Deprecate BuildConnVal() methods and update usages to ConnVal()

The later being a new method that returns IntrusivePtr

NEWS

@@ -107,6 +107,10 @@ Deprecated Functionality
 - All ``val_mgr`` methods starting with "Get" are deprecated, use the new
   ``val_mgr`` methods that return ``IntrusivePtr``.
 
+- ``Connection::BuildConnVal()`` is deprecated, use ``Connection::ConnVal()``.
+
+- ``Analyzer::BuildConnVal()`` is deprecated, use ``Analyzer::ConnVal()``.
+
 Zeek 3.1.0
 ==========
 

src/Conn.cc

@@ -90,7 +90,6 @@ Connection::Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnI
 	vlan = pkt->vlan;
 	inner_vlan = pkt->inner_vlan;
 
-	conn_val = nullptr;
 	login_conn = nullptr;
 
 	is_active = 1;
@@ -131,10 +130,7 @@ Connection::~Connection()
 	CancelTimers();
 
 	if ( conn_val )
-		{
 		conn_val->SetOrigin(nullptr);
-		Unref(conn_val);
-		}
 
 	delete root_analyzer;
 	delete encapsulation;
@@ -203,7 +199,7 @@ void Connection::NextPacket(double t, bool is_orig,
 			is_successful = true;
 
 		if ( ! was_successful && is_successful && connection_successful )
-			EnqueueEvent(connection_successful, nullptr, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+			EnqueueEvent(connection_successful, nullptr, ConnVal());
 		}
 	else
 		last_time = t;
@@ -260,7 +256,7 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig,
 		return;
 
 	EnqueueEvent(e, nullptr,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		val_mgr->Bool(is_orig),
 		val_mgr->Count(threshold)
 	);
@@ -323,17 +319,22 @@ void Connection::EnableStatusUpdateTimer()
 
 void Connection::StatusUpdateTimer(double t)
 	{
-	EnqueueEvent(connection_status_update, nullptr, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+	EnqueueEvent(connection_status_update, nullptr, ConnVal());
 	ADD_TIMER(&Connection::StatusUpdateTimer,
 			network_time + connection_status_update_interval, 0,
 			TIMER_CONN_STATUS_UPDATE);
 	}
 
 RecordVal* Connection::BuildConnVal()
+	{
+	return ConnVal()->Ref()->AsRecordVal();
+	}
+
+const IntrusivePtr<RecordVal>& Connection::ConnVal()
 	{
 	if ( ! conn_val )
 		{
-		conn_val = new RecordVal(connection_type);
+		conn_val = make_intrusive<RecordVal>(connection_type);
 
 		TransportProto prot_type = ConnTransport();
 
@@ -386,7 +387,7 @@ RecordVal* Connection::BuildConnVal()
 		}
 
 	if ( root_analyzer )
-		root_analyzer->UpdateConnVal(conn_val);
+		root_analyzer->UpdateConnVal(conn_val.get());
 
 	conn_val->Assign(3, make_intrusive<Val>(start_time, TYPE_TIME));	// ###
 	conn_val->Assign(4, make_intrusive<Val>(last_time - start_time, TYPE_INTERVAL));
@@ -395,8 +396,6 @@ RecordVal* Connection::BuildConnVal()
 
 	conn_val->SetOrigin(this);
 
-	Ref(conn_val);
-
 	return conn_val;
 	}
 
@@ -417,12 +416,12 @@ analyzer::Analyzer* Connection::FindAnalyzer(const char* name)
 
 void Connection::AppendAddl(const char* str)
 	{
-	Unref(BuildConnVal());
+	const auto& cv = ConnVal();
 
-	const char* old = conn_val->Lookup(6)->AsString()->CheckString();
+	const char* old = cv->Lookup(6)->AsString()->CheckString();
 	const char* format = *old ? "%s %s" : "%s%s";
 
-	conn_val->Assign(6, make_intrusive<StringVal>(fmt(format, old, str)));
+	cv->Assign(6, make_intrusive<StringVal>(fmt(format, old, str)));
 	}
 
 // Returns true if the character at s separates a version number.
@@ -446,7 +445,7 @@ void Connection::Match(Rule::PatternType type, const u_char* data, int len, bool
 
 void Connection::RemovalEvent()
 	{
-	auto cv = IntrusivePtr{AdoptRef{}, BuildConnVal()};
+	auto cv = ConnVal();
 
 	if ( connection_state_remove )
 		EnqueueEvent(connection_state_remove, nullptr, cv);
@@ -461,9 +460,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch
 		return;
 
 	if ( name )
-		EnqueueEvent(f, analyzer, make_intrusive<StringVal>(name), IntrusivePtr{AdoptRef{}, BuildConnVal()});
+		EnqueueEvent(f, analyzer, make_intrusive<StringVal>(name), ConnVal());
 	else
-		EnqueueEvent(f, analyzer, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+		EnqueueEvent(f, analyzer, ConnVal());
 	}
 
 void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2)
@@ -477,12 +476,12 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1,
 
 	if ( v2 )
 		EnqueueEvent(f, analyzer,
-		             IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		             ConnVal(),
 		             IntrusivePtr{AdoptRef{}, v1},
 		             IntrusivePtr{AdoptRef{}, v2});
 	else
 		EnqueueEvent(f, analyzer,
-		             IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		             ConnVal(),
 		             IntrusivePtr{AdoptRef{}, v1});
 	}
 
@@ -590,7 +589,6 @@ void Connection::FlipRoles()
 	resp_flow_label = orig_flow_label;
 	orig_flow_label = tmp_flow;
 
-	Unref(conn_val);
 	conn_val = nullptr;
 
 	if ( root_analyzer )
@@ -697,7 +695,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
 		     (is_orig ? saw_first_orig_packet : saw_first_resp_packet) )
 			{
 			EnqueueEvent(connection_flow_label_changed, nullptr,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(is_orig),
 				val_mgr->Count(my_flow_label),
 				val_mgr->Count(flow_label)

src/Conn.h

@@ -163,7 +163,14 @@ public:
 	// Activate connection_status_update timer.
 	void EnableStatusUpdateTimer();
 
+	[[deprecated("Remove in v4.1.  Use ConnVal() instead.")]]
 	RecordVal* BuildConnVal();
+
+	/**
+	 * Returns the associated "connection" record.
+	 */
+	const IntrusivePtr<RecordVal>& ConnVal();
+
 	void AppendAddl(const char* str);
 
 	LoginConn* AsLoginConn()		{ return login_conn; }
@@ -316,8 +323,6 @@ public:
 
 protected:
 
