Move session code into new directory and into zeek::session namespace

src/CMakeLists.txt

@@ -166,6 +166,7 @@ add_subdirectory(input)
 add_subdirectory(iosource)
 add_subdirectory(logging)
 add_subdirectory(probabilistic)
+add_subdirectory(session)
 
 add_subdirectory(fuzzers)
 
@@ -286,9 +287,6 @@ set(MAIN_SRCS
     Scope.cc
     ScriptCoverageManager.cc
     SerializationFormat.cc
-    Session.cc
-    SessionKey.cc
-    SessionManager.cc
     SmithWaterman.cc
     Stats.cc
     Stmt.cc

src/Conn.cc

@@ -10,7 +10,7 @@
 #include "zeek/RunState.h"
 #include "zeek/NetVar.h"
 #include "zeek/Event.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Reporter.h"
 #include "zeek/Timer.h"
 #include "zeek/iosource/IOSource.h"
@@ -380,7 +380,7 @@ void Connection::FlipRoles()
 
 unsigned int Connection::MemoryAllocation() const
 	{
-	return Session::MemoryAllocation() + padded_sizeof(*this)
+	return session::Session::MemoryAllocation() + padded_sizeof(*this)
 		+ (timers.MemoryAllocation() - padded_sizeof(timers))
 		+ (conn_val ? conn_val->MemoryAllocation() : 0)
 		+ (root_analyzer ? root_analyzer->MemoryAllocation(): 0)
@@ -395,7 +395,7 @@ unsigned int Connection::MemoryAllocationVal() const
 
 void Connection::Describe(ODesc* d) const
 	{
-	Session::Describe(d);
+	session::Session::Describe(d);
 
 	switch ( proto ) {
 		case TRANSPORT_TCP:

src/Conn.h

@@ -16,7 +16,7 @@
 #include "zeek/WeirdState.h"
 #include "zeek/ZeekArgs.h"
 #include "zeek/IntrusivePtr.h"
-#include "zeek/Session.h"
+#include "zeek/session/Session.h"
 #include "zeek/iosource/Packet.h"
 
 #include "zeek/analyzer/Tag.h"
@@ -25,7 +25,6 @@
 namespace zeek {
 
 class Connection;
-class SessionManager;
 class EncapsulationStack;
 class Val;
 class RecordVal;
@@ -33,6 +32,7 @@ class RecordVal;
 using ValPtr = IntrusivePtr<Val>;
 using RecordValPtr = IntrusivePtr<RecordVal>;
 
+namespace session { class SessionManager; }
 namespace detail {
 
 class Specific_RE_Matcher;
@@ -70,7 +70,7 @@ static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1,
 	return addr1 < addr2 || (addr1 == addr2 && p1 < p2);
 	}
 
-class Connection final : public Session {
+class Connection final : public session::Session {
 public:
 
 	Connection(const detail::ConnIDKey& k, double t, const ConnID* id,
@@ -114,8 +114,8 @@ public:
 	// connection is in the session map. If it is removed, the key
 	// should be marked invalid.
 	const detail::ConnIDKey& Key() const	{ return key; }
-	detail::SessionKey SessionKey(bool copy) const override
+	session::detail::SessionKey SessionKey(bool copy) const override
-		{ return detail::SessionKey{&key, sizeof(key), copy}; }
+		{ return session::detail::SessionKey{&key, sizeof(key), copy}; }
 
 	const IPAddr& OrigAddr() const		{ return orig_addr; }
 	const IPAddr& RespAddr() const		{ return resp_addr; }
@@ -254,7 +254,7 @@ public:
 protected:
 
 	// Allow other classes to access pointers to these:
-	friend class detail::SessionTimer;
+	friend class session::detail::SessionTimer;
 
 	IPAddr orig_addr;
 	IPAddr resp_addr;

src/Frag.cc

@@ -6,7 +6,7 @@
 #include "zeek/Hash.h"
 #include "zeek/IP.h"
 #include "zeek/NetVar.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Reporter.h"
 #include "zeek/RunState.h"
 
