 	pkt_timeval ts;
-	ts.tv_sec = (time_t) zeek::net::current_timestamp;
-	ts.tv_usec = (suseconds_t) ((zeek::net::current_timestamp - (double)ts.tv_sec) * 1000000);
+	ts.tv_sec = (time_t) zeek::run_state::current_timestamp;
+	ts.tv_usec = (suseconds_t) ((zeek::run_state::current_timestamp - (double)ts.tv_sec) * 1000000);
 	zeek::Packet pkt(DLT_EN10MB, &ts, caplen, len, data);

 	if ( ! pkt.Layer2Valid() )
@ -105,7 +105,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		                     inner->ToPktHdrVal(), zeek::val_mgr->Count(vni));

 	zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN);
-	zeek::sessions->DoNextInnerPacket(zeek::net::network_time, &pkt, inner, estack, ec);
+	zeek::sessions->DoNextInnerPacket(zeek::run_state::network_time, &pkt, inner, estack, ec);
 	}

 } // namespace zeek::analyzer::vxlan
--- a/src/binpac_bro-lib.pac
+++ b/src/binpac_bro-lib.pac
@ -4,6 +4,7 @@
 #include "Reporter.h"
 #include "Val.h"
 #include "ConvertUTF.h"
+#include "RunState.h"
 %}

 %code{
@ -63,5 +64,5 @@ zeek::StringVal* utf16_bytestring_to_utf8_val(zeek::Connection* conn, const byte

 function network_time(): double
 	%{
-	return zeek::net::network_time;
+	return zeek::run_state::network_time;
 	%}
--- a/src/broker/Manager.cc
+++ b/src/broker/Manager.cc
@ -22,7 +22,7 @@
 #include "DebugLogger.h"
 #include "iosource/Manager.h"
 #include "SerializationFormat.h"
-#include "Net.h"
+#include "RunState.h"

 using namespace std;

@ -923,7 +923,7 @@ void Manager::Process()
 	// Ensure that time gets update before processing broker messages, or events
 	// based on them might get scheduled wrong.
 	if ( use_real_time )
-		zeek::net::detail::net_update_time(zeek::util::current_time());
+		zeek::run_state::detail::net_update_time(zeek::util::current_time());

 	bool had_input = false;

@ -995,11 +995,11 @@ void Manager::Process()

 	if ( had_input )
 		{
-		if ( zeek::net::network_time == 0 )
+		if ( zeek::run_state::network_time == 0 )
 			// If we're getting Broker messages, but still haven't initialized
-			// zeek::net::network_time, may as well do so now because otherwise the
+			// zeek::run_state::network_time, may as well do so now because otherwise the
 			// broker/cluster logs will end up using timestamp 0.
-			zeek::net::detail::net_update_time(zeek::util::current_time());
+			zeek::run_state::detail::net_update_time(zeek::util::current_time());
 		}
 	}

--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -115,7 +115,7 @@ File::~File()

 void File::UpdateLastActivityTime()
 	{
-	val->Assign(last_active_idx, zeek::make_intrusive<zeek::TimeVal>(zeek::net::network_time));
+	val->Assign(last_active_idx, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::network_time));
 	}

 double File::GetLastActivityTime() const
@ -250,7 +250,7 @@ bool File::IsComplete() const

 void File::ScheduleInactivityTimer() const
 	{
-	zeek::detail::timer_mgr->Add(new detail::FileTimer(zeek::net::network_time, id, GetTimeoutInterval()));
+	zeek::detail::timer_mgr->Add(new detail::FileTimer(zeek::run_state::network_time, id, GetTimeoutInterval()));
 	}

 bool File::AddAnalyzer(file_analysis::Tag tag, zeek::RecordVal* args)
@ -469,7 +469,7 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
 			}

 		// Forward data to the reassembler.
-		file_reassembler->NewBlock(zeek::net::network_time, offset, len, data);
+		file_reassembler->NewBlock(zeek::run_state::network_time, offset, len, data);
 		}
 	else if ( stream_offset == offset )
 		{
@ -482,7 +482,7 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
 		// This is data that doesn't match the offset and the reassembler
 		// needs to be enabled.
 		file_reassembler = new FileReassembler(this, stream_offset);
-		file_reassembler->NewBlock(zeek::net::network_time, offset, len, data);
+		file_reassembler->NewBlock(zeek::run_state::network_time, offset, len, data);
 		}
 	else
 		{
--- a/src/file_analysis/Manager.h
+++ b/src/file_analysis/Manager.h
@ -7,7 +7,7 @@
 #include <map>

 #include "Component.h"
-#include "Net.h"
+#include "RunState.h"
 #include "RuleMatcher.h"

 #include "plugin/ComponentManager.h"
@ -381,7 +381,7 @@ protected:
 	 * @param is_termination whether the Manager (and probably Bro) is in a
 	 *        terminating state.  If true, then the timeout cannot be postponed.
 	 */
-	void Timeout(const std::string& file_id, bool is_terminating = zeek::net::terminating);
+	void Timeout(const std::string& file_id, bool is_terminating = zeek::run_state::terminating);

 	/**
 	 * Immediately remove file_analysis::File object associated with \a file_id.
--- a/src/fuzzers/fuzzer-setup.h
+++ b/src/fuzzers/fuzzer-setup.h
@ -49,7 +49,7 @@ namespace zeek { namespace detail {

 void fuzzer_cleanup_one_input()
 	{
-	terminating = true;
+	run_state::terminating = true;
 	broker_mgr->ClearStores();
 	file_mgr->Terminate();
 	timer_mgr->Expire();
@ -58,7 +58,7 @@ void fuzzer_cleanup_one_input()
 	sessions->Drain();
 	zeek::event_mgr.Drain();
 	sessions->Clear();
-	terminating = false;
+	run_state::terminating = false;
 	}