-	Connection()	{ }
-
 	// Add the given timer to expire at time t.  If do_expire
 	// is true, then the timer is also evaluated when Bro terminates,
 	// otherwise not.
@@ -349,7 +354,7 @@ protected:
 	u_char resp_l2_addr[Packet::l2_addr_len];	// Link-layer responder address, if available
 	double start_time, last_time;
 	double inactivity_timeout;
-	RecordVal* conn_val;
+	IntrusivePtr<RecordVal> conn_val;
 	LoginConn* login_conn;	// either nil, or this
 	const EncapsulationStack* encapsulation; // tunnels
 	int suppress_event;	// suppress certain events to once per conn.

src/Reporter.cc

@@ -355,7 +355,7 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl)
 			return;
 		}
 
-	WeirdHelper(conn_weird, {conn->BuildConnVal(), new StringVal(addl)},
+	WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl)},
 	            "%s", name);
 	}
 
@@ -492,7 +492,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out,
 			vl.emplace_back(make_intrusive<StringVal>(loc_str.c_str()));
 
 		if ( conn )
-			vl.emplace_back(AdoptRef{}, conn->BuildConnVal());
+			vl.emplace_back(conn->ConnVal());
 
 		if ( addl )
 			for ( auto v : *addl )

src/RuleMatcher.cc

@@ -81,7 +81,7 @@ Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
 	{
 	RecordVal* val = new RecordVal(signature_state);
 	val->Assign(0, make_intrusive<StringVal>(rule->ID()));
-	val->Assign(1, state->GetAnalyzer()->BuildConnVal());
+	val->Assign(1, state->GetAnalyzer()->ConnVal());
 	val->Assign(2, val_mgr->Bool(state->is_orig));
 	val->Assign(3, val_mgr->Count(state->payload_size));
 	return val;

src/analyzer/Analyzer.cc

@@ -690,7 +690,7 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag)
 	EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal();
 
 	mgr.Enqueue(protocol_confirmation,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{NewRef{}, tval},
 		val_mgr->Count(id)
 	);
@@ -717,7 +717,7 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
 	EnumVal* tval = tag.AsEnumVal();
 
 	mgr.Enqueue(protocol_violation,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{NewRef{}, tval},
 		val_mgr->Count(id),
 		IntrusivePtr{AdoptRef{}, r}
@@ -788,7 +788,12 @@ void Analyzer::UpdateConnVal(RecordVal *conn_val)
 
 RecordVal* Analyzer::BuildConnVal()
 	{
-	return conn->BuildConnVal();
+	return conn->ConnVal()->Ref()->AsRecordVal();
+	}
+
+const IntrusivePtr<RecordVal>& Analyzer::ConnVal()
+	{
+	return conn->ConnVal();
 	}
 
 void Analyzer::Event(EventHandlerPtr f, const char* name)

src/analyzer/Analyzer.h

@@ -549,8 +549,15 @@ public:
 	 * Convenience function that forwards directly to
 	 * Connection::BuildConnVal().
 	 */
+	[[deprecated("Remove in v4.1.  Use ConnVal() instead.")]]
 	RecordVal* BuildConnVal();
 
+	/**
+	 * Convenience function that forwards directly to
+	 * Connection::ConnVal().
+	 */
+	const IntrusivePtr<RecordVal>& ConnVal();
+
 	/**
 	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Event().

src/analyzer/protocol/bittorrent/BitTorrent.cc

@@ -120,7 +120,7 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
 	{
 	if ( bittorrent_peer_weird )
 		EnqueueConnEvent(bittorrent_peer_weird,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(msg)
 		);

src/analyzer/protocol/bittorrent/BitTorrentTracker.cc

@@ -247,7 +247,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig)
 	{
 	if ( bt_tracker_weird )
 		EnqueueConnEvent(bt_tracker_weird,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(msg)
 		);
@@ -348,7 +348,7 @@ void BitTorrentTracker_Analyzer::EmitRequest(void)
 
 	if ( bt_tracker_request )
 		EnqueueConnEvent(bt_tracker_request,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{AdoptRef{}, req_val_uri},
 			IntrusivePtr{AdoptRef{}, req_val_headers}
 		);
@@ -402,7 +402,7 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line)
 				{
 				if ( bt_tracker_response_not_ok )
 					EnqueueConnEvent(bt_tracker_response_not_ok,
-						IntrusivePtr{AdoptRef{}, BuildConnVal()},
+						ConnVal(),
 						val_mgr->Count(res_status),
 						IntrusivePtr{AdoptRef{}, res_val_headers}
 					);
@@ -789,7 +789,7 @@ void BitTorrentTracker_Analyzer::EmitResponse(void)
 
 	if ( bt_tracker_response )
 		EnqueueConnEvent(bt_tracker_response,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Count(res_status),
 			IntrusivePtr{AdoptRef{}, res_val_headers},
 			IntrusivePtr{AdoptRef{}, res_val_peers},

src/analyzer/protocol/conn-size/ConnSize.cc

@@ -51,7 +51,7 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64_t threshold, bo
 		return;
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		val_mgr->Count(threshold),
 		val_mgr->Bool(is_orig)
 	);
@@ -93,7 +93,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig)
 		if ( ( network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed )
 			{
 			EnqueueConnEvent(conn_duration_threshold_crossed,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					make_intrusive<Val>(duration_thresh, TYPE_INTERVAL),
 					val_mgr->Bool(is_orig)
 			);

src/analyzer/protocol/dns/DNS.cc

@@ -49,7 +49,7 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 
 	if ( dns_message )
 		analyzer->EnqueueConnEvent(dns_message,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_query),
 			IntrusivePtr{AdoptRef{}, msg.BuildHdrVal()},
 			val_mgr->Count(len)
@@ -134,7 +134,7 @@ void DNS_Interpreter::EndMessage(DNS_MsgInfo* msg)
 	{
 	if ( dns_end )
 		analyzer->EnqueueConnEvent(dns_end,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}
 		);
 	}
@@ -337,7 +337,7 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
 
 			if ( dns_unknown_reply && ! msg->skip_event )
 				analyzer->EnqueueConnEvent(dns_unknown_reply,
-					IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+					analyzer->ConnVal(),
 					IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 					IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}
 				);
@@ -550,7 +550,7 @@ bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg,
 
 	if ( reply_event && ! msg->skip_event )
 		analyzer->EnqueueConnEvent(reply_event,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			make_intrusive<StringVal>(new BroString(name, name_end - name, true))
@@ -603,7 +603,7 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
 		r->Assign(6, make_intrusive<IntervalVal>(double(minimum), Seconds));
 
 		analyzer->EnqueueConnEvent(dns_SOA_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			std::move(r)
@@ -633,7 +633,7 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg,
 
 	if ( dns_MX_reply && ! msg->skip_event )
 		analyzer->EnqueueConnEvent(dns_MX_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
@@ -674,7 +674,7 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
 
 	if ( dns_SRV_reply && ! msg->skip_event )
 		analyzer->EnqueueConnEvent(dns_SRV_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
@@ -695,7 +695,7 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
 