@@ -29,7 +29,7 @@ void FragTimer::Dispatch(double t, bool /* is_expire */)
 		reporter->InternalWarning("fragment timer dispatched w/o reassembler");
 	}
 
-FragReassembler::FragReassembler(SessionManager* arg_s,
+FragReassembler::FragReassembler(session::SessionManager* arg_s,
                                  const std::unique_ptr<IP_Hdr>& ip, const u_char* pkt,
                                  const FragReassemblerKey& k, double t)
 	: Reassembler(0, REASSEM_FRAG)

src/Frag.h

@@ -12,9 +12,10 @@
 
 namespace zeek {
 
-class SessionManager;
 class IP_Hdr;
 
+namespace session { class SessionManager; }
+
 namespace detail {
 
 class FragReassembler;
@@ -24,8 +25,8 @@ using FragReassemblerKey = std::tuple<IPAddr, IPAddr, bro_uint_t>;
 
 class FragReassembler : public Reassembler {
 public:
-	FragReassembler(SessionManager* s, const std::unique_ptr<IP_Hdr>& ip, const u_char* pkt,
+	FragReassembler(session::SessionManager* s, const std::unique_ptr<IP_Hdr>& ip,
-	                const FragReassemblerKey& k, double t);
+	                const u_char* pkt, const FragReassemblerKey& k, double t);
 	~FragReassembler() override;
 
 	void AddFragment(double t, const std::unique_ptr<IP_Hdr>& ip, const u_char* pkt);
@@ -44,7 +45,7 @@ protected:
 
 	u_char* proto_hdr;
 	std::unique_ptr<IP_Hdr> reassembled_pkt;
-	SessionManager* s;
+	session::SessionManager* s;
 	uint64_t frag_size;	// size of fully reassembled fragment
 	FragReassemblerKey key;
 	uint16_t next_proto; // first IPv6 fragment header's next proto field

src/Func.cc

@@ -45,7 +45,7 @@
 #include "zeek/Frame.h"
 #include "zeek/Var.h"
 #include "zeek/analyzer/protocol/login/Login.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/RE.h"
 #include "zeek/Event.h"
 #include "zeek/Traverse.h"

src/RunState.cc

@@ -24,7 +24,7 @@ extern "C" {
 };
 
 #include "zeek/NetVar.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Event.h"
 #include "zeek/Timer.h"
 #include "zeek/ID.h"
@@ -195,7 +195,7 @@ void init_run(const std::optional<std::string>& interface,
 
 	zeek::detail::init_ip_addr_anonymizers();
 
-	session_mgr = new SessionManager();
+	session_mgr = new session::SessionManager();
 
 	// Initialize the stepping stone manager. We intentionally throw away the result here.
 	SteppingStoneManager::Get();

src/Sessions.h

@@ -1,2 +1,2 @@
-#warning "This file is deprecated and will be removed in v5.1. Use SessionManager.h instead."
+#warning "This file is deprecated and will be removed in v5.1. Use session/SessionManager.h instead."
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"

src/Stats.cc

@@ -7,7 +7,7 @@
 #include "zeek/RunState.h"
 #include "zeek/NetVar.h"
 #include "zeek/ID.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Scope.h"
 #include "zeek/DNS_Mgr.h"
 #include "zeek/Trigger.h"
@@ -145,7 +145,7 @@ void ProfileLogger::Log()
 		expensive ? session_mgr->SessionMemoryUsageVals() / 1024 : 0
 		));
 
-	SessionStats s;
+	session::SessionStats s;
 	session_mgr->GetStats(s);
 
 	file->Write(util::fmt("%.06f Conns: tcp=%zu/%zu udp=%zu/%zu icmp=%zu/%zu\n",

src/analyzer/protocol/ayiya/AYIYA.cc

@@ -2,7 +2,7 @@
 
 #include "zeek/analyzer/protocol/ayiya/AYIYA.h"
 
