Merge remote-tracking branch 'origin/master' into fastpath

2025-10-04 15:48:19 +00:00 · 2016-04-29 01:30:25 -05:00 · 2016-04-29 01:30:25 -05:00 · 428be70190
commit 428be70190
parent 362bf7aee1 cc54b3772a
75 changed files with 2288 additions and 952 deletions
--- a/37
+++ b/37
@ -1,4 +1,41 @@
 2.4-498 | 2016-04-28 11:34:52 -0700
  * Rename Broker::print to Broker::send_print and Broker::event to
    Broker::send_event to avoid using reserved keywords as function
    names. (Daniel Thayer)
  * Add script wrapper functions for Broker BIFs. This faciliates
    documenting them through Broxygen. (Daniel Thayer)
  * Extend, update, and clean up Broker tests. (Daniel Thayer)
  * Intel: Allow to provide uid/fuid instead of conn/file. (Johanna
    Amann)
  * Provide file IDs for hostname matches in certificates. (Johanna
    Amann)
  * Rudimentary IMAP StartTLS analyzer. It parses certificates out of
    IMAP connections using StartTLS. It aborts processing if StartTLS
    is not found. (Johanna Amann)
 2.4-478 | 2016-04-28 09:56:24
  * Fix parsing of x509 pre-y2k dates. (Johanna Amann)
  * Fix small error in bif documentation. (Johanna Amann)
  * Fix unknown data link type error message. (Vitaly Repin)
  * Correcting spelling errors. (Jeannette Dopheide)
  * Minor cleanup in ARP analyzer. (Johanna Amann)
  * Fix parsing of pre-y2k dates in X509 certificates. (Johanna Amann)
  * Fix small error in get_current_packet documentation. (Johanna Amann)
 2.4-471 | 2016-04-25 15:37:15 -0700
  * Add DNS tests for huge TLLs and CAA. (Johanna Amann)
--- a/7
+++ b/7
@ -33,6 +33,11 @@ New Functionality
 - Bro now supports the Radiotap header for 802.11 frames.
 - Bro now has a rudimentary IMAP analyzer examinig the initial phase
  of the protocol. Right now the analyzer only identify STARTTLS
  sessions, handing them over to TLS analysis. The analyzer does not
  yet analyze any further IMAP content.
 - Bro now tracks VLAN IDs. To record them inside the connection log,
  load protocols/conn/vlan-logging.bro.
@ -91,6 +96,8 @@ Changed Functionality
 ---------------------
 - The BrokerComm and BrokerStore namespaces were renamed to Broker.
  The Broker "print" function was renamed to Broker::send_print, and
  "event" to "Broker::send_event".
 - ``SSH::skip_processing_after_detection`` was removed. The functionality was
  replaced by ``SSH::disable_analyzer_after_detection``.
--- a/2
+++ b/2
@ -1 +1 @@
-2.4-471
+2.4-498
--- a/aux/binpac
+++ b/aux/binpac
@ -1 +1 @@
-Subproject commit 424d40c1e8d5888311b50c0e5a9dfc9c5f818b66
+Subproject commit edbbe445d92cc6a5c2557661195f486b784769db
--- a/aux/bro-aux
+++ b/aux/bro-aux
@ -1 +1 @@
-Subproject commit 105dfe4ad6c4ae4563b21cb0466ee350f0af0d43
+Subproject commit cb771a3cf592d46643eea35d206b9f3e1a0758f7
--- a/aux/broccoli
+++ b/aux/broccoli
@ -1 +1 @@
-Subproject commit f83038b17fc83788415a58d77f75ad182ca6a9b7
+Subproject commit b4d1686cdd3f5505e405667b1083e8335cae6928
--- a/aux/broctl
+++ b/aux/broctl
@ -1 +1 @@
-Subproject commit 583f3a3ff1847cf96a87f865d5cf0f36fae9dd67
+Subproject commit 7df7878abfd864f9ae5609918c0f04f58b5f5e2d
--- a/aux/broker
+++ b/aux/broker
@ -1 +1 @@
-Subproject commit 6684ab5109f526fb535013760f17a4c8dff093ae
+Subproject commit bb3f55f198f9cfd5e545345dd6425dd08ca1d45e
--- a/doc/frameworks/broker.rst
+++ b/doc/frameworks/broker.rst
@ -45,7 +45,7 @@ received.