 	if ( dns_EDNS_addl && ! msg->skip_event )
 		analyzer->EnqueueConnEvent(dns_EDNS_addl,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildEDNS_Val()}
 		);
@@ -772,7 +772,7 @@ bool DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
 		tsig.rr_error = rr_error;
 
 		analyzer->EnqueueConnEvent(dns_TSIG_addl,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildTSIG_Val(&tsig)}
 		);
@@ -873,7 +873,7 @@ bool DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg,
 		rrsig.signature = sign;
 
 		analyzer->EnqueueConnEvent(dns_RRSIG,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildRRSIG_Val(&rrsig)}
@@ -968,7 +968,7 @@ bool DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
 		dnskey.public_key = key;
 
 		analyzer->EnqueueConnEvent(dns_DNSKEY,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildDNSKEY_Val(&dnskey)}
@@ -1020,7 +1020,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
 
 	if ( dns_NSEC )
 		analyzer->EnqueueConnEvent(dns_NSEC,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
@@ -1106,7 +1106,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
 		nsec3.bitmaps = char_strings;
 
 		analyzer->EnqueueConnEvent(dns_NSEC3,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildNSEC3_Val(&nsec3)}
@@ -1166,7 +1166,7 @@ bool DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg,
 		ds.digest_val = ds_digest;
 
 		analyzer->EnqueueConnEvent(dns_DS,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildDS_Val(&ds)}
@@ -1189,7 +1189,7 @@ bool DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg,
 
 	if ( dns_A_reply && ! msg->skip_event )
 		analyzer->EnqueueConnEvent(dns_A_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			make_intrusive<AddrVal>(htonl(addr))
@@ -1225,7 +1225,7 @@ bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg,
 
 	if ( event && ! msg->skip_event )
 		analyzer->EnqueueConnEvent(event,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			make_intrusive<AddrVal>(addr)
@@ -1299,7 +1299,7 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg,
 
 	if ( dns_TXT_reply )
 		analyzer->EnqueueConnEvent(dns_TXT_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			std::move(char_strings)
@@ -1327,7 +1327,7 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg,
 
 	if ( dns_SPF_reply )
 		analyzer->EnqueueConnEvent(dns_SPF_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			std::move(char_strings)
@@ -1368,7 +1368,7 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
 
 	if ( dns_CAA_reply )
 		analyzer->EnqueueConnEvent(dns_CAA_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 			IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
 			val_mgr->Count(flags),
@@ -1396,7 +1396,7 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
 	assert(event);
 
 	analyzer->EnqueueConnEvent(event,
-		IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+		analyzer->ConnVal(),
 		IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
 		make_intrusive<StringVal>(question_name),
 		val_mgr->Count(qtype),

src/analyzer/protocol/file/File.cc

@@ -80,7 +80,7 @@ void File_Analyzer::Identify()
 
 	if ( file_transferred )
 		EnqueueConnEvent(file_transferred,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(buffer_len, buffer),
 			make_intrusive<StringVal>("<unknown>"),
 			make_intrusive<StringVal>(match)

src/analyzer/protocol/finger/Finger.cc

@@ -68,7 +68,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
 
 		if ( finger_request )
 			EnqueueConnEvent(finger_request,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(long_cnt),
 				make_intrusive<StringVal>(at - line, line),
 				make_intrusive<StringVal>(end_of_line - host, host)
@@ -86,7 +86,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
 			return;
 
 		EnqueueConnEvent(finger_reply,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(end_of_line - line, line)
 		);
 		}

src/analyzer/protocol/ftp/FTP.cc

@@ -97,7 +97,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
 			cmd_str = (new StringVal(cmd_len, cmd))->ToUpper();
 
 		vl = {
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{AdoptRef{}, cmd_str},
 			make_intrusive<StringVal>(end_of_line - line, line),
 		};
@@ -176,7 +176,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
 			}
 
 		vl = {
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Count(reply_code),
 			make_intrusive<StringVal>(end_of_line - line, line),
 			val_mgr->Bool(cont_resp)

src/analyzer/protocol/gnutella/Gnutella.cc

@@ -59,9 +59,9 @@ void Gnutella_Analyzer::Done()
 	if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) )
 		{
 		if ( Established() && gnutella_establish )
-			EnqueueConnEvent(gnutella_establish, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+			EnqueueConnEvent(gnutella_establish, ConnVal());
 		else if ( ! Established () && gnutella_not_establish )
-			EnqueueConnEvent(gnutella_not_establish, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+			EnqueueConnEvent(gnutella_not_establish, ConnVal());
 		}
 
 	if ( gnutella_partial_binary_msg )
@@ -72,7 +72,7 @@ void Gnutella_Analyzer::Done()
 			{
 			if ( ! p->msg_sent && p->msg_pos )
 				EnqueueConnEvent(gnutella_partial_binary_msg,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					make_intrusive<StringVal>(p->msg),
 					val_mgr->Bool((i == 0)),
 					val_mgr->Count(p->msg_pos)
@@ -118,7 +118,7 @@ bool Gnutella_Analyzer::IsHTTP(std::string header)
 		return false;
 
 	if ( gnutella_http_notify )
-		EnqueueConnEvent(gnutella_http_notify, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+		EnqueueConnEvent(gnutella_http_notify, ConnVal());
 
 	analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn());
 
@@ -177,7 +177,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig)
 			{
 			if ( gnutella_text_msg )
 				EnqueueConnEvent(gnutella_text_msg,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					make_intrusive<StringVal>(ms->headers.data())
 				);
@@ -189,7 +189,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig)
 				{
 				sent_establish = 1;
 
-				EnqueueConnEvent(gnutella_establish, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+				EnqueueConnEvent(gnutella_establish, ConnVal());
 				}
 			}
 		}
@@ -215,7 +215,7 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig)
 
 	if ( gnutella_binary_msg )
 		EnqueueConnEvent(gnutella_binary_msg,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(is_orig),
 			val_mgr->Count(p->msg_type),
 			val_mgr->Count(p->msg_ttl),

src/analyzer/protocol/http/HTTP.cc

@@ -650,7 +650,7 @@ void HTTP_Message::Done(bool interrupted, const char* detail)
 
 	if ( http_message_done )
 		GetAnalyzer()->EnqueueConnEvent(http_message_done,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_orig),
 			IntrusivePtr{AdoptRef{}, BuildMessageStat(interrupted, detail)}
 		);
@@ -681,7 +681,7 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity)
 
 	if ( http_begin_entity )
 		analyzer->EnqueueConnEvent(http_begin_entity,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_orig)
 		);
 	}
@@ -696,7 +696,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity)
 
 	if ( http_end_entity )
 		analyzer->EnqueueConnEvent(http_end_entity,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_orig)
 		);
 
