Add all new policy scripts to doc generation target.

Minor script tweaks along the way to get rid of reST format warnings
or @load dependency issues.

policy/ftp/base.bro

@@ -4,7 +4,8 @@
 ##! file name.  
 ##! 
 ##! TODO:
-##!  * Handle encrypted sessions correctly (get an example?)
+##!
+##! * Handle encrypted sessions correctly (get an example?)
 
 @load functions
 @load ftp/utils-commands

policy/ftp/software.bro

@@ -1,8 +1,10 @@
 ##! Software detection with the FTP protocol.
-##! TODO::
-##!  * Detect server software with initial 220 message
-##!  * Detect client software with password given for anonymous users 
-##!    (e.g. cyberduck@example.net)
+##!
+##! TODO:
+##!
+##! * Detect server software with initial 220 message
+##! * Detect client software with password given for anonymous users
+##!   (e.g. cyberduck@example.net)
 
 @load ftp/base
 @load software
@@ -21,4 +23,4 @@ event ftp_request(c: connection, command: string, arg: string) &priority=4
 		local si = Software::parse(arg, c$id$orig_h, FTP_CLIENT);
 		Software::found(c$id, si);
 		}
-	}
+	}

policy/http.bro

@@ -1,7 +1,5 @@
 ##! This script is the wrapper script for HTTP analysis.
-
-## Author: Seth Hall <seth@icir.org> - Inspired by the work of many others.
-
+##! :Author: Seth Hall <seth@icir.org> - Inspired by the work of many others.
 
 @load http/utils
 @load http/base
@@ -12,4 +10,4 @@
 @load http/software
 @load http/headers
 
-@load http/detect-webapps
+@load http/detect-webapps

policy/http/detect-intel.bro

@@ -1,3 +1,3 @@
-## Intelligence based HTTP detections.
+##! Intelligence based HTTP detections.
 
-module HTTP;
+module HTTP;

policy/http/detect-webapps.bro

@@ -1,4 +1,6 @@
 
+@load http/utils
+
 @load software
 @load signatures
 
@@ -47,4 +49,4 @@ event signature_match(state: signature_state, msg: string, data: string) &priori
 		}
 	
 	Software::found(c$id, si);
-	}
+	}

policy/http/headers.bro

@@ -8,7 +8,7 @@ redef record Info += {
 	## The vector of HTTP headers.  No header values are included here, just
 	## the header names.
 	## TODO: with an empty vector as &default, the vector isn't coerced to the
-	##       correct type.
+	## correct type.
 	headers:  vector of string &log &optional;
 };
 
@@ -20,4 +20,4 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
 	if ( ! c$http?$headers )
 		c$http$headers = vector();
 	c$http$headers[|c$http$headers|] = name;
-	}
+	}

policy/http/var-extraction-cookies.bro

@@ -1,6 +1,7 @@
-## This script extracts and logs variables from cookies sent by clients
+##! This script extracts and logs variables from cookies sent by clients
 
-@load http
+@load http/base
+@load http/utils
 
 module HTTP;
 
@@ -12,4 +13,4 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
 	{
 	if ( is_orig && name == "COOKIE" )
 		c$http$cookie_vars = extract_keys(value, /;[[:blank:]]*/);
-	}
+	}

policy/http/var-extraction-uri.bro

@@ -1,4 +1,4 @@
-## This script extracts and logs variables from the requested URI
+##! This script extracts and logs variables from the requested URI
 
 @load http/utils
 
@@ -12,4 +12,4 @@ event http_request(c: connection, method: string, original_URI: string,
                    unescaped_URI: string, version: string) &priority=2
 	{
 	c$http$uri_vars = extract_keys(original_URI, /&/);
-	}
+	}

policy/irc/dcc-send.bro

@@ -5,9 +5,10 @@
 ##! but that connection will actually be between B and C which could be 
 ##! analyzed on a different worker.
 ##!
+##! Example line from IRC server indicating that the DCC SEND is about to start:
+##!    PRIVMSG my_nick :^ADCC SEND whateverfile.zip 3640061780 1026 41709^A
 