 .. btest-include:: ${DOC_ROOT}/frameworks/broker/printing-listener.bro
-To send remote print messages, just call :bro:see:`Broker::print`.
+To send remote print messages, just call :bro:see:`Broker::send_print`.
 .. btest-include:: ${DOC_ROOT}/frameworks/broker/printing-connector.bro
@ -75,7 +75,7 @@ new events along with handlers that peers may want to send.
 .. btest-include:: ${DOC_ROOT}/frameworks/broker/events-listener.bro
 There are two different ways to send events.  The first is to call the
-:bro:see:`Broker::event` function directly.  The second option is to call
+:bro:see:`Broker::send_event` function directly.  The second option is to call
 the :bro:see:`Broker::auto_event` function where you specify a
 particular event that will be automatically sent to peers whenever the
 event is called locally via the normal event invocation syntax.
@ -144,8 +144,8 @@ If not using the ``auto_publish`` flag, one can use the
 functions to manipulate the set of message topics (must match exactly)
 that are allowed to be sent to peer endpoints.  These settings take
 precedence over the per-message ``peers`` flag supplied to functions
-that take a :bro:see:`Broker::SendFlags` such as :bro:see:`Broker::print`,
+that take a :bro:see:`Broker::SendFlags` such as :bro:see:`Broker::send_print`,
-:bro:see:`Broker::event`, :bro:see:`Broker::auto_event` or
+:bro:see:`Broker::send_event`, :bro:see:`Broker::auto_event` or
 :bro:see:`Broker::enable_remote_logs`.
 If not using the ``auto_advertise`` flag, one can use the
--- a/doc/frameworks/broker/events-connector.bro
+++ b/doc/frameworks/broker/events-connector.bro
@ -17,11 +17,11 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established",
 	      peer_address, peer_port, peer_name;
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "hi", 0));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "hi", 0));
 	event my_auto_event("stuff", 88);
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "...", 1));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "...", 1));
 	event my_auto_event("more stuff", 51);
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "bye", 2));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "bye", 2));
 	}
 event Broker::outgoing_connection_broken(peer_address: string,
--- a/doc/frameworks/broker/printing-connector.bro
+++ b/doc/frameworks/broker/printing-connector.bro
@ -14,9 +14,9 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established",
 	      peer_address, peer_port, peer_name;
-	Broker::print("bro/print/hi", "hello");
+	Broker::send_print("bro/print/hi", "hello");
-	Broker::print("bro/print/stuff", "...");
+	Broker::send_print("bro/print/stuff", "...");
-	Broker::print("bro/print/bye", "goodbye");
+	Broker::send_print("bro/print/bye", "goodbye");
 	}
 event Broker::outgoing_connection_broken(peer_address: string,
--- a/scripts/base/frameworks/broker/main.bro
+++ b/scripts/base/frameworks/broker/main.bro
@ -1,5 +1,14 @@
 ##! Various data structure definitions for use with Bro's communication system.
 module Log;
 export {
    type Log::ID: enum {
        ## Dummy place-holder.
        UNKNOWN
    };
 }
 module Broker;
 export {
@ -52,4 +61,312 @@ export {
 		key: Broker::Data;
 		val: Broker::Data;
 	};
 	## Enable use of communication.
 	##
 	## flags: used to tune the local Broker endpoint behavior.
 	##
 	## Returns: true if communication is successfully initialized.
 	global enable: function(flags: EndpointFlags &default = EndpointFlags()): bool;
 	## Changes endpoint flags originally supplied to :bro:see:`Broker::enable`.
 	##
 	## flags: the new endpoint behavior flags to use.
 	##
 	## Returns: true if flags were changed.
 	global set_endpoint_flags: function(flags: EndpointFlags &default = EndpointFlags()): bool;