@@ -735,7 +735,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist)
 	{
 	if ( http_all_headers )
 		analyzer->EnqueueConnEvent(http_all_headers,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_orig),
 			IntrusivePtr{AdoptRef{}, BuildHeaderTable(hlist)}
 		);
@@ -746,7 +746,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist)
 		StringVal* subty = current_entity->ContentSubType();
 
 		analyzer->EnqueueConnEvent(http_content_type,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_orig),
 			IntrusivePtr{NewRef{}, ty},
 			IntrusivePtr{NewRef{}, subty}
@@ -1178,7 +1178,7 @@ void HTTP_Analyzer::GenStats()
 		r->Assign(3, make_intrusive<Val>(reply_version.ToDouble(), TYPE_DOUBLE));
 
 		// DEBUG_MSG("%.6f http_stats\n", network_time);
-		EnqueueConnEvent(http_stats, IntrusivePtr{AdoptRef{}, BuildConnVal()}, std::move(r));
+		EnqueueConnEvent(http_stats, ConnVal(), std::move(r));
 		}
 	}
 
@@ -1378,7 +1378,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail)
 	if ( http_event )
 		// DEBUG_MSG("%.6f http_event\n", network_time);
 		EnqueueConnEvent(http_event,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(category),
 			IntrusivePtr{AdoptRef{}, detail}
 		);
@@ -1417,7 +1417,7 @@ void HTTP_Analyzer::HTTP_Request()
 	if ( http_request )
 		// DEBUG_MSG("%.6f http_request\n", network_time);
 		EnqueueConnEvent(http_request,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{NewRef{}, request_method},
 			IntrusivePtr{AdoptRef{}, TruncateURI(request_URI->AsStringVal())},
 			IntrusivePtr{AdoptRef{}, TruncateURI(unescaped_URI->AsStringVal())},
@@ -1429,7 +1429,7 @@ void HTTP_Analyzer::HTTP_Reply()
 	{
 	if ( http_reply )
 		EnqueueConnEvent(http_reply,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(fmt("%.1f", reply_version.ToDouble())),
 			val_mgr->Count(reply_code),
 			reply_reason_phrase ?
@@ -1506,7 +1506,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg)
 
 		if ( http_connection_upgrade )
 			EnqueueConnEvent(http_connection_upgrade,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				make_intrusive<StringVal>(upgrade_protocol)
 			);
 		}
@@ -1670,7 +1670,7 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, mime::MIME_Header* h)
 			DEBUG_MSG("%.6f http_header\n", network_time);
 
 		EnqueueConnEvent(http_header,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(is_orig),
 			IntrusivePtr{AdoptRef{}, mime::new_string_val(h->get_name())->ToUpper()},
 			IntrusivePtr{AdoptRef{}, mime::new_string_val(h->get_value())}
@@ -1682,7 +1682,7 @@ void HTTP_Analyzer::HTTP_EntityData(bool is_orig, BroString* entity_data)
 	{
 	if ( http_entity_data )
 		EnqueueConnEvent(http_entity_data,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(is_orig),
 			val_mgr->Count(entity_data->Len()),
 			make_intrusive<StringVal>(entity_data)

src/analyzer/protocol/icmp/ICMP.cc

@@ -203,7 +203,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
     {
 	if ( icmp_sent )
 		EnqueueConnEvent(icmp_sent,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, icmpv6, ip_hdr)}
 		);
 
@@ -212,7 +212,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
 		BroString* payload = new BroString(data, std::min(len, caplen), false);
 
 		EnqueueConnEvent(icmp_sent_payload,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, icmpv6, ip_hdr)},
 			make_intrusive<StringVal>(payload)
 		);
@@ -515,7 +515,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
 	BroString* payload = new BroString(data, caplen, false);
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)},
 		val_mgr->Count(iid),
 		val_mgr->Count(iseq),
@@ -543,7 +543,7 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
 	int opt_offset = sizeof(reachable) + sizeof(retrans);
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
 		val_mgr->Count(icmpp->icmp_num_addrs), // Cur Hop Limit
 		val_mgr->Bool(icmpp->icmp_wpa & 0x80), // Managed
@@ -576,7 +576,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
 	int opt_offset = sizeof(in6_addr);
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
 		val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router
 		val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited
@@ -603,7 +603,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len,
 	int opt_offset = sizeof(in6_addr);
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
 		make_intrusive<AddrVal>(tgtaddr),
 		IntrusivePtr{AdoptRef{}, BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)}
@@ -630,7 +630,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len,
 	int opt_offset = 2 * sizeof(in6_addr);
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
 		make_intrusive<AddrVal>(tgtaddr),
 		make_intrusive<AddrVal>(dstaddr),
@@ -648,7 +648,7 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len,
 		return;
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
 		IntrusivePtr{AdoptRef{}, BuildNDOptionsVal(caplen, data)}
 	);
@@ -673,7 +673,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp,
 
 	if ( f )
 		EnqueueConnEvent(f,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 0, ip_hdr)},
 			val_mgr->Count(icmpp->icmp_code),
 			IntrusivePtr{AdoptRef{}, ExtractICMP4Context(caplen, data)}
@@ -711,7 +711,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
 
 	if ( f )
 		EnqueueConnEvent(f,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
 			val_mgr->Count(icmpp->icmp_code),
 			IntrusivePtr{AdoptRef{}, ExtractICMP6Context(caplen, data)}

src/analyzer/protocol/ident/Ident.cc

@@ -85,7 +85,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
 			}
 
 		EnqueueConnEvent(ident_request,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Port(local_port, TRANSPORT_TCP),
 			val_mgr->Port(remote_port, TRANSPORT_TCP)
 		);
@@ -146,7 +146,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
 			{
 			if ( ident_error )
 				EnqueueConnEvent(ident_error,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Port(local_port, TRANSPORT_TCP),
 					val_mgr->Port(remote_port, TRANSPORT_TCP),
 					make_intrusive<StringVal>(end_of_line - line, line)
@@ -179,7 +179,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
 			line = skip_whitespace(colon + 1, end_of_line);
 
 			EnqueueConnEvent(ident_reply,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Port(local_port, TRANSPORT_TCP),
 				val_mgr->Port(remote_port, TRANSPORT_TCP),
 				make_intrusive<StringVal>(end_of_line - line, line),

src/analyzer/protocol/irc/IRC.cc

@@ -235,7 +235,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				}
 
 			EnqueueConnEvent(irc_network_info,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				val_mgr->Int(users),
 				val_mgr->Int(services),
@@ -282,7 +282,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				}
 
 			EnqueueConnEvent(irc_names_info,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(type.c_str()),
 				make_intrusive<StringVal>(channel.c_str()),
@@ -316,7 +316,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				}
 
 			EnqueueConnEvent(irc_server_info,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				val_mgr->Int(users),
 				val_mgr->Int(services),
@@ -338,7 +338,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 					channels = atoi(parts[i - 1].c_str());
 