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Func.h"
 #include "zeek/packet_analysis/protocol/iptunnel/IPTunnel.h"
 

src/analyzer/protocol/conn-size/functions.bif

@@ -1,7 +1,7 @@
 %%{
 #include "zeek/analyzer/protocol/conn-size/ConnSize.h"
 #include "zeek/Reporter.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 
 static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
 	{

src/analyzer/protocol/dns/DNS.cc

@@ -11,7 +11,7 @@
 
 #include "zeek/ZeekString.h"
 #include "zeek/NetVar.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Event.h"
 #include "zeek/RunState.h"
 

src/analyzer/protocol/gtpv1/GTPv1.cc

@@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/gtpv1/GTPv1.h"
 #include "zeek/packet_analysis/protocol/iptunnel/IPTunnel.h"
 
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/analyzer/protocol/gtpv1/events.bif.h"
 
 namespace zeek::analyzer::gtpv1 {

src/analyzer/protocol/login/functions.bif

@@ -2,7 +2,7 @@
 %%{
 #include "zeek/analyzer/protocol/login/Login.h"
 #include "zeek/Reporter.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 %%}
 
 ## Returns the state of the given login (Telnet or Rlogin) connection.

src/analyzer/protocol/netbios/NetbiosSSN.cc

@@ -7,7 +7,7 @@
 
 #include "zeek/ZeekString.h"
 #include "zeek/NetVar.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Event.h"
 #include "zeek/RunState.h"
 

src/analyzer/protocol/rpc/RPC.cc

@@ -9,7 +9,7 @@
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/Reporter.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/RunState.h"
 
 #include "zeek/analyzer/protocol/rpc/events.bif.h"

src/analyzer/protocol/tcp/TCP.cc

@@ -13,7 +13,7 @@
 #include "zeek/File.h"
 #include "zeek/Event.h"
 #include "zeek/Reporter.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/DebugLogger.h"
 
 #include "zeek/analyzer/protocol/tcp/events.bif.h"

src/analyzer/protocol/tcp/TCP.h

@@ -143,7 +143,7 @@ protected:
 	void CheckRecording(bool need_contents, TCP_Flags flags);
 	void CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip);
 
-	friend class detail::SessionTimer;
+	friend class session::detail::SessionTimer;
 	void AttemptTimer(double t);
 	void PartialCloseTimer(double t);
 	void ExpireTimer(double t);

src/analyzer/protocol/tcp/TCP_Endpoint.cc

@@ -9,7 +9,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Event.h"
 #include "zeek/File.h"
 #include "zeek/Val.h"

src/analyzer/protocol/tcp/functions.bif

@@ -1,7 +1,7 @@
 
 %%{
 #include "zeek/File.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 %%}

src/analyzer/protocol/teredo/Teredo.cc

@@ -4,7 +4,7 @@
 #include "zeek/Conn.h"
 #include "zeek/IP.h"
 #include "zeek/Reporter.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/ZeekString.h"
 #include "zeek/RunState.h"
 #include "zeek/packet_analysis/protocol/iptunnel/IPTunnel.h"

src/fuzzers/fuzzer-setup.h

@@ -6,7 +6,7 @@
 #include "zeek/zeek-setup.h"
 
 #include "zeek/Event.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/broker/Manager.h"
 #include "zeek/file_analysis/Manager.h"
 

src/fuzzers/pop3-fuzzer.cc

@@ -2,7 +2,7 @@
 
 #include "zeek/RunState.h"
 #include "zeek/Conn.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"

src/iosource/PktSrc.cc

@@ -8,7 +8,7 @@
 #include "zeek/util.h"
 #include "zeek/Hash.h"
 #include "zeek/RunState.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/broker/Manager.h"
 #include "zeek/iosource/Manager.h"
 #include "zeek/packet_analysis/Manager.h"

src/packet_analysis/Analyzer.cc

@@ -5,7 +5,7 @@
 #include "zeek/Dict.h"
 #include "zeek/DebugLogger.h"
 #include "zeek/RunState.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/util.h"
 