 	## Allow sending messages to peers if associated with the given topic.
 	## This has no effect if auto publication behavior is enabled via the flags
 	## supplied to :bro:see:`Broker::enable` or :bro:see:`Broker::set_endpoint_flags`.
 	##
 	## topic: a topic to allow messages to be published under.
 	##
 	## Returns: true if successful.
 	global publish_topic: function(topic: string): bool;
 	## Disallow sending messages to peers if associated with the given topic.
 	## This has no effect if auto publication behavior is enabled via the flags
 	## supplied to :bro:see:`Broker::enable` or :bro:see:`Broker::set_endpoint_flags`.
 	##
 	## topic: a topic to disallow messages to be published under.
 	##
 	## Returns: true if successful.
 	global unpublish_topic: function(topic: string): bool;
 	## Listen for remote connections.
 	##
 	## p: the TCP port to listen on.
 	##
 	## a: an address string on which to accept connections, e.g.
 	##    "127.0.0.1".  An empty string refers to @p INADDR_ANY.
 	##
 	## reuse: equivalent to behavior of SO_REUSEADDR.
 	##
 	## Returns: true if the local endpoint is now listening for connections.
 	##
 	## .. bro:see:: Broker::incoming_connection_established
 	global listen: function(p: port, a: string &default = "", reuse: bool &default = T): bool;
 	## Initiate a remote connection.
 	##
 	## a: an address to connect to, e.g. "localhost" or "127.0.0.1".
 	##
 	## p: the TCP port on which the remote side is listening.
 	##
 	## retry: an interval at which to retry establishing the
 	##        connection with the remote peer if it cannot be made initially, or
 	##        if it ever becomes disconnected.
 	##
 	## Returns: true if it's possible to try connecting with the peer and
 	##          it's a new peer.  The actual connection may not be established
 	##          until a later point in time.
 	##
 	## .. bro:see:: Broker::outgoing_connection_established
 	global connect: function(a: string, p: port, retry: interval): bool;
 	## Remove a remote connection.
 	##
 	## a: the address used in previous successful call to :bro:see:`Broker::connect`.
 	##
 	## p: the port used in previous successful call to :bro:see:`Broker::connect`.
 	##
 	## Returns: true if the arguments match a previously successful call to
 	##          :bro:see:`Broker::connect`.
 	global disconnect: function(a: string, p: port): bool;
 	## Print a simple message to any interested peers.  The receiver can use
 	## :bro:see:`Broker::print_handler` to handle messages.
 	##
 	## topic: a topic associated with the printed message.
 	##
 	## msg: the print message to send to peers.
 	##
 	## flags: tune the behavior of how the message is sent.
 	##
 	## Returns: true if the message is sent.
 	global send_print: function(topic: string, msg: string, flags: SendFlags &default = SendFlags()): bool;
 	## Register interest in all peer print messages that use a certain topic
 	## prefix. Use :bro:see:`Broker::print_handler` to handle received
 	## messages.
 	##
 	## topic_prefix: a prefix to match against remote message topics.
 	##               e.g. an empty prefix matches everything and "a" matches
 	##               "alice" and "amy" but not "bob".
 	##
 	## Returns: true if it's a new print subscription and it is now registered.
 	global subscribe_to_prints: function(topic_prefix: string): bool;
 	## Unregister interest in all peer print messages that use a topic prefix.
 	##
 	## topic_prefix: a prefix previously supplied to a successful call to
 	##               :bro:see:`Broker::subscribe_to_prints`.
 	##
 	## Returns: true if interest in the topic prefix is no longer advertised.
 	global unsubscribe_to_prints: function(topic_prefix: string): bool;
 	## Send an event to any interested peers.
 	##
 	## topic: a topic associated with the event message.
 	##
 	## args: event arguments as made by :bro:see:`Broker::event_args`.
 	##
 	## flags: tune the behavior of how the message is sent.
 	##
 	## Returns: true if the message is sent.
 	global send_event: function(topic: string, args: EventArgs, flags: SendFlags &default = SendFlags()): bool;