 			EnqueueConnEvent(irc_channel_info,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				val_mgr->Int(channels)
 			);
@@ -370,7 +370,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				}
 
 			EnqueueConnEvent(irc_global_users,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(eop - prefix, prefix),
 				make_intrusive<StringVal>(++msg)
@@ -396,7 +396,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 
 			zeek::Args vl;
 			vl.reserve(6);
-			vl.emplace_back(AdoptRef{}, BuildConnVal());
+			vl.emplace_back(ConnVal());
 			vl.emplace_back(val_mgr->Bool(orig));
 			vl.emplace_back(make_intrusive<StringVal>(parts[0].c_str()));
 			vl.emplace_back(make_intrusive<StringVal>(parts[1].c_str()));
@@ -435,7 +435,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				}
 
 			EnqueueConnEvent(irc_whois_operator_line,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(parts[0].c_str())
 			);
@@ -473,7 +473,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				}
 
 			EnqueueConnEvent(irc_whois_channel_line,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(nick.c_str()),
 				std::move(set)
@@ -504,7 +504,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 					++t;
 
 				EnqueueConnEvent(irc_channel_topic,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					make_intrusive<StringVal>(parts[1].c_str()),
 					make_intrusive<StringVal>(t)
@@ -538,7 +538,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				parts[7] = parts[7].substr(1);
 
 			EnqueueConnEvent(irc_who_line,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(parts[0].c_str()),
 				make_intrusive<StringVal>(parts[1].c_str()),
@@ -560,7 +560,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		case 436:
 			if ( irc_invalid_nick )
 				EnqueueConnEvent(irc_invalid_nick,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig)
 				);
 			break;
@@ -570,7 +570,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		case 491:  // user is not operator
 			if ( irc_oper_response )
 				EnqueueConnEvent(irc_oper_response,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					val_mgr->Bool(code == 381)
 				);
@@ -585,7 +585,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		default:
 			if ( irc_reply )
 				EnqueueConnEvent(irc_reply,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					make_intrusive<StringVal>(prefix.c_str()),
 					val_mgr->Count(code),
@@ -656,7 +656,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 
 			if ( irc_dcc_message )
 				EnqueueConnEvent(irc_dcc_message,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					make_intrusive<StringVal>(prefix.c_str()),
 					make_intrusive<StringVal>(target.c_str()),
@@ -672,7 +672,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			{
 			if ( irc_privmsg_message )
 				EnqueueConnEvent(irc_privmsg_message,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					make_intrusive<StringVal>(prefix.c_str()),
 					make_intrusive<StringVal>(target.c_str()),
@@ -697,7 +697,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			message = message.substr(1);
 
 		EnqueueConnEvent(irc_notice_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(prefix.c_str()),
 			make_intrusive<StringVal>(target.c_str()),
@@ -721,7 +721,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			message = message.substr(1);
 
 		EnqueueConnEvent(irc_squery_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(prefix.c_str()),
 			make_intrusive<StringVal>(target.c_str()),
@@ -735,7 +735,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		vector<string> parts = SplitWords(params, ' ');
 		zeek::Args vl;
 		vl.reserve(6);
-		vl.emplace_back(AdoptRef{}, BuildConnVal());
+		vl.emplace_back(ConnVal());
 		vl.emplace_back(val_mgr->Bool(orig));
 
 		if ( parts.size() > 0 )
@@ -770,7 +770,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		vector<string> parts = SplitWords(params, ' ');
 		if ( parts.size() == 2 )
 			EnqueueConnEvent(irc_oper_message,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(parts[0].c_str()),
 				make_intrusive<StringVal>(parts[1].c_str())
@@ -792,7 +792,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 
 		zeek::Args vl;
 		vl.reserve(6);
-		vl.emplace_back(AdoptRef{}, BuildConnVal());
+		vl.emplace_back(ConnVal());
 		vl.emplace_back(val_mgr->Bool(orig));
 		vl.emplace_back(make_intrusive<StringVal>(prefix.c_str()));
 		vl.emplace_back(make_intrusive<StringVal>(parts[0].c_str()));
@@ -861,7 +861,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			}
 
 		EnqueueConnEvent(irc_join_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			std::move(list)
 		);
@@ -921,7 +921,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			}
 
 		EnqueueConnEvent(irc_join_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			std::move(list)
 		);
@@ -960,7 +960,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			}
 
 		EnqueueConnEvent(irc_part_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(nick.c_str()),
 			std::move(set),
@@ -983,7 +983,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			}
 
 		EnqueueConnEvent(irc_quit_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(nickname.c_str()),
 			make_intrusive<StringVal>(message.c_str())
@@ -997,7 +997,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			nick = nick.substr(1);
 
 		EnqueueConnEvent(irc_nick_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(prefix.c_str()),
 			make_intrusive<StringVal>(nick.c_str())
@@ -1022,7 +1022,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			parts[0] = parts[0].substr(1);
 
 		EnqueueConnEvent(irc_who_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			parts.size() > 0 ?
 				make_intrusive<StringVal>(parts[0].c_str()) :
@@ -1052,7 +1052,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			users = parts[0];
 
 		EnqueueConnEvent(irc_whois_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(server.c_str()),
 			make_intrusive<StringVal>(users.c_str())
@@ -1065,7 +1065,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			params = params.substr(1);
 
 		EnqueueConnEvent(irc_error_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(prefix.c_str()),
 			make_intrusive<StringVal>(params.c_str())
@@ -1081,7 +1081,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				parts[1] = parts[1].substr(1);
 
 			EnqueueConnEvent(irc_invite_message,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(prefix.c_str()),
 				make_intrusive<StringVal>(parts[0].c_str()),
@@ -1096,7 +1096,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		{
 		if ( params.size() > 0 )
 			EnqueueConnEvent(irc_mode_message,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(prefix.c_str()),
 				make_intrusive<StringVal>(params.c_str())
@@ -1109,7 +1109,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 	else if ( irc_password_message && command == "PASS" )
 		{
 		EnqueueConnEvent(irc_password_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(params.c_str())
 		);
@@ -1131,7 +1131,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			}
 