 namespace zeek::packet_analysis {

src/packet_analysis/protocol/gre/GRE.cc

@@ -4,7 +4,7 @@
 
 #include <pcap.h> // For DLT_ constants
 
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/RunState.h"
 #include "zeek/IP.h"
 #include "zeek/Reporter.h"

src/packet_analysis/protocol/ip/IP.cc

@@ -5,7 +5,7 @@
 #include "zeek/IP.h"
 #include "zeek/Discard.h"
 #include "zeek/PacketFilter.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/RunState.h"
 #include "zeek/Frag.h"
 #include "zeek/Event.h"

src/packet_analysis/protocol/iptunnel/IPTunnel.cc

@@ -4,7 +4,7 @@
 
 #include <pcap.h> // For DLT_ constants
 
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/RunState.h"
 #include "zeek/IP.h"
 #include "zeek/TunnelEncapsulation.h"

src/session/CMakeLists.txt

@@ -0,0 +1,16 @@
+
+include(ZeekSubdir)
+
+include_directories(BEFORE
+                    ${CMAKE_CURRENT_SOURCE_DIR}
+                    ${CMAKE_CURRENT_BINARY_DIR}
+)
+
+set(session_SRCS
+  Session.cc
+  SessionKey.cc
+  SessionManager.cc
+)
+
+bro_add_subdir_library(session ${session_SRCS})
+add_dependencies(bro_session generate_outputs)

src/session/Session.cc

@@ -1,35 +1,34 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "zeek/Session.h"
+#include "zeek/session/Session.h"
 
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/Val.h"
 #include "zeek/Event.h"
 #include "zeek/Desc.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "zeek/IP.h"
 
-namespace zeek {
+namespace zeek::session {
-
 namespace detail {
 
-void SessionTimer::Init(Session* arg_conn, timer_func arg_timer,
+void SessionTimer::Init(Session* arg_session, timer_func arg_timer,
                         bool arg_do_expire)
 	{
-	conn = arg_conn;
+	session = arg_session;
 	timer = arg_timer;
 	do_expire = arg_do_expire;
-	Ref(conn);
+	Ref(session);
 	}
 
 SessionTimer::~SessionTimer()
 	{
-	if ( conn->RefCnt() < 1 )
+	if ( session->RefCnt() < 1 )
 		reporter->InternalError("reference count inconsistency in ~SessionTimer");
 
-	conn->RemoveTimer(this);
+	session->RemoveTimer(this);
-	Unref(conn);
+	Unref(session);
 	}
 
 void SessionTimer::Dispatch(double t, bool is_expire)
@@ -37,13 +36,13 @@ void SessionTimer::Dispatch(double t, bool is_expire)
 	if ( is_expire && ! do_expire )
 		return;
 
-	// Remove ourselves from the connection's set of timers so
+	// Remove ourselves from the session's set of timers so
 	// it doesn't try to cancel us.
-	conn->RemoveTimer(this);
+	session->RemoveTimer(this);
 
-	(conn->*timer)(t);
+	(session->*timer)(t);
 
-	if ( conn->RefCnt() < 1 )
+	if ( session->RefCnt() < 1 )
 		reporter->InternalError("reference count inconsistency in SessionTimer::Dispatch");
 	}
 
@@ -100,7 +99,7 @@ void Session::Describe(ODesc* d) const
 void Session::SetLifetime(double lifetime)
 	{
 	ADD_TIMER(&Session::DeleteTimer, run_state::network_time + lifetime, 0,
-	          detail::TIMER_CONN_DELETE);
+	          zeek::detail::TIMER_CONN_DELETE);
 	}
 
 void Session::SetInactivityTimeout(double timeout)
@@ -110,15 +109,15 @@ void Session::SetInactivityTimeout(double timeout)
 