-## Example line from IRC server indicating that the DCC SEND is about to start:
-##    PRIVMSG my_nick :^ADCC SEND whateverfile.zip 3640061780 1026 41709^A
+@load irc/base
 
 module IRC;
 

policy/notice.bro

@@ -25,13 +25,14 @@ export {
 		uid:            string  &log &optional;
 		id:             conn_id &log &optional; ##< connection-ID, if we don't have a connection handy
 		## This is the relevant host for this notice.  It could be set because
-		## either::
-		##   1. There is no connection associated with this notice.
-		##   2. There is some underlying semantic of the notice where either
-		##      orig_h or resp_h is the relevant host in the associated
-		##      connection.  For example, if a host is detected scanning, the
-		##      particular connection taking place when the notice is generated
-		##      is irrelevant and only the host detected scanning is relevant.
+		## either:
+		##
+		## 1. There is no connection associated with this notice.
+		## 2. There is some underlying semantic of the notice where either
+		##    orig_h or resp_h is the relevant host in the associated
+		##    connection.  For example, if a host is detected scanning, the
+		##    particular connection taking place when the notice is generated
+		##    is irrelevant and only the host detected scanning is relevant.
 		relevant_host:  addr    &log &optional;
 		
 		note:           Type    &log;

policy/smtp/utils.bro

@@ -1,4 +1,6 @@
 
+@load functions
+
 module SMTP;
 
 function find_address_in_smtp_header(header: string): string

policy/smtp/webmail-ident.bro

@@ -2,11 +2,14 @@
 ##! with the USER-AGENT (or other) header unless not possible and will resort
 ##! to heuristics if necessary.
 ##!
-##! TODO::
-##!     * Find some heuristic to determine if email was sent through 
-##!       a MS Exhange webmail interface as opposed to a desktop client.
+##! TODO:
+##!
+##! * Find some heuristic to determine if email was sent through 
+##!   a MS Exhange webmail interface as opposed to a desktop client.
 ##! 
 
+@load smtp/base
+
 module SMTP;
 
 redef record Info += {

policy/software.bro

@@ -1,2 +1,2 @@
 @load software/base
-@load software/vulnerable
+@load software/vulnerable

policy/software/base.bro

@@ -1,8 +1,8 @@
-## This script provides the framework for software version detection and
-## parsing, but doesn't actually do any detection on it's own.  It relys on
-## other protocol specific scripts to parse out software from the protocol(s)
-## that they analyze.  The entry point for providing new software detections
-## to this framework is through the Software::found function.
+##! This script provides the framework for software version detection and
+##! parsing, but doesn't actually do any detection on it's own.  It relys on
+##! other protocol specific scripts to parse out software from the protocol(s)
+##! that they analyze.  The entry point for providing new software detections
+##! to this framework is through the Software::found function.
 
 @load functions
 @load notice
@@ -67,9 +67,9 @@ export {
 	} &redef;
 	
 	## Other scripts should call this function when they detect software.
-	## @param unparsed_version: This is the full string from which the
+	## unparsed_version: This is the full string from which the
 	##                          Software::Info was extracted.
-	## @return: T if the software was logged, F otherwise.
+	## Returns: T if the software was logged, F otherwise.
 	global found: function(id: conn_id, info: Software::Info): bool;
 	
 	## This function can take many software version strings and parse them into 
@@ -80,7 +80,7 @@ export {
 	                       software_type: Type): Info;
 	
 	## Compare two versions.
-	## @return:  Returns -1 for v1 < v2, 0 for v1 == v2, 1 for v1 > v2.
+	## Returns:  -1 for v1 < v2, 0 for v1 == v2, 1 for v1 > v2.
 	##           If the numerical version numbers match, the addl string
 	##           is compared lexicographically.
 	global cmp_versions: function(v1: Version, v2: Version): int;