 		EnqueueConnEvent(irc_squit_message,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig),
 			make_intrusive<StringVal>(prefix.c_str()),
 			make_intrusive<StringVal>(server.c_str()),
@@ -1145,7 +1145,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		if ( irc_request )
 			{
 			EnqueueConnEvent(irc_request,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(prefix.c_str()),
 				make_intrusive<StringVal>(command.c_str()),
@@ -1159,7 +1159,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		if ( irc_message )
 			{
 			EnqueueConnEvent(irc_message,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(orig),
 				make_intrusive<StringVal>(prefix.c_str()),
 				make_intrusive<StringVal>(command.c_str()),
@@ -1194,7 +1194,7 @@ void IRC_Analyzer::StartTLS()
 		AddChildAnalyzer(ssl);
 
 	if ( irc_starttls )
-		EnqueueConnEvent(irc_starttls, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+		EnqueueConnEvent(irc_starttls, ConnVal());
 	}
 
 vector<string> IRC_Analyzer::SplitWords(const string& input, char split)

src/analyzer/protocol/login/Login.cc

@@ -290,7 +290,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line)
 	else if ( IsSkipAuthentication(line) )
 		{
 		if ( authentication_skipped )
-			EnqueueConnEvent(authentication_skipped, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+			EnqueueConnEvent(authentication_skipped, ConnVal());
 
 		state = LOGIN_STATE_SKIP;
 		SetSkip(true);
@@ -332,19 +332,19 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val)
 
 		else if ( login_terminal && streq(name, "TERM") )
 			EnqueueConnEvent(login_terminal,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				make_intrusive<StringVal>(val)
 			);
 
 		else if ( login_display && streq(name, "DISPLAY") )
 			EnqueueConnEvent(login_display,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				make_intrusive<StringVal>(val)
 			);
 
 		else if ( login_prompt && streq(name, "TTYPROMPT") )
 			EnqueueConnEvent(login_prompt,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				make_intrusive<StringVal>(val)
 			);
 		}
@@ -420,7 +420,7 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line,
 				PopUserTextVal() : new StringVal("<none>");
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		IntrusivePtr{NewRef{}, username},
 		client_name ? IntrusivePtr{NewRef{}, client_name}
 		            : val_mgr->EmptyString(),
@@ -443,7 +443,7 @@ void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line)
 		return;
 
 	EnqueueConnEvent(f,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		make_intrusive<StringVal>(line)
 	);
 	}
@@ -455,7 +455,7 @@ void Login_Analyzer::Confused(const char* msg, const char* line)
 
 	if ( login_confused )
 		EnqueueConnEvent(login_confused,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(msg),
 			make_intrusive<StringVal>(line)
 		);
@@ -479,7 +479,7 @@ void Login_Analyzer::ConfusionText(const char* line)
 	{
 	if ( login_confused_text )
 		EnqueueConnEvent(login_confused_text,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(line)
 		);
 	}

src/analyzer/protocol/login/NVT.cc

@@ -460,7 +460,7 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len)
 	{
 	if ( login_terminal )
 		EnqueueConnEvent(login_terminal,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(new BroString(terminal, len, false))
 		);
 	}

src/analyzer/protocol/login/RSH.cc

@@ -172,7 +172,7 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 	vl.reserve(4 + orig);
 	const char* line = (const char*) data;
 	line = skip_whitespace(line);
-	vl.emplace_back(AdoptRef{}, BuildConnVal());
+	vl.emplace_back(ConnVal());
 
 	if ( client_name )
 		vl.emplace_back(NewRef{}, client_name);

src/analyzer/protocol/login/Rlogin.cc

@@ -245,7 +245,7 @@ void Rlogin_Analyzer::TerminalType(const char* s)
 	{
 	if ( login_terminal )
 		EnqueueConnEvent(login_terminal,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			make_intrusive<StringVal>(s)
 		);
 	}

src/analyzer/protocol/mime/MIME.cc

@@ -1364,7 +1364,7 @@ void MIME_Mail::Done()
 		md5_hash = nullptr;
 
 		analyzer->EnqueueConnEvent(mime_content_hash,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Count(content_hash_length),
 			make_intrusive<StringVal>(new BroString(true, digest, 16))
 		);
@@ -1391,7 +1391,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */)
 	cur_entity_id.clear();
 
 	if ( mime_begin_entity )
-		analyzer->EnqueueConnEvent(mime_begin_entity, IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()});
+		analyzer->EnqueueConnEvent(mime_begin_entity, analyzer->ConnVal());
 
 	buffer_start = data_start = 0;
 	ASSERT(entity_content.size() == 0);
@@ -1404,7 +1404,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */)
 		BroString* s = concatenate(entity_content);
 
 		analyzer->EnqueueConnEvent(mime_entity_data,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Count(s->Len()),
 			make_intrusive<StringVal>(s)
 		);
@@ -1416,7 +1416,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */)
 		}
 
 	if ( mime_end_entity )
-		analyzer->EnqueueConnEvent(mime_end_entity, IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()});
+		analyzer->EnqueueConnEvent(mime_end_entity, analyzer->ConnVal());
 
 	file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn());
 	cur_entity_id.clear();
@@ -1426,7 +1426,7 @@ void MIME_Mail::SubmitHeader(MIME_Header* h)
 	{
 	if ( mime_one_header )
 		analyzer->EnqueueConnEvent(mime_one_header,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, BuildHeaderVal(h)}
 		);
 	}
@@ -1435,7 +1435,7 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist)
 	{
 	if ( mime_all_headers )
 		analyzer->EnqueueConnEvent(mime_all_headers,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			IntrusivePtr{AdoptRef{}, BuildHeaderTable(hlist)}
 		);
 	}
@@ -1471,7 +1471,7 @@ void MIME_Mail::SubmitData(int len, const char* buf)
 		int data_len = (buf + len) - data;
 
 		analyzer->EnqueueConnEvent(mime_segment_data,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Count(data_len),
 			make_intrusive<StringVal>(data_len, data)
 		);
@@ -1518,7 +1518,7 @@ void MIME_Mail::SubmitAllData()
 		delete_strings(all_content);
 
 		analyzer->EnqueueConnEvent(mime_all_data,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Count(s->Len()),
 			make_intrusive<StringVal>(s)
 		);
@@ -1546,7 +1546,7 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail)
 
 	if ( mime_event )
 		analyzer->EnqueueConnEvent(mime_event,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			make_intrusive<StringVal>(category),
 			make_intrusive<StringVal>(detail)
 		);

src/analyzer/protocol/ncp/NCP.cc

@@ -63,14 +63,14 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame)
 		{
 		if ( frame->is_orig() )
 			analyzer->EnqueueConnEvent(f,
-				IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+				analyzer->ConnVal(),
 				val_mgr->Count(frame->frame_type()),
 				val_mgr->Count(frame->body_length()),
 				val_mgr->Count(req_func)
 			);
 		else
 			analyzer->EnqueueConnEvent(f,
-				IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+				analyzer->ConnVal(),
 				val_mgr->Count(frame->frame_type()),
 				val_mgr->Count(frame->body_length()),
 				val_mgr->Count(req_frame_type),

src/analyzer/protocol/netbios/NetbiosSSN.cc

@@ -60,7 +60,7 @@ void NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags,
 	{
 	if ( netbios_session_message )
 		analyzer->EnqueueConnEvent(netbios_session_message,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_query),
 			val_mgr->Count(type),
 			val_mgr->Count(len)
@@ -322,13 +322,13 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data,
 