 	## Automatically send an event to any interested peers whenever it is
 	## locally dispatched (e.g. using "event my_event(...);" in a script).
 	##
 	## topic: a topic string associated with the event message.
 	##        Peers advertise interest by registering a subscription to some
 	##        prefix of this topic name.
 	##
 	## ev: a Bro event value.
 	##
 	## flags: tune the behavior of how the message is sent.
 	##
 	## Returns: true if automatic event sending is now enabled.
 	global auto_event: function(topic: string, ev: any, flags: SendFlags &default = SendFlags()): bool;
 	## Stop automatically sending an event to peers upon local dispatch.
 	##
 	## topic: a topic originally given to :bro:see:`Broker::auto_event`.
 	##
 	## ev: an event originally given to :bro:see:`Broker::auto_event`.
 	##
 	## Returns: true if automatic events will not occur for the topic/event
 	##          pair.
 	global auto_event_stop: function(topic: string, ev: any): bool;
 	## Register interest in all peer event messages that use a certain topic
 	## prefix.
 	##
 	## topic_prefix: a prefix to match against remote message topics.
 	##               e.g. an empty prefix matches everything and "a" matches
 	##               "alice" and "amy" but not "bob".
 	##
 	## Returns: true if it's a new event subscription and it is now registered.
 	global subscribe_to_events: function(topic_prefix: string): bool;
 	## Unregister interest in all peer event messages that use a topic prefix.
 	##
 	## topic_prefix: a prefix previously supplied to a successful call to
 	##               :bro:see:`Broker::subscribe_to_events`.
 	##
 	## Returns: true if interest in the topic prefix is no longer advertised.
 	global unsubscribe_to_events: function(topic_prefix: string): bool;
 	## Enable remote logs for a given log stream.
 	##
 	## id: the log stream to enable remote logs for.
 	##
 	## flags: tune the behavior of how log entry messages are sent.
 	##
 	## Returns: true if remote logs are enabled for the stream.
 	global enable_remote_logs: function(id: Log::ID, flags: SendFlags &default = SendFlags()): bool;
 	## Disable remote logs for a given log stream.
 	##
 	## id: the log stream to disable remote logs for.
 	##
 	## Returns: true if remote logs are disabled for the stream.
 	global disable_remote_logs: function(id: Log::ID): bool;
 	## Check if remote logs are enabled for a given log stream.
 	##
 	## id: the log stream to check.
 	##
 	## Returns: true if remote logs are enabled for the given stream.
 	global remote_logs_enabled: function(id: Log::ID): bool;
 	## Register interest in all peer log messages that use a certain topic
 	## prefix. Logs are implicitly sent with topic "bro/log/<stream-name>" and
 	## the receiving side processes them through the logging framework as usual.
 	##
 	## topic_prefix: a prefix to match against remote message topics.
 	##               e.g. an empty prefix matches everything and "a" matches
 	##               "alice" and "amy" but not "bob".
 	##
 	## Returns: true if it's a new log subscription and it is now registered.
 	global subscribe_to_logs: function(topic_prefix: string): bool;