 	// First cancel and remove any existing inactivity timer.
 	for ( const auto& timer : timers )
-		if ( timer->Type() == detail::TIMER_CONN_INACTIVITY )
+		if ( timer->Type() == zeek::detail::TIMER_CONN_INACTIVITY )
 			{
-			detail::timer_mgr->Cancel(timer);
+			zeek::detail::timer_mgr->Cancel(timer);
 			break;
 			}
 
 	if ( timeout )
 		ADD_TIMER(&Session::InactivityTimer,
-		          last_time + timeout, 0, detail::TIMER_CONN_INACTIVITY);
+		          last_time + timeout, 0, zeek::detail::TIMER_CONN_INACTIVITY);
 
 	inactivity_timeout = timeout;
 	}
@@ -132,7 +131,7 @@ void Session::EnableStatusUpdateTimer()
 		{
 		ADD_TIMER(&Session::StatusUpdateTimer,
 		          run_state::network_time + session_status_update_interval, 0,
-		          detail::TIMER_CONN_STATUS_UPDATE);
+		          zeek::detail::TIMER_CONN_STATUS_UPDATE);
 		installed_status_timer = 1;
 		}
 	}
@@ -147,7 +146,7 @@ void Session::CancelTimers()
 	std::copy(timers.begin(), timers.end(), std::back_inserter(tmp));
 
 	for ( const auto& timer : tmp )
-		detail::timer_mgr->Cancel(timer);
+		zeek::detail::timer_mgr->Cancel(timer);
 
 	timers_canceled = 1;
 	timers.clear();
@@ -162,7 +161,7 @@ void Session::DeleteTimer(double /* t */)
 	}
 
 void Session::AddTimer(timer_func timer, double t, bool do_expire,
-                       detail::TimerType type)
+                       zeek::detail::TimerType type)
 	{
 	if ( timers_canceled )
 		return;
@@ -173,12 +172,12 @@ void Session::AddTimer(timer_func timer, double t, bool do_expire,
 	if ( ! IsInSessionTable() )
 		return;
 
-	detail::Timer* conn_timer = new detail::SessionTimer(this, timer, t, do_expire, type);
+	zeek::detail::Timer* conn_timer = new detail::SessionTimer(this, timer, t, do_expire, type);
-	detail::timer_mgr->Add(conn_timer);
+	zeek::detail::timer_mgr->Add(conn_timer);
 	timers.push_back(conn_timer);
 	}
 
-void Session::RemoveTimer(detail::Timer* t)
+void Session::RemoveTimer(zeek::detail::Timer* t)
 	{
 	timers.remove(t);
 	}
@@ -189,12 +188,12 @@ void Session::InactivityTimer(double t)
 		{
 		Event(session_timeout_event, nullptr);
 		session_mgr->Remove(this);
-		++detail::killed_by_inactivity;
+		++zeek::detail::killed_by_inactivity;
 		}
 	else
 		ADD_TIMER(&Session::InactivityTimer,
 		          last_time + inactivity_timeout, 0,
-		          detail::TIMER_CONN_INACTIVITY);
+		          zeek::detail::TIMER_CONN_INACTIVITY);
 	}
 
 void Session::StatusUpdateTimer(double t)
@@ -202,7 +201,7 @@ void Session::StatusUpdateTimer(double t)
 	EnqueueEvent(session_status_update_event, nullptr, GetVal());
 	ADD_TIMER(&Session::StatusUpdateTimer,
 	          run_state::network_time + session_status_update_interval, 0,
-	          detail::TIMER_CONN_STATUS_UPDATE);
+	          zeek::detail::TIMER_CONN_STATUS_UPDATE);
 	}
 
 void Session::RemoveConnectionTimer(double t)
@@ -211,4 +210,4 @@ void Session::RemoveConnectionTimer(double t)
 	session_mgr->Remove(this);
 	}
 
-} // namespace zeek
+} // namespace zeek::session

src/session/Session.h

@@ -8,17 +8,19 @@
 #include "zeek/Obj.h"
 #include "zeek/EventHandler.h"
 #include "zeek/Timer.h"
-#include "zeek/SessionKey.h"
+#include "zeek/session/SessionKey.h"
 
 namespace zeek {
 
 class RecordVal;
 using RecordValPtr = IntrusivePtr<RecordVal>;
-class Session;
 
 namespace analyzer { class Analyzer; }
+
+namespace session {
 namespace detail { class SessionTimer; }
 