 	if ( is_orig >= 0 )
 		analyzer->EnqueueConnEvent(event,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Bool(is_orig),
 			make_intrusive<StringVal>(new BroString(data, len, false))
 		);
 	else
 		analyzer->EnqueueConnEvent(event,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			make_intrusive<StringVal>(new BroString(data, len, false))
 		);
 	}

src/analyzer/protocol/pia/PIA.cc

@@ -159,7 +159,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
 			EnumVal *tval = tag ? tag.AsEnumVal() : GetAnalyzerTag().AsEnumVal();
 
 			mgr.Enqueue(protocol_late_match,
-			    IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			    ConnVal(),
 			    IntrusivePtr{NewRef{}, tval}
 			);
 			}
@@ -307,7 +307,7 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
 			EnumVal *tval = tag ? tag.AsEnumVal() : GetAnalyzerTag().AsEnumVal();
 
 			mgr.Enqueue(protocol_late_match,
-			    IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			    ConnVal(),
 			    IntrusivePtr{NewRef{}, tval}
 			);
 			}

src/analyzer/protocol/pop3/POP3.cc

@@ -826,7 +826,7 @@ void POP3_Analyzer::StartTLS()
 		AddChildAnalyzer(ssl);
 
 	if ( pop3_starttls )
-		EnqueueConnEvent(pop3_starttls, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+		EnqueueConnEvent(pop3_starttls, ConnVal());
 	}
 
 void POP3_Analyzer::AuthSuccessfull()
@@ -919,7 +919,7 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig,
 	zeek::Args vl;
 	vl.reserve(2 + (bool)arg1 + (bool)arg2);
 
-	vl.emplace_back(AdoptRef{}, BuildConnVal());
+	vl.emplace_back(ConnVal());
 	vl.emplace_back(val_mgr->Bool(is_orig));
 
 	if ( arg1 )

src/analyzer/protocol/rpc/MOUNT.cc

@@ -191,7 +191,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
 	// These are the first parameters for each mount_* event ...
 	zeek::Args vl;
 	vl.reserve(2 + extra_elements);
-	vl.emplace_back(AdoptRef{}, analyzer->BuildConnVal());
+	vl.emplace_back(analyzer->ConnVal());
 	auto auxgids = make_intrusive<VectorVal>(internal_type("index_vec")->AsVectorType());
 
 	for (size_t i = 0; i < c->AuxGIDs().size(); ++i)

src/analyzer/protocol/rpc/NFS.cc

@@ -327,7 +327,7 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
 	// These are the first parameters for each nfs_* event ...
 	zeek::Args vl;
 	vl.reserve(2 + extra_elements);
-	vl.emplace_back(IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()});
+	vl.emplace_back(analyzer->ConnVal());
 	auto auxgids = make_intrusive<VectorVal>(internal_type("index_vec")->AsVectorType());
 
 	for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )

src/analyzer/protocol/rpc/Portmap.cc

@@ -259,7 +259,7 @@ uint32_t PortmapperInterp::CheckPort(uint32_t port)
 		if ( pm_bad_port )
 			{
 			analyzer->EnqueueConnEvent(pm_bad_port,
-				IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+				analyzer->ConnVal(),
 				val_mgr->Count(port)
 			);
 			}
@@ -281,7 +281,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu
 
 	zeek::Args vl;
 
-	vl.emplace_back(AdoptRef{}, analyzer->BuildConnVal());
+	vl.emplace_back(analyzer->ConnVal());
 
 	if ( status == BifEnum::RPC_SUCCESS )
 		{

src/analyzer/protocol/rpc/RPC.cc

@@ -339,7 +339,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st
 	{
 	if ( rpc_dialogue )
 		analyzer->EnqueueConnEvent(rpc_dialogue,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Count(c->Program()),
 			val_mgr->Count(c->Version()),
 			val_mgr->Count(c->Proc()),
@@ -354,7 +354,7 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c)
 	{
 	if ( rpc_call )
 		analyzer->EnqueueConnEvent(rpc_call,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Count(c->XID()),
 			val_mgr->Count(c->Program()),
 			val_mgr->Count(c->Version()),
@@ -367,7 +367,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status,
 	{
 	if ( rpc_reply )
 		analyzer->EnqueueConnEvent(rpc_reply,
-			IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
+			analyzer->ConnVal(),
 			val_mgr->Count(xid),
 			BifType::Enum::rpc_status->GetVal(status),
 			val_mgr->Count(reply_len)

src/analyzer/protocol/smtp/SMTP.cc

@@ -220,7 +220,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 			if ( smtp_data && ! skip_data )
 				{
 				EnqueueConnEvent(smtp_data,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					make_intrusive<StringVal>(data_len, line)
 				);
@@ -350,7 +350,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 				}
 
 				EnqueueConnEvent(smtp_reply,
-					IntrusivePtr{AdoptRef{}, BuildConnVal()},
+					ConnVal(),
 					val_mgr->Bool(orig),
 					val_mgr->Count(reply_code),
 					make_intrusive<StringVal>(cmd),
@@ -410,7 +410,7 @@ void SMTP_Analyzer::StartTLS()
 		AddChildAnalyzer(ssl);
 
 	if ( smtp_starttls )
-		EnqueueConnEvent(smtp_starttls, IntrusivePtr{AdoptRef{}, BuildConnVal()});
+		EnqueueConnEvent(smtp_starttls, ConnVal());
 	}
 
 
@@ -859,7 +859,7 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd,
 		cmd_arg->ToUpper();
 
 		EnqueueConnEvent(smtp_request,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(orig_is_sender),
 			std::move(cmd_arg),
 			make_intrusive<StringVal>(arg_len, arg)
@@ -880,7 +880,7 @@ void SMTP_Analyzer::Unexpected(bool is_sender, const char* msg,
 			is_orig = ! is_orig;
 
 		EnqueueConnEvent(smtp_unexpected,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(is_orig),
 			make_intrusive<StringVal>(msg),
 			make_intrusive<StringVal>(detail_len, detail)

src/analyzer/protocol/stepping-stone/SteppingStone.cc

@@ -146,7 +146,7 @@ void SteppingStoneEndpoint::CreateEndpEvent(bool is_orig)
 		return;
 
 	endp->TCP()->EnqueueConnEvent(stp_create_endp,
-		IntrusivePtr{AdoptRef{}, endp->TCP()->BuildConnVal()},
+		endp->TCP()->ConnVal(),
 		val_mgr->Int(stp_id),
 		val_mgr->Bool(is_orig)
 	);

src/analyzer/protocol/tcp/TCP.cc

@@ -786,7 +786,7 @@ void TCP_Analyzer::GeneratePacketEvent(
 					bool is_orig, TCP_Flags flags)
 	{
 	EnqueueConnEvent(tcp_packet,
-		IntrusivePtr{AdoptRef{}, BuildConnVal()},
+		ConnVal(),
 		val_mgr->Bool(is_orig),
 		make_intrusive<StringVal>(flags.AsString()),
 		val_mgr->Count(rel_seq),
@@ -1102,7 +1102,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 
 		if ( connection_SYN_packet )
 			EnqueueConnEvent(connection_SYN_packet,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				IntrusivePtr{NewRef{}, SYN_vals}
 			);
 