 	## Unregister interest in all peer log messages that use a topic prefix.
 	## Logs are implicitly sent with topic "bro/log/<stream-name>" and the
 	## receiving side processes them through the logging framework as usual.
 	##
 	## topic_prefix: a prefix previously supplied to a successful call to
 	##               :bro:see:`Broker::subscribe_to_logs`.
 	##
 	## Returns: true if interest in the topic prefix is no longer advertised.
 	global unsubscribe_to_logs: function(topic_prefix: string): bool;
 }
@load base/bif/comm.bif
@load base/bif/messaging.bif
 module Broker;
 function enable(flags: EndpointFlags &default = EndpointFlags()) : bool
    {
    return __enable(flags);
    }
 function set_endpoint_flags(flags: EndpointFlags &default = EndpointFlags()): bool
    {
    return __set_endpoint_flags(flags);
    }
 function publish_topic(topic: string): bool
    {
    return __publish_topic(topic);
    }
 function unpublish_topic(topic: string): bool
    {
    return __unpublish_topic(topic);
    }
 function listen(p: port, a: string &default = "", reuse: bool &default = T): bool
    {
    return __listen(p, a, reuse);
    }
 function connect(a: string, p: port, retry: interval): bool
    {
    return __connect(a, p, retry);
    }
 function disconnect(a: string, p: port): bool
    {
    return __disconnect(a, p);
    }
 function send_print(topic: string, msg: string, flags: SendFlags &default = SendFlags()): bool
    {
    return __send_print(topic, msg, flags);
    }
 function subscribe_to_prints(topic_prefix: string): bool
    {
    return __subscribe_to_prints(topic_prefix);
    }
 function unsubscribe_to_prints(topic_prefix: string): bool
    {
    return __unsubscribe_to_prints(topic_prefix);
    }
 function send_event(topic: string, args: EventArgs, flags: SendFlags &default = SendFlags()): bool
    {
    return __event(topic, args, flags);
    }
 function auto_event(topic: string, ev: any, flags: SendFlags &default = SendFlags()): bool
    {
    return __auto_event(topic, ev, flags);
    }
 function auto_event_stop(topic: string, ev: any): bool
    {
    return __auto_event_stop(topic, ev);
    }
 function subscribe_to_events(topic_prefix: string): bool
    {
    return __subscribe_to_events(topic_prefix);
    }
 function unsubscribe_to_events(topic_prefix: string): bool
    {
    return __unsubscribe_to_events(topic_prefix);
    }
 function enable_remote_logs(id: Log::ID, flags: SendFlags &default = SendFlags()): bool
    {
    return __enable_remote_logs(id, flags);
    }
 function disable_remote_logs(id: Log::ID): bool
    {
    return __disable_remote_logs(id);
    }
 function remote_logs_enabled(id: Log::ID): bool
    {
    return __remote_logs_enabled(id);
    }
 function subscribe_to_logs(topic_prefix: string): bool
    {
    return __subscribe_to_logs(topic_prefix);
    }
 function unsubscribe_to_logs(topic_prefix: string): bool
    {
    return __unsubscribe_to_logs(topic_prefix);
    }
--- a/scripts/base/frameworks/broker/store.bro
+++ b/scripts/base/frameworks/broker/store.bro
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@ -77,23 +77,34 @@ export {
 		## The type of data that the indicator represents.
 		indicator_type:  Type          &log &optional;
-		## If the indicator type was :bro:enum:`Intel::ADDR`, then this 
+		## If the indicator type was :bro:enum:`Intel::ADDR`, then this
 		## field will be present.
 		host:            addr          &optional;
 		## Where the data was discovered.
 		where:           Where         &log;
-		
+
 		## The name of the node where the match was discovered.
 		node:            string        &optional &log;
-		## If the data was discovered within a connection, the 
+		## If the data was discovered within a connection, the
 		## connection record should go here to give context to the data.
 		conn:            connection    &optional;
 		## If the data was discovered within a connection, the
 		## connection uid should go here to give context to the data.
 		## If the *conn* field is provided, this will be automatically
 		## filled out.
 		uid:             string        &optional;
 		## If the data was discovered within a file, the file record
 		## should go here to provide context to the data.
 		f:               fa_file       &optional;
 		## If the data was discovered within a file, the file uid should
 		## go here to provide context to the data. If the *f* field is
 		## provided, this will be automatically filled out.
 		fuid:            string        &optional;
 	};
 	## Record used for the logging framework representing a positive
@ -112,7 +123,8 @@ export {
 		## If a file was associated with this intelligence hit,
 		## this is the uid for the file.
 		fuid:           string   &log &optional;
-		## A mime type if the intelligence hit is related to a file.  