+class Session;
 typedef void (Session::*timer_func)(double t);
 
 class Session : public Obj {
@@ -80,7 +82,7 @@ public:
 	bool RecordPackets() const		{ return record_packets; }
 	void SetRecordPackets(bool do_record)	{ record_packets = do_record ? 1 : 0; }
 
-	// True if we should record full packets for this connection,
+	// True if we should record full packets for this session,
 	// false if we should just record headers.
 	bool RecordContents() const		{ return record_contents; }
 	void SetRecordContents(bool do_record)	{ record_contents = do_record ? 1 : 0; }
@@ -133,7 +135,7 @@ public:
 	           const char* name = nullptr);
 
 	/**
-	 * Enqueues an event associated with this connection and given analyzer.
+	 * Enqueues an event associated with this session and given analyzer.
 	 */
 	void EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, Args args);
 
@@ -210,12 +212,12 @@ protected:
 	 * @param type The type of timer being added.
 	 */
 	void AddTimer(timer_func timer, double t, bool do_expire,
-	              detail::TimerType type);
+	              zeek::detail::TimerType type);
 
 	/**
 	 * Remove a specific timer from firing.
 	 */
-	void RemoveTimer(detail::Timer* t);
+	void RemoveTimer(zeek::detail::Timer* t);
 
 	/**
 	 * The handler method for inactivity timers.
@@ -248,26 +250,28 @@ protected:
 
 namespace detail {
 
-class SessionTimer final : public Timer {
+class SessionTimer final : public zeek::detail::Timer {
 public:
-	SessionTimer(Session* arg_conn, timer_func arg_timer,
+	SessionTimer(Session* arg_session, timer_func arg_timer,
-	                double arg_t, bool arg_do_expire, TimerType arg_type)
+	             double arg_t, bool arg_do_expire,
-		: Timer(arg_t, arg_type)
+	             zeek::detail::TimerType arg_type)
-		{ Init(arg_conn, arg_timer, arg_do_expire); }
+		: zeek::detail::Timer(arg_t, arg_type)
+		{ Init(arg_session, arg_timer, arg_do_expire); }
 	~SessionTimer() override;
 
 	void Dispatch(double t, bool is_expire) override;
 
 protected:
 
-	void Init(Session* conn, timer_func timer, bool do_expire);
+	void Init(Session* session, timer_func timer, bool do_expire);
 
-	Session* conn;
+	Session* session;
 	timer_func timer;
 	bool do_expire;
 };
 
 } // namespace detail
+} // namespace session
 } // namespace zeek
 
 #define ADD_TIMER(timer, t, do_expire, type) \

src/session/SessionKey.cc

@@ -1,8 +1,8 @@
-#include "zeek/SessionKey.h"
+#include "zeek/session/SessionKey.h"
 
 #include <cstring>
 
-namespace zeek::detail {
+namespace zeek::session::detail {
 
 SessionKey::SessionKey(const void* session, size_t size, bool copy) : size(size)
 	{
@@ -64,4 +64,4 @@ bool SessionKey::operator<(const SessionKey& rhs) const
 	return memcmp(data, rhs.data, size) < 0;
 	}
 
-} // namespace zeek::detail
+} // namespace zeek::session::detail

src/session/SessionKey.h

@@ -5,7 +5,7 @@
 #include <cstddef>
 #include <cstdint>
 
-namespace zeek::detail {
+namespace zeek::session::detail {
 
 /**
  * This type is used as the key for the map in SessionManager. It represents a
@@ -58,4 +58,4 @@ private:
 	bool copied = false;
 };
 