@@ -1346,7 +1346,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 			auto kind = o[0];
 			auto length = kind < 2 ? 1 : o[1];
 			EnqueueConnEvent(tcp_option,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(is_orig),
 				val_mgr->Count(kind),
 				val_mgr->Count(length)
@@ -1459,7 +1459,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 			}
 
 		EnqueueConnEvent(tcp_options,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(is_orig),
 			std::move(option_list)
 			);
@@ -1781,7 +1781,7 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp)
 	{
 	if ( connection_EOF )
 		EnqueueConnEvent(connection_EOF,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			val_mgr->Bool(endp->IsOrig())
 		);
 
@@ -2061,7 +2061,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl
 
 		if ( tcp_rexmit )
 			endp->TCP()->EnqueueConnEvent(tcp_rexmit,
-				IntrusivePtr{AdoptRef{}, endp->TCP()->BuildConnVal()},
+				endp->TCP()->ConnVal(),
 				val_mgr->Bool(endp->IsOrig()),
 				val_mgr->Count(seq),
 				val_mgr->Count(len),
@@ -2116,7 +2116,7 @@ void TCPStats_Analyzer::Done()
 
 	if ( conn_stats )
 		EnqueueConnEvent(conn_stats,
-			IntrusivePtr{AdoptRef{}, BuildConnVal()},
+			ConnVal(),
 			IntrusivePtr{AdoptRef{}, orig_stats->BuildStats()},
 			IntrusivePtr{AdoptRef{}, resp_stats->BuildStats()}
 		);

src/analyzer/protocol/tcp/TCP_Endpoint.cc

@@ -238,7 +238,7 @@ bool TCP_Endpoint::DataSent(double t, uint64_t seq, int len, int caplen,
 
 			if ( contents_file_write_failure )
 				tcp_analyzer->EnqueueConnEvent(contents_file_write_failure,
-					IntrusivePtr{AdoptRef{}, Conn()->BuildConnVal()},
+					Conn()->ConnVal(),
 					val_mgr->Bool(IsOrig()),
 					make_intrusive<StringVal>(buf)
 				);

src/analyzer/protocol/tcp/TCP_Reassembler.cc

@@ -150,7 +150,7 @@ void TCP_Reassembler::Gap(uint64_t seq, uint64_t len)
 
 	if ( report_gap(endp, endp->peer) )
 		dst_analyzer->EnqueueConnEvent(content_gap,
-			IntrusivePtr{AdoptRef{}, dst_analyzer->BuildConnVal()},
+			dst_analyzer->ConnVal(),
 			val_mgr->Bool(IsOrig()),
 			val_mgr->Count(seq),
 			val_mgr->Count(len)
@@ -360,7 +360,7 @@ void TCP_Reassembler::RecordBlock(const DataBlock& b, BroFile* f)
 
 	if ( contents_file_write_failure )
 		tcp_analyzer->EnqueueConnEvent(contents_file_write_failure,
-			IntrusivePtr{AdoptRef{}, Endpoint()->Conn()->BuildConnVal()},
+			Endpoint()->Conn()->ConnVal(),
 			val_mgr->Bool(IsOrig()),
 			make_intrusive<StringVal>("TCP reassembler content write failure")
 		);
@@ -375,7 +375,7 @@ void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, BroFile*
 
 	if ( contents_file_write_failure )
 		tcp_analyzer->EnqueueConnEvent(contents_file_write_failure,
-			IntrusivePtr{AdoptRef{}, Endpoint()->Conn()->BuildConnVal()},
+			Endpoint()->Conn()->ConnVal(),
 			val_mgr->Bool(IsOrig()),
 			make_intrusive<StringVal>("TCP reassembler gap write failure")
 		);
@@ -455,7 +455,7 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64_t n)
 		BroString* b2_s = new BroString((const u_char*) b2, n, false);
 
 		tcp_analyzer->EnqueueConnEvent(rexmit_inconsistency,
-			IntrusivePtr{AdoptRef{}, tcp_analyzer->BuildConnVal()},
+			tcp_analyzer->ConnVal(),
 			make_intrusive<StringVal>(b1_s),
 			make_intrusive<StringVal>(b2_s),
 			make_intrusive<StringVal>(flags.AsString())
@@ -611,7 +611,7 @@ void TCP_Reassembler::DeliverBlock(uint64_t seq, int len, const u_char* data)
 
 	if ( deliver_tcp_contents )
 		tcp_analyzer->EnqueueConnEvent(tcp_contents,
-			IntrusivePtr{AdoptRef{}, tcp_analyzer->BuildConnVal()},
+			tcp_analyzer->ConnVal(),
 			val_mgr->Bool(IsOrig()),
 			val_mgr->Count(seq),
 			make_intrusive<StringVal>(len, (const char*) data)

src/analyzer/protocol/udp/UDP.cc

@@ -165,7 +165,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 
 		if ( do_udp_contents )
 			EnqueueConnEvent(udp_contents,
-				IntrusivePtr{AdoptRef{}, BuildConnVal()},
+				ConnVal(),
 				val_mgr->Bool(is_orig),
 				make_intrusive<StringVal>(len, (const char*) data)
 			);

src/file_analysis/File.cc

@@ -145,7 +145,7 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig)
 		return false;
 		}
 
-	conns->AsTableVal()->Assign(idx, conn->BuildConnVal());
+	conns->AsTableVal()->Assign(idx, conn->ConnVal());
 	Unref(idx);
 	return true;
 	}
@@ -156,7 +156,7 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig)
 		{
 		FileEvent(file_over_new_connection, {
 			IntrusivePtr{NewRef{}, val},
-			IntrusivePtr{AdoptRef{}, conn->BuildConnVal()},
+			conn->ConnVal(),
 			val_mgr->Bool(is_orig),
 		});
 		}

src/file_analysis/Manager.cc

@@ -436,7 +436,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
 
 	mgr.Enqueue(get_file_handle,
 		IntrusivePtr{NewRef{}, tagval},
-		IntrusivePtr{AdoptRef{}, c->BuildConnVal()},
+		c->ConnVal(),
 		val_mgr->Bool(is_orig)
 	);
 	mgr.Drain(); // need file handle immediately so we don't have to buffer data

src/zeek.bif

@@ -3300,7 +3300,7 @@ function lookup_connection%(cid: conn_id%): connection
 	%{
 	Connection* conn = sessions->FindConnection(cid);
 	if ( conn )
-		return IntrusivePtr{AdoptRef{}, conn->BuildConnVal()};
+		return conn->ConnVal();
 
 	builtin_error("connection ID not a known connection", cid);