 }} // namespace zeek::detail
--- a/src/fuzzers/pop3-fuzzer.cc
+++ b/src/fuzzers/pop3-fuzzer.cc
@ -1,6 +1,6 @@
 #include "binpac.h"

-#include "Net.h"
+#include "RunState.h"
 #include "Conn.h"
 #include "Sessions.h"
 #include "analyzer/Analyzer.h"
--- a/src/input/Manager.cc
+++ b/src/input/Manager.cc
@ -15,7 +15,7 @@
 #include "Event.h"
 #include "EventHandler.h"
 #include "NetVar.h"
-#include "Net.h"
+#include "RunState.h"
 #include "CompHash.h"
 #include "Func.h"

--- a/src/iosource/Manager.cc
+++ b/src/iosource/Manager.cc
@ -9,7 +9,7 @@
 #include "Manager.h"
 #include "Component.h"
 #include "IOSource.h"
-#include "Net.h"
+#include "RunState.h"
 #include "PktSrc.h"
 #include "PktDumper.h"
 #include "plugin/Manager.h"
@ -115,7 +115,7 @@ void Manager::FindReadySources(std::vector<IOSource*>* ready)

 	// If there aren't any sources and exit_only_after_terminate is false, just
 	// return an empty set of sources. We want the main loop to end.
-	if ( Size() == 0 && ( ! zeek::BifConst::exit_only_after_terminate || zeek::net::terminating ) )
+	if ( Size() == 0 && ( ! zeek::BifConst::exit_only_after_terminate || zeek::run_state::terminating ) )
 		return;

 	double timeout = -1;
@ -166,7 +166,7 @@ void Manager::FindReadySources(std::vector<IOSource*>* ready)
 					}
 				else
 					{
-					if ( ! zeek::net::pseudo_realtime )
+					if ( ! zeek::run_state::pseudo_realtime )
 						// A pcap file is always ready to process unless it's suspended
 						ready->push_back(pkt_src);
 					}
@ -315,7 +315,7 @@ void Manager::Register(PktSrc* src)
 	// little bit for those sources.
 	if ( src->IsLive() )
 		poll_interval = 10;
-	else if ( zeek::net::pseudo_realtime )
+	else if ( zeek::run_state::pseudo_realtime )
 		poll_interval = 1;

 	Register(src, false);
--- a/src/iosource/PktSrc.cc
+++ b/src/iosource/PktSrc.cc
@ -7,7 +7,7 @@

 #include "util.h"
 #include "Hash.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Sessions.h"
 #include "broker/Manager.h"
 #include "iosource/Manager.h"
@ -82,7 +82,7 @@ double PktSrc::CurrentPacketTimestamp()
 double PktSrc::CurrentPacketWallClock()
 	{
 	// We stop time when we are suspended.
-	if ( zeek::net::net_is_processing_suspended() )
+	if ( zeek::run_state::net_is_processing_suspended() )
 		current_wallclock = zeek::util::current_time(true);

 	return current_wallclock;
@ -175,9 +175,9 @@ double PktSrc::CheckPseudoTime()
 		return 0;

 	double pseudo_time = current_packet.time - first_timestamp;
-	double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::net::pseudo_realtime;
+	double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::run_state::pseudo_realtime;

-	return pseudo_time <= ct ? zeek::net::zeek_start_time + pseudo_time : 0;
+	return pseudo_time <= ct ? zeek::run_state::zeek_start_time + pseudo_time : 0;
 	}

 void PktSrc::InitSource()
@ -201,16 +201,16 @@ void PktSrc::Process()

 	if ( current_packet.Layer2Valid() )
 		{
-		if ( zeek::net::pseudo_realtime )
+		if ( zeek::run_state::pseudo_realtime )
 			{
 			current_pseudo = CheckPseudoTime();
-			zeek::net::detail::net_packet_dispatch(current_pseudo, &current_packet, this);
+			zeek::run_state::detail::net_packet_dispatch(current_pseudo, &current_packet, this);
 			if ( ! first_wallclock )
 				first_wallclock = zeek::util::current_time(true);
 			}

 		else
-			zeek::net::detail::net_packet_dispatch(current_packet.time, &current_packet, this);
+			zeek::run_state::detail::net_packet_dispatch(current_packet.time, &current_packet, this);
 		}

 	have_packet = false;
@ -231,10 +231,10 @@ bool PktSrc::ExtractNextPacketInternal()

 	// Don't return any packets if processing is suspended (except for the
 	// very first packet which we need to set up times).
-	if ( zeek::net::net_is_processing_suspended() && first_timestamp )
+	if ( zeek::run_state::net_is_processing_suspended() && first_timestamp )
 		return false;

-	if ( zeek::net::pseudo_realtime )
+	if ( zeek::run_state::pseudo_realtime )
 		current_wallclock = zeek::util::current_time(true);

 	if ( ExtractNextPacket(&current_packet) )
@ -252,7 +252,7 @@ bool PktSrc::ExtractNextPacketInternal()
 		return true;
 		}