-} // namespace zeek::detail
+} // namespace zeek::session::detail

src/session/SessionManager.cc

@@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek/zeek-config.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -18,7 +18,7 @@
 #include "zeek/NetVar.h"
 #include "zeek/Reporter.h"
 #include "zeek/RuleMatcher.h"
-#include "zeek/Session.h"
+#include "zeek/session/Session.h"
 #include "zeek/TunnelEncapsulation.h"
 #include "zeek/telemetry/Manager.h"
 
@@ -31,10 +31,10 @@
 
 #include "zeek/analyzer/protocol/stepping-stone/events.bif.h"
 
-zeek::SessionManager* zeek::session_mgr = nullptr;
+zeek::session::SessionManager* zeek::session_mgr = nullptr;
-zeek::SessionManager*& zeek::sessions = zeek::session_mgr;
+zeek::session::SessionManager*& zeek::sessions = zeek::session_mgr;
 
-namespace zeek {
+namespace zeek::session {
 namespace detail {
 
 class ProtocolStats {
@@ -188,7 +188,7 @@ void SessionManager::ProcessTransportLayer(double t, const Packet* pkt, size_t r
 		return;
 	}
 
-	detail::ConnIDKey conn_key(id);
+	zeek::detail::ConnIDKey conn_key(id);
 	detail::SessionKey key(&conn_key, sizeof(conn_key), false);
 	Connection* conn = nullptr;
 
@@ -375,10 +375,10 @@ Connection* SessionManager::FindConnection(Val* v)
 	auto orig_portv = vl->GetFieldAs<PortVal>(orig_p);
 	auto resp_portv = vl->GetFieldAs<PortVal>(resp_p);
 
-	detail::ConnIDKey conn_key(orig_addr, resp_addr,
+	zeek::detail::ConnIDKey conn_key(orig_addr, resp_addr,
-	                           htons((unsigned short) orig_portv->Port()),
+	                                 htons((unsigned short) orig_portv->Port()),
-	                           htons((unsigned short) resp_portv->Port()),
+	                                 htons((unsigned short) resp_portv->Port()),
-	                           orig_portv->PortType(), false);
+	                                 orig_portv->PortType(), false);
 
 	detail::SessionKey key(&conn_key, sizeof(conn_key), false);
 
@@ -457,7 +457,7 @@ void SessionManager::Clear()
 
 	session_map.clear();
 
-	detail::fragment_mgr->Clear();
+	zeek::detail::fragment_mgr->Clear();
 	}
 
 void SessionManager::GetStats(SessionStats& s)
@@ -477,12 +477,12 @@ void SessionManager::GetStats(SessionStats& s)
 	s.num_ICMP_conns = icmp_stats->active.Value();
 	s.cumulative_ICMP_conns = icmp_stats->total.Value();
 
-	s.num_fragments = detail::fragment_mgr->Size();
+	s.num_fragments = zeek::detail::fragment_mgr->Size();
-	s.max_fragments = detail::fragment_mgr->MaxFragments();
+	s.max_fragments = zeek::detail::fragment_mgr->MaxFragments();
 	s.num_packets = packet_mgr->PacketsProcessed();
 	}
 
-Connection* SessionManager::NewConn(const detail::ConnIDKey& k, double t, const ConnID* id,
+Connection* SessionManager::NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
                                     const u_char* data, int proto, uint32_t flow_label,
                                     const Packet* pkt)
 	{
@@ -679,7 +679,7 @@ unsigned int SessionManager::MemoryAllocation()
 	return SessionMemoryUsage()
 		+ padded_sizeof(*this)
 		+ (session_map.size() * (sizeof(SessionMap::key_type) + sizeof(SessionMap::value_type)))
-		+ detail::fragment_mgr->MemoryAllocation();
+		+ zeek::detail::fragment_mgr->MemoryAllocation();
 		// FIXME: MemoryAllocation() not implemented for rest.
 		;
 	}
@@ -702,9 +702,9 @@ void SessionManager::InsertSession(detail::SessionKey key, Session* session)
 		}
 	}
 
-detail::PacketFilter* SessionManager::GetPacketFilter(bool init)
+zeek::detail::PacketFilter* SessionManager::GetPacketFilter(bool init)
 	{
 	return packet_mgr->GetPacketFilter(init);
 	}
 