-	if ( zeek::net::pseudo_realtime && ! IsOpen() )
+	if ( zeek::run_state::pseudo_realtime && ! IsOpen() )
 		{
 		if ( broker_mgr->Active() )
 			iosource_mgr->Terminate();
@ -344,16 +344,16 @@ double PktSrc::GetNextTimeout()
 	// but we're not in pseudo-realtime mode, let the loop just spin as fast as it can. If we're
 	// in pseudo-realtime mode, find the next time that a packet is ready and have poll block until
 	// then.
-	if ( IsLive() || zeek::net::net_is_processing_suspended() )
+	if ( IsLive() || zeek::run_state::net_is_processing_suspended() )
 		return -1;
-	else if ( ! zeek::net::pseudo_realtime )
+	else if ( ! zeek::run_state::pseudo_realtime )
 		return 0;

 	if ( ! have_packet )
 		ExtractNextPacketInternal();

 	double pseudo_time = current_packet.time - first_timestamp;
-	double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::net::pseudo_realtime;
+	double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::run_state::pseudo_realtime;
 	return std::max(0.0, pseudo_time - ct);
 	}

--- a/src/iosource/pcap/Dumper.cc
+++ b/src/iosource/pcap/Dumper.cc
@ -5,7 +5,7 @@

 #include "Dumper.h"
 #include "../PktSrc.h"
-#include "../../Net.h"
+#include "../../RunState.h"

 #include "pcap.bif.h"

@ -47,7 +47,7 @@ void PcapDumper::Open()
 	if ( append )
 		{
 		// See if output file already exists (and is non-empty).
-		exists = stat(props.path.c_str(), &s); ;
+		exists = stat(props.path.c_str(), &s);

 		if ( exists < 0 && errno != ENOENT )
 			{
@ -81,7 +81,7 @@ void PcapDumper::Open()
 			}
 		}

-	props.open_time = zeek::net::network_time;
+	props.open_time = zeek::run_state::network_time;
 	props.hdr_size = zeek::Packet::GetLinkHeaderSize(pcap_datalink(pd));
 	Opened(props);
 	}
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@ -7,7 +7,7 @@
 #include "Event.h"
 #include "EventHandler.h"
 #include "NetVar.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Type.h"
 #include "File.h"
 #include "input.h"
@ -863,7 +863,7 @@ bool Manager::Write(zeek::EnumVal* id, zeek::RecordVal* columns_arg)

 			info = new WriterBackend::WriterInfo;
 			info->path = zeek::util::copy_string(path.c_str());
-			info->network_time = zeek::net::network_time;
+			info->network_time = zeek::run_state::network_time;

 			zeek::detail::HashKey* k;
 			zeek::IterCookie* c = filter->config->AsTable()->InitForIteration();
@ -1151,7 +1151,7 @@ WriterFrontend* Manager::CreateWriter(zeek::EnumVal* id, zeek::EnumVal* writer,
 	WriterInfo* winfo = new WriterInfo;
 	winfo->type = writer->Ref()->AsEnumVal();
 	winfo->writer = nullptr;
-	winfo->open_time = zeek::net::network_time;
+	winfo->open_time = zeek::run_state::network_time;
 	winfo->rotation_timer = nullptr;
 	winfo->interval = 0;
 	winfo->postprocessor = nullptr;
@ -1345,7 +1345,7 @@ bool Manager::Flush(zeek::EnumVal* id)

 	for ( Stream::WriterMap::iterator i = stream->writers.begin();
 	      i != stream->writers.end(); i++ )
-		i->second->writer->Flush(zeek::net::network_time);
+		i->second->writer->Flush(zeek::run_state::network_time);

 	RemoveDisabledWriters(stream);

@ -1441,14 +1441,14 @@ void RotationTimer::Dispatch(double t, bool is_expire)

 	if ( ! is_expire )
 		{
-		winfo->open_time = zeek::net::network_time;
+		winfo->open_time = zeek::run_state::network_time;
 		log_mgr->InstallRotationTimer(winfo);
 		}
 	}

 void Manager::InstallRotationTimer(WriterInfo* winfo)
 	{
-	if ( zeek::net::terminating )
+	if ( zeek::run_state::terminating )
 		return;

 	if ( winfo->rotation_timer )
@ -1461,25 +1461,25 @@ void Manager::InstallRotationTimer(WriterInfo* winfo)

 	if ( rotation_interval )
 		{
-		// When this is called for the first time, zeek::net::network_time can still be
+		// When this is called for the first time, zeek::run_state::network_time can still be
 		// zero. If so, we set a timer which fires immediately but doesn't
 		// rotate when it expires.
-		if ( ! zeek::net::network_time )
+		if ( ! zeek::run_state::network_time )
 			winfo->rotation_timer = new RotationTimer(1, winfo, false);
 		else
 			{
 			if ( ! winfo->open_time )
-				winfo->open_time = zeek::net::network_time;
+				winfo->open_time = zeek::run_state::network_time;

 			static auto log_rotate_base_time = zeek::id::find_val<zeek::StringVal>("log_rotate_base_time");
 			static auto base_time = log_rotate_base_time->AsString()->CheckString();

 			double base = zeek::util::detail::parse_rotate_base_time(base_time);
 			double delta_t =
-				zeek::util::detail::calc_next_rotate(zeek::net::network_time, rotation_interval, base);
+				zeek::util::detail::calc_next_rotate(zeek::run_state::network_time, rotation_interval, base);

 			winfo->rotation_timer =
-				new RotationTimer(zeek::net::network_time + delta_t, winfo, true);
+				new RotationTimer(zeek::run_state::network_time + delta_t, winfo, true);
 			}

 		zeek::detail::timer_mgr->Add(winfo->rotation_timer);
@ -1553,7 +1553,7 @@ std::string Manager::FormatRotationPath(zeek::EnumValPtr writer,
 void Manager::Rotate(WriterInfo* winfo)
 	{
 	DBG_LOG(zeek::DBG_LOGGING, "Rotating %s at %.6f",
-		winfo->writer->Name(), zeek::net::network_time);
+		winfo->writer->Name(), zeek::run_state::network_time);

 	static auto default_ppf = zeek::id::find_func("Log::__default_rotation_postprocessor");

@ -1566,11 +1566,11 @@ void Manager::Rotate(WriterInfo* winfo)

 	auto rotation_path = FormatRotationPath({zeek::NewRef{}, winfo->type},
 	                                        winfo->writer->Info().path,
-	                                        winfo->open_time, zeek::net::network_time,
-	                                        zeek::net::terminating,
+	                                        winfo->open_time, zeek::run_state::network_time,
+	                                        zeek::run_state::terminating,
 	                                        std::move(ppf));

-	winfo->writer->Rotate(rotation_path.data(), winfo->open_time, zeek::net::network_time, zeek::net::terminating);
+	winfo->writer->Rotate(rotation_path.data(), winfo->open_time, zeek::run_state::network_time, zeek::run_state::terminating);

 	++rotations_pending;
 	}
@ -1585,12 +1585,12 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con
 	if ( ! success )
 		{
 		DBG_LOG(zeek::DBG_LOGGING, "Non-successful rotating writer '%s', file '%s' at %.6f,",
-			writer->Name(), filename, zeek::net::network_time);
+			writer->Name(), filename, zeek::run_state::network_time);
 		return true;
 		}

 	DBG_LOG(zeek::DBG_LOGGING, "Finished rotating %s at %.6f, new name %s",
-		writer->Name(), zeek::net::network_time, new_name);
+		writer->Name(), zeek::run_state::network_time, new_name);

 	WriterInfo* winfo = FindWriter(writer);
 	if ( ! winfo )
--- a/src/logging/WriterFrontend.cc
+++ b/src/logging/WriterFrontend.cc
@ -1,5 +1,5 @@

-#include "Net.h"
+#include "RunState.h"
 #include "threading/SerialTypes.h"
 #include "broker/Manager.h"

@ -226,7 +226,7 @@ void WriterFrontend::Write(int arg_num_fields, Value** vals)

 	write_buffer[write_buffer_pos++] = vals;

-	if ( write_buffer_pos >= WRITER_BUFFER_SIZE || ! buf || zeek::net::terminating )
+	if ( write_buffer_pos >= WRITER_BUFFER_SIZE || ! buf || zeek::run_state::terminating )
 		// Buffer full (or no bufferin desired or termiating).
 		FlushWriteBuffer();

--- a/src/logging/writers/ascii/Ascii.cc
+++ b/src/logging/writers/ascii/Ascii.cc
@ -15,6 +15,7 @@
 #include <dirent.h>

 #include "Func.h"
+#include "RunState.h"
 #include "supervisor/Supervisor.h"
 #include "logging/Manager.h"
 #include "threading/SerialTypes.h"
@ -398,7 +399,7 @@ Ascii::~Ascii()
 	if ( ! ascii_done )
 		// In case of errors aborting the logging altogether,
 		// DoFinish() may not have been called.
-		CloseFile(zeek::net::network_time);
+		CloseFile(zeek::run_state::network_time);

 	delete formatter;
 	}
--- a/src/main.cc
+++ b/src/main.cc
@ -5,7 +5,7 @@

 #include "iosource/Manager.h"
 #include "supervisor/Supervisor.h"
-#include "Net.h"
+#include "RunState.h"

 int main(int argc, char** argv)
 	{
@ -17,7 +17,7 @@ int main(int argc, char** argv)

 	auto& options = setup_result.options;
 	auto do_net_run = zeek::iosource_mgr->Size() > 0 ||
-	                  zeek::net::detail::have_pending_timers ||
+	                  zeek::run_state::detail::have_pending_timers ||
 	                  zeek::BifConst::exit_only_after_terminate;

 	if ( do_net_run )
@ -56,7 +56,7 @@ int main(int argc, char** argv)
 			        mem_net_start_malloced / 1024 / 1024);
 			}

-		zeek::net::detail::net_run();
+		zeek::run_state::detail::net_run();

 		double time_net_done = zeek::util::current_time(true);

--- a/src/scan.l
+++ b/src/scan.l
@ -31,7 +31,7 @@
 #include "broparse.h"
 #include "Reporter.h"
 #include "RE.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Traverse.h"
 #include "module_util.h"
 #include "ScannedFile.h"
--- a/src/stats.bif
+++ b/src/stats.bif
@ -140,7 +140,7 @@ function get_proc_stats%(%): ProcStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(ProcStats);
 	int n = 0;

-	double elapsed_time = zeek::util::current_time() - zeek::net::zeek_start_time;
+	double elapsed_time = zeek::util::current_time() - zeek::run_state::zeek_start_time;
 	double user_time =
 		double(ru.ru_utime.tv_sec) + double(ru.ru_utime.tv_usec) / 1e6;
 	double system_time =
@ -152,7 +152,7 @@ function get_proc_stats%(%): ProcStats
 	r->Assign(n++, zeek::val_mgr->Count(0));
 #endif

-	r->Assign(n++, zeek::make_intrusive<zeek::TimeVal>(zeek::net::zeek_start_time));
+	r->Assign(n++, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::zeek_start_time));

 	r->Assign(n++, zeek::make_intrusive<zeek::IntervalVal>(elapsed_time, Seconds));
 	r->Assign(n++, zeek::make_intrusive<zeek::IntervalVal>(user_time, Seconds));
--- a/src/supervisor/Supervisor.cc
+++ b/src/supervisor/Supervisor.cc
@ -24,7 +24,7 @@
 #include "DebugLogger.h"
 #include "ID.h"
 #include "Val.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "zeek-config.h"
 #include "util.h"
@ -200,10 +200,10 @@ void zeek::detail::ParentProcessCheckTimer::Dispatch(double t, bool is_expire)
 	//   FreeBSD: procctl(PROC_PDEATHSIG_CTL)
 	// Also note the Stem process has its own polling loop with similar logic.
 	if ( zeek::Supervisor::ThisNode()->parent_pid != getppid() )
-		zeek::net::detail::zeek_terminate_loop("supervised node was orphaned");
+		zeek::run_state::detail::zeek_terminate_loop("supervised node was orphaned");

 	if ( ! is_expire )
-		timer_mgr->Add(new ParentProcessCheckTimer(zeek::net::network_time + interval,
+		timer_mgr->Add(new ParentProcessCheckTimer(zeek::run_state::network_time + interval,
 		                                           interval));
 	}