-} // namespace zeek
+} // namespace zeek::session

src/session/SessionManager.h

@@ -11,16 +11,11 @@
 #include "zeek/analyzer/protocol/tcp/Stats.h"
 #include "zeek/telemetry/Manager.h"
 #include "zeek/Hash.h"
-#include "zeek/Session.h"
+#include "zeek/session/Session.h"
 
 namespace zeek {
 
-namespace detail {
+namespace detail { class PacketFilter; }
-
-class PacketFilter;
-class ProtocolStats;
-
-} // namespace detail
 
 class EncapsulationStack;
 class Packet;
@@ -28,6 +23,10 @@ class Connection;
 struct ConnID;
 class StatBlocks;
 
+namespace session {
+
+namespace detail { class ProtocolStats; }
+
 struct SessionStats {
 	size_t num_TCP_conns;
 	size_t max_TCP_conns;
@@ -65,7 +64,7 @@ public:
 	 * @param proto The transport protocol for the connection.
 	 * @return The connection, or nullptr if one doesn't exist.
 	 */
-	Connection* FindConnection(const detail::ConnIDKey& key, TransportProto proto);
+	Connection* FindConnection(const zeek::detail::ConnIDKey& key, TransportProto proto);
 
 	void Remove(Session* s);
 	void Insert(Session* c);
@@ -85,7 +84,7 @@ public:
 	           const char* addl = "");
 
 	[[deprecated("Remove in v5.1. Use packet_mgr->GetPacketFilter().")]]
-	detail::PacketFilter* GetPacketFilter(bool init=true);
+	zeek::detail::PacketFilter* GetPacketFilter(bool init=true);
 
 	unsigned int CurrentSessions()
 		{
@@ -149,7 +148,7 @@ private:
 
 	using SessionMap = std::map<detail::SessionKey, Session*>;
 
-	Connection* NewConn(const detail::ConnIDKey& k, double t, const ConnID* id,
+	Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
 	                    const u_char* data, int proto, uint32_t flow_label,
 	                    const Packet* pkt);
 
@@ -186,10 +185,12 @@ private:
 	detail::ProtocolStats* stats;
 };
 
-// Manager for the currently active sessions.
+} // namespace session
-extern SessionManager* session_mgr;
-extern SessionManager*& sessions [[deprecated("Remove in v5.1. Use zeek::session_mgr.")]];
 
-using NetSessions [[deprecated("Remove in v5.1. Use zeek::SessionManager.")]] = SessionManager;
+// Manager for the currently active sessions.
+extern session::SessionManager* session_mgr;
+
+extern session::SessionManager*& sessions [[deprecated("Remove in v5.1. Use zeek::sessions::session_mgr.")]];
+using NetSessions [[deprecated("Remove in v5.1. Use zeek::session::SessionManager.")]] = session::SessionManager;
 
 } // namespace zeek

src/stats.bif

@@ -90,7 +90,7 @@ function get_conn_stats%(%): ConnStats
 	r->Assign(n++, Connection::CurrentConnections());
 	r->Assign(n++, session_mgr->CurrentSessions());
 
-	SessionStats s;
+	session::SessionStats s;
 	if ( session_mgr )
 		session_mgr->GetStats(s);
 

testing/btest/plugins/packet-protocol-plugin/src/LLCDemo.cc

@@ -1,7 +1,7 @@
 #include "LLCDemo.h"
 #include "zeek/Event.h"
 #include "zeek/Val.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 #include "events.bif.h"
 
 using namespace zeek::packet_analysis::PacketDemo;

testing/btest/plugins/packet-protocol-plugin/src/RawLayer.cc

@@ -1,7 +1,7 @@
 #include "RawLayer.h"
 #include "zeek/Event.h"
 #include "zeek/Val.h"
-#include "zeek/SessionManager.h"
+#include "zeek/session/SessionManager.h"
 
 #include "events.bif.h"