--- a/src/threading/Manager.cc
+++ b/src/threading/Manager.cc
@ -7,6 +7,7 @@
 #include "iosource/Manager.h"
 #include "Event.h"
 #include "IPAddr.h"
+#include "RunState.h"

 namespace zeek::threading {
 namespace detail {
@ -130,7 +131,7 @@ void Manager::SendHeartbeats()
 void Manager::StartHeartbeatTimer()
 	{
 	heartbeat_timer_running = true;
-	zeek::detail::timer_mgr->Add(new detail::HeartbeatTimer(zeek::net::network_time + zeek::BifConst::Threading::heartbeat_interval));
+	zeek::detail::timer_mgr->Add(new detail::HeartbeatTimer(zeek::run_state::network_time + zeek::BifConst::Threading::heartbeat_interval));
 	}

 // Raise everything in here as warnings so it is passed to scriptland without
@ -191,10 +192,10 @@ void Manager::Flush()
 	{
 	bool do_beat = false;

-	if ( zeek::net::network_time && (zeek::net::network_time > next_beat || ! next_beat) )
+	if ( zeek::run_state::network_time && (zeek::run_state::network_time > next_beat || ! next_beat) )
 		{
 		do_beat = true;
-		next_beat = ::zeek::net::network_time + zeek::BifConst::Threading::heartbeat_interval;
+		next_beat = ::zeek::run_state::network_time + zeek::BifConst::Threading::heartbeat_interval;
 		}

 	did_process = false;
@ -213,7 +214,7 @@ void Manager::Flush()

 			if ( msg->Process() )
 				{
-				if ( zeek::net::network_time )
+				if ( zeek::run_state::network_time )
 					did_process = true;
 				}

@ -253,7 +254,7 @@ void Manager::Flush()
 		delete t;
 		}

-	// fprintf(stderr, "P %.6f %.6f do_beat=%d did_process=%d next_next=%.6f\n", zeek::net::network_time,
+	// fprintf(stderr, "P %.6f %.6f do_beat=%d did_process=%d next_next=%.6f\n", zeek::run_state::network_time,
 	//         zeek::detail::timer_mgr->Time(), do_beat, (int)did_process, next_beat);
 	}

--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@ -7,7 +7,7 @@
 #include "MsgThread.h"
 #include "Manager.h"
 #include "iosource/Manager.h"
-#include "Net.h"
+#include "RunState.h"

 // Set by Zeek's main signal handler.
 extern int signal_val;
@ -229,7 +229,7 @@ void MsgThread::OnSignalStop()

 	child_sent_finish = true;
 	// Signal thread to terminate.
-	SendIn(new detail::FinishMessage(this, zeek::net::network_time), true);
+	SendIn(new detail::FinishMessage(this, zeek::run_state::network_time), true);
 	}

 void MsgThread::OnWaitForStop()
@ -303,7 +303,7 @@ void MsgThread::Heartbeat()
 	if ( child_sent_finish )
 		return;

-	SendIn(new detail::HeartbeatMessage(this, zeek::net::network_time, zeek::util::current_time()));
+	SendIn(new detail::HeartbeatMessage(this, zeek::run_state::network_time, zeek::util::current_time()));
 	}

 void MsgThread::Finished()
@ -450,7 +450,7 @@ void MsgThread::Run()
 	// anymore.
 	if ( ! child_finished && ! Killed() )
 		{
-		OnFinish(zeek::net::network_time);
+		OnFinish(zeek::run_state::network_time);
 		Finished();
 		}
 	}
--- a/src/util.cc
+++ b/src/util.cc
@ -52,7 +52,7 @@
 #include "Obj.h"
 #include "Val.h"
 #include "NetVar.h"
-#include "Net.h"
+#include "RunState.h"
 #include "Reporter.h"
 #include "iosource/Manager.h"
 #include "iosource/PktSrc.h"
@ -854,7 +854,7 @@ FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info)
 	auto tmpname = tmpname_buf.get();

 	snprintf(newname, buflen, "%s.%d.%.06f.tmp",
-	         name, getpid(), zeek::net::network_time);
+	         name, getpid(), zeek::run_state::network_time);
 	newname[buflen-1] = '\0';
 	strcpy(tmpname, newname);
 	strcat(tmpname, ".tmp");
@ -891,8 +891,8 @@ FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info)
 		{
 		rotate_info->Assign<zeek::StringVal>(0, name);
 		rotate_info->Assign<zeek::StringVal>(1, newname);
-		rotate_info->Assign<zeek::TimeVal>(2, zeek::net::network_time);
-		rotate_info->Assign<zeek::TimeVal>(3, zeek::net::network_time);
+		rotate_info->Assign<zeek::TimeVal>(2, zeek::run_state::network_time);
+		rotate_info->Assign<zeek::TimeVal>(3, zeek::run_state::network_time);
 		}

 	return newf;
@ -957,7 +957,7 @@ double calc_next_rotate(double current, double interval, double base)

 void terminate_processing()
 	{
-	if ( ! zeek::net::terminating )
+	if ( ! zeek::run_state::terminating )
 		raise(SIGTERM);
 	}

@ -2031,13 +2031,13 @@ double current_time(bool real)

 	double t = double(tv.tv_sec) + double(tv.tv_usec) / 1e6;

-	if ( ! zeek::net::pseudo_realtime || real || ! zeek::iosource_mgr || ! zeek::iosource_mgr->GetPktSrc() )
+	if ( ! zeek::run_state::pseudo_realtime || real || ! zeek::iosource_mgr || ! zeek::iosource_mgr->GetPktSrc() )
 		return t;

 	// This obviously only works for a single source ...
 	zeek::iosource::PktSrc* src = zeek::iosource_mgr->GetPktSrc();

-	if ( zeek::net::net_is_processing_suspended() )
+	if ( zeek::run_state::net_is_processing_suspended() )
 		return src->CurrentPacketTimestamp();

 	// We don't scale with pseudo_realtime here as that would give us a
@ -2269,7 +2269,7 @@ void* debug_malloc(size_t t)
 	{
 	void* v = malloc(t);
 	if ( malloc_debug )
-		printf("%.6f malloc %x %d\n", zeek::net::network_time, v, t);
+		printf("%.6f malloc %x %d\n", zeek::run_state::network_time, v, t);
 	return v;
 	}

@ -2277,14 +2277,14 @@ void* debug_realloc(void* v, size_t t)
 	{
 	v = realloc(v, t);
 	if ( malloc_debug )
-		printf("%.6f realloc %x %d\n", zeek::net::network_time, v, t);
+		printf("%.6f realloc %x %d\n", zeek::run_state::network_time, v, t);
 	return v;
 	}

 void debug_free(void* v)
 	{
 	if ( malloc_debug )
-		printf("%.6f free %x\n", zeek::net::network_time, v);
+		printf("%.6f free %x\n", zeek::run_state::network_time, v);
 	free(v);
 	}

@ -2292,7 +2292,7 @@ void* operator new(size_t t)
 	{
 	void* v = malloc(t);
 	if ( malloc_debug )
-		printf("%.6f new %x %d\n", zeek::net::network_time, v, t);
+		printf("%.6f new %x %d\n", zeek::run_state::network_time, v, t);
 	return v;
 	}

@ -2300,21 +2300,21 @@ void* operator new[](size_t t)
 	{
 	void* v = malloc(t);
 	if ( malloc_debug )
-		printf("%.6f new[] %x %d\n", zeek::net::network_time, v, t);
+		printf("%.6f new[] %x %d\n", zeek::run_state::network_time, v, t);
 	return v;
 	}

 void operator delete(void* v)
 	{
 	if ( malloc_debug )
-		printf("%.6f delete %x\n", zeek::net::network_time, v);
+		printf("%.6f delete %x\n", zeek::run_state::network_time, v);
 	free(v);
 	}

 void operator delete[](void* v)
 	{
 	if ( malloc_debug )
-		printf("%.6f delete %x\n", zeek::net::network_time, v);
+		printf("%.6f delete %x\n", zeek::run_state::network_time, v);
 	free(v);
 	}

@ -2530,7 +2530,7 @@ string json_escape_utf8(const string& val)
 } // namespace zeek::util

 // Remove in v4.1.
-double& network_time = zeek::net::network_time;
+double& network_time = zeek::run_state::network_time;

 unsigned int bro_prng(unsigned int  state)
 	{ return zeek::util::detail::prng(state); }
--- a/src/util.h
+++ b/src/util.h
@ -111,7 +111,7 @@ extern char* strcasestr(const char* s, const char* find);
 // perspective.  In particular, if we're reading from a savefile this
 // is the time of the most recent packet, not the time returned by
 // gettimeofday().
-extern double& network_time [[deprecated("Remove in v4.1. Use zeek::net::network_time.")]];
+extern double& network_time [[deprecated("Remove in v4.1. Use zeek::run_state::network_time.")]];

 [[deprecated("Remove in v4.1: Use system snprintf instead")]]
 inline int safe_snprintf(char* str, size_t size, const char* format, ...)
--- a/src/zeek-setup.cc
+++ b/src/zeek-setup.cc
@ -29,7 +29,7 @@ extern "C" {
 #include "Event.h"
 #include "File.h"
 #include "Reporter.h"
-#include "Net.h"
+#include "RunState.h"
 #include "NetVar.h"
 #include "Var.h"
 #include "Timer.h"
@ -261,7 +261,7 @@ static void done_with_network()
 	if ( zeek::detail::profiling_logger )
 		zeek::detail::profiling_logger->Log();

-	zeek::net::terminating = true;
+	zeek::run_state::terminating = true;

 	zeek::analyzer_mgr->Done();
 	zeek::detail::timer_mgr->Expire();
@ -269,7 +269,7 @@ static void done_with_network()
 	zeek::event_mgr.Drain();
 	zeek::event_mgr.Drain();

-	zeek::net::detail::net_finish(1);
+	zeek::run_state::detail::net_finish(1);

 #ifdef USE_PERFTOOLS_DEBUG

@ -293,7 +293,7 @@ static void terminate_bro()
 	{
 	zeek::util::detail::set_processing_status("TERMINATING", "terminate_bro");

-	zeek::net::terminating = true;
+	zeek::run_state::terminating = true;

 	zeek::iosource_mgr->Wakeup("terminate_bro");

@ -354,7 +354,7 @@ RETSIGTYPE sig_handler(int signo)
 	zeek::util::detail::set_processing_status("TERMINATING", "sig_handler");
 	signal_val = signo;

-	if ( ! zeek::net::terminating )
+	if ( ! zeek::run_state::terminating )
 		zeek::iosource_mgr->Wakeup("sig_handler");

 	return RETSIGVAL;
@ -448,7 +448,7 @@ zeek::detail::SetupResult setup(int argc, char** argv,
 	if ( zeek_prefixes )
 		zeek::util::tokenize_string(zeek_prefixes, ":", &zeek_script_prefixes);

-	zeek::net::pseudo_realtime = options.pseudo_realtime;
+	zeek::run_state::pseudo_realtime = options.pseudo_realtime;

 #ifdef USE_PERFTOOLS_DEBUG
 	perftools_leaks = options.perftools_check_leaks;
@ -476,7 +476,7 @@ zeek::detail::SetupResult setup(int argc, char** argv,
 	atexit(atexit_handler);
 	zeek::util::detail::set_processing_status("INITIALIZING", "main");

-	zeek::net::zeek_start_time = zeek::util::current_time(true);
+	zeek::run_state::zeek_start_time = zeek::util::current_time(true);

 	zeek::val_mgr = new ValManager();
 	reporter = new Reporter(options.abort_on_scripting_errors);
@ -628,9 +628,9 @@ zeek::detail::SetupResult setup(int argc, char** argv,
 	HeapLeakChecker::Disabler disabler;
 #endif

-	zeek::net::is_parsing = true;
+	zeek::run_state::is_parsing = true;
 	yyparse();
-	zeek::net::is_parsing = false;
+	zeek::run_state::is_parsing = false;

 	RecordVal::DoneParsing();
 	TableVal::DoneParsing();
@ -751,7 +751,7 @@ zeek::detail::SetupResult setup(int argc, char** argv,
 		}

 	if ( dns_type != DNS_PRIME )
-		zeek::net::detail::net_init(options.interface, options.pcap_file, options.pcap_output_file, options.use_watchdog);
+		zeek::run_state::detail::net_init(options.interface, options.pcap_file, options.pcap_output_file, options.use_watchdog);

 	if ( ! g_policy_debug )
 		{
@ -803,10 +803,10 @@ zeek::detail::SetupResult setup(int argc, char** argv,
 			zeek::detail::segment_logger = zeek::detail::profiling_logger;
 		}

-	if ( ! zeek::net::reading_live && ! zeek::net::reading_traces )
+	if ( ! zeek::run_state::reading_live && ! zeek::run_state::reading_traces )
 		// Set up network_time to track real-time, since
 		// we don't have any other source for it.
-		zeek::net::detail::net_update_time(zeek::util::current_time());
+		zeek::run_state::detail::net_update_time(zeek::util::current_time());

 	if ( zeek_init )
 		zeek::event_mgr.Enqueue(zeek_init, zeek::Args{});
@ -874,7 +874,7 @@ zeek::detail::SetupResult setup(int argc, char** argv,
 	zeek::reporter->ZeekInitDone();
 	zeek::analyzer_mgr->DumpDebug();

-	zeek::net::detail::have_pending_timers = ! zeek::net::reading_traces && zeek::detail::timer_mgr->Size() > 0;
+	zeek::run_state::detail::have_pending_timers = ! zeek::run_state::reading_traces && zeek::detail::timer_mgr->Size() > 0;

 	return {0, std::move(options)};
 	}
@ -884,7 +884,7 @@ int cleanup(bool did_net_run)
 	if ( did_net_run )
 		done_with_network();

-	zeek::net::detail::net_delete();
+	zeek::run_state::detail::net_delete();
 	terminate_bro();

 	sqlite3_shutdown();
@ -904,7 +904,7 @@ int cleanup(bool did_net_run)

 } // namespace detail

-namespace net::detail {
+namespace run_state::detail {

 void zeek_terminate_loop(const char* reason)
 	{
@ -926,5 +926,5 @@ void zeek_terminate_loop(const char* reason)
 	exit(0);
 	}

-} // namespace net::detail
+} // namespace run_state::detail
 } // namespace zeek
--- a/src/zeek.bif
+++ b/src/zeek.bif
@ -331,7 +331,7 @@ function current_time%(%): time
 ## .. zeek:see:: current_time
 function network_time%(%): time
 	%{
-	return zeek::make_intrusive<zeek::TimeVal>(zeek::net::network_time);
+	return zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::network_time);
 	%}

 ## Returns a system environment variable.
@ -388,7 +388,7 @@ function exit%(code: int%): any
 ## .. zeek:see:: exit zeek_is_terminating
 function terminate%(%): bool
 	%{
-	if ( zeek::net::terminating )
+	if ( zeek::run_state::terminating )
 		return zeek::val_mgr->False();

 	zeek::util::detail::terminate_processing();
@ -1875,7 +1875,7 @@ function zeek_args%(%): string_vec
 ## .. zeek:see:: reading_traces packet_source
 function reading_live_traffic%(%): bool
 	%{
-	return zeek::val_mgr->Bool(zeek::net::reading_live);
+	return zeek::val_mgr->Bool(zeek::run_state::reading_live);
 	%}

 ## Checks whether Zeek reads traffic from a trace file (as opposed to from a
@ -1886,7 +1886,7 @@ function reading_live_traffic%(%): bool
 ## .. zeek:see:: reading_live_traffic packet_source
 function reading_traces%(%): bool
 	%{
-	return zeek::val_mgr->Bool(zeek::net::reading_traces);
+	return zeek::val_mgr->Bool(zeek::run_state::reading_traces);
 	%}

 ## Returns: the packet source being read by Zeek.
@ -2109,7 +2109,7 @@ function dump_rule_stats%(f: file%): bool
 ## .. zeek:see:: terminate
 function zeek_is_terminating%(%): bool
 	%{
-	return zeek::val_mgr->Bool(zeek::net::terminating);
+	return zeek::val_mgr->Bool(zeek::run_state::terminating);
 	%}

 ## Returns the hostname of the machine Zeek runs on.
@ -3365,7 +3365,7 @@ function lookup_connection%(cid: conn_id%): connection
 	c->Assign(1, std::move(orig_endp));
 	c->Assign(2, std::move(resp_endp));

-	c->Assign(3, zeek::make_intrusive<zeek::TimeVal>(zeek::net::network_time));
+	c->Assign(3, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::network_time));
 	c->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(0.0));
 	c->Assign(5, zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set));	// service
 	c->Assign(6, zeek::val_mgr->EmptyString());	// history
@ -3400,8 +3400,8 @@ function dump_current_packet%(file_name: string%) : bool
 	%{
 	const Packet* pkt;

-	if ( ! zeek::net::detail::current_pktsrc ||
-	     ! zeek::net::detail::current_pktsrc->GetCurrentPacket(&pkt) )
+	if ( ! zeek::run_state::detail::current_pktsrc ||
+	     ! zeek::run_state::detail::current_pktsrc->GetCurrentPacket(&pkt) )
 		return zeek::val_mgr->False();

 	if ( addl_pkt_dumper && addl_pkt_dumper->Path() != file_name->CheckString())
@ -3433,8 +3433,8 @@ function get_current_packet%(%) : pcap_packet
 	const Packet* p;
 	auto pkt = zeek::make_intrusive<zeek::RecordVal>(pcap_packet);

-	if ( ! zeek::net::detail::current_pktsrc ||
-	     ! zeek::net::detail::current_pktsrc->GetCurrentPacket(&p) )
+	if ( ! zeek::run_state::detail::current_pktsrc ||
+	     ! zeek::run_state::detail::current_pktsrc->GetCurrentPacket(&p) )
 		{
 		pkt->Assign(0, zeek::val_mgr->Count(0));
 		pkt->Assign(1, zeek::val_mgr->Count(0));
@ -3465,8 +3465,8 @@ function get_current_packet_header%(%) : raw_pkt_hdr
 	%{
 	const Packet* p;

-	if ( zeek::net::detail::current_pktsrc &&
-	     zeek::net::detail::current_pktsrc->GetCurrentPacket(&p) )
+	if ( zeek::run_state::detail::current_pktsrc &&
+	     zeek::run_state::detail::current_pktsrc->GetCurrentPacket(&p) )
 		{
 		return p->ToRawPktHdrVal();
 		}
@ -3688,10 +3688,10 @@ static constexpr double mmdb_msg_suppression_duration = 300;

 static void report_mmdb_msg(const char* format, ...)
 	{
-	if ( zeek::net::network_time > mmdb_msg_suppression_time + mmdb_msg_suppression_duration )
+	if ( zeek::run_state::network_time > mmdb_msg_suppression_time + mmdb_msg_suppression_duration )
 		{
 		mmdb_msg_count = 0;
-		mmdb_msg_suppression_time = zeek::net::network_time;
+		mmdb_msg_suppression_time = zeek::run_state::network_time;
 		}

 	if ( mmdb_msg_count >= mmdb_msg_limit )
@ -4701,10 +4701,11 @@ function rotate_file_by_name%(f: string%): rotate_info
 	bool is_addl_pkt_dumper = false;

 	// Special case: one of current dump files.
-	if ( zeek::net::detail::pkt_dumper && zeek::util::streq(zeek::net::detail::pkt_dumper->Path().c_str(), f->CheckString()) )
+	if ( zeek::run_state::detail::pkt_dumper &&
+	     zeek::util::streq(zeek::run_state::detail::pkt_dumper->Path().c_str(), f->CheckString()) )
 		{
 		is_pkt_dumper = true;
-		zeek::net::detail::pkt_dumper->Close();
+		zeek::run_state::detail::pkt_dumper->Close();
 		}

 	if ( addl_pkt_dumper &&
@ -4729,8 +4730,8 @@ function rotate_file_by_name%(f: string%): rotate_info

 	if ( is_pkt_dumper )
 		{
-		info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(zeek::net::detail::pkt_dumper->OpenTime()));
-		zeek::net::detail::pkt_dumper->Open();
+		info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::detail::pkt_dumper->OpenTime()));
+		zeek::run_state::detail::pkt_dumper->Open();
 		}

 	if ( is_addl_pkt_dumper )
@ -4753,7 +4754,7 @@ function calc_next_rotate%(i: interval%) : interval
 	static auto base_time = log_rotate_base_time->AsString()->CheckString();

 	double base = zeek::util::detail::parse_rotate_base_time(base_time);
-	return zeek::make_intrusive<zeek::IntervalVal>(zeek::util::detail::calc_next_rotate(zeek::net::network_time, i, base));
+	return zeek::make_intrusive<zeek::IntervalVal>(zeek::util::detail::calc_next_rotate(zeek::run_state::network_time, i, base));
 	%}

 ## Returns the size of a given file.
@ -5011,7 +5012,7 @@ function is_remote_event%(%) : bool
 ## .. zeek:see:: continue_processing
 function suspend_processing%(%) : any
 	%{
-	zeek::net::net_suspend_processing();
+	zeek::run_state::net_suspend_processing();
 	return nullptr;
 	%}

@ -5020,7 +5021,7 @@ function suspend_processing%(%) : any
 ## .. zeek:see:: suspend_processing
 function continue_processing%(%) : any
 	%{
-	zeek::net::net_continue_processing();
+	zeek::run_state::net_continue_processing();
 	return nullptr;
 	%}