+
 		## A mime type if the intelligence hit is related to a file.
 		## If the $f field is provided this will be automatically filled
 		## out.
 		file_mime_type: string   &log &optional;
@ -283,15 +295,14 @@ event Intel::match(s: Seen, items: set[Item]) &priority=5
 	if ( s?$f )
 		{
 		s$fuid = s$f$id;
 		if ( s$f?$conns && |s$f$conns| == 1 )
 			{
 			for ( cid in s$f$conns )
 				s$conn = s$f$conns[cid];
 			}
 		if ( ! info?$fuid )
 			info$fuid = s$f$id;
 		if ( ! info?$file_mime_type && s$f?$info && s$f$info?$mime_type )
 			info$file_mime_type = s$f$info$mime_type;
@ -299,12 +310,18 @@ event Intel::match(s: Seen, items: set[Item]) &priority=5
 			info$file_desc = Files::describe(s$f);
 		}
 	if ( s?$fuid )
 		info$fuid = s$fuid;
 	if ( s?$conn )
 		{
-		info$uid = s$conn$uid;
+		s$uid = s$conn$uid;
 		info$id  = s$conn$id;
 		}
 	if ( s?$uid )
 		info$uid = s$uid;
 	for ( item in items )
 		add info$sources[item$meta$source];
--- a/scripts/base/frameworks/netcontrol/plugins/acld.bro
+++ b/scripts/base/frameworks/netcontrol/plugins/acld.bro
@ -227,7 +227,7 @@ function acld_add_rule_fun(p: PluginState, r: Rule) : bool
 	if ( ar$command == "" )
 		return F;
-	Broker::event(p$acld_config$acld_topic, Broker::event_args(acld_add_rule, p$acld_id, r, ar));
+	Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_add_rule, p$acld_id, r, ar));
 	return T;
 	}
@ -242,7 +242,7 @@ function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
 	else
 		return F;
-	Broker::event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar));
+	Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar));
 	return T;
 	}
--- a/scripts/base/frameworks/netcontrol/plugins/broker.bro
+++ b/scripts/base/frameworks/netcontrol/plugins/broker.bro
@ -96,13 +96,13 @@ function broker_name(p: PluginState) : string
 function broker_add_rule_fun(p: PluginState, r: Rule) : bool
 	{
-	Broker::event(p$broker_topic, Broker::event_args(broker_add_rule, p$broker_id, r));
+	Broker::send_event(p$broker_topic, Broker::event_args(broker_add_rule, p$broker_id, r));
 	return T;
 	}
 function broker_remove_rule_fun(p: PluginState, r: Rule) : bool
 	{
-	Broker::event(p$broker_topic, Broker::event_args(broker_remove_rule, p$broker_id, r));
+	Broker::send_event(p$broker_topic, Broker::event_args(broker_remove_rule, p$broker_id, r));
 	return T;
 	}
--- a/scripts/base/frameworks/openflow/plugins/broker.bro
+++ b/scripts/base/frameworks/openflow/plugins/broker.bro
@ -47,14 +47,14 @@ function broker_describe(state: ControllerState): string
 function broker_flow_mod_fun(state: ControllerState, match: ofp_match, flow_mod: OpenFlow::ofp_flow_mod): bool
 	{
-	Broker::event(state$broker_topic, Broker::event_args(broker_flow_mod, state$_name, state$broker_dpid, match, flow_mod));
+	Broker::send_event(state$broker_topic, Broker::event_args(broker_flow_mod, state$_name, state$broker_dpid, match, flow_mod));
 	return T;
 	}
 function broker_flow_clear_fun(state: OpenFlow::ControllerState): bool
 	{
-	Broker::event(state$broker_topic, Broker::event_args(broker_flow_clear, state$_name, state$broker_dpid));
+	Broker::send_event(state$broker_topic, Broker::event_args(broker_flow_clear, state$_name, state$broker_dpid));
 	return T;
 	}
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@ -48,6 +48,7 @@
@load base/protocols/dns
@load base/protocols/ftp
@load base/protocols/http
@load base/protocols/imap
@load base/protocols/irc
@load base/protocols/krb
@load base/protocols/modbus
--- a/scripts/base/protocols/imap/README
+++ b/scripts/base/protocols/imap/README
@ -0,0 +1,5 @@
 Support for the Internet Message Access Protocol (IMAP).
 Note that currently the IMAP analyzer only supports analyzing IMAP sessions
 until they do or do not switch to TLS using StartTLS. Hence, we do not get
 mails from IMAP sessions, only X509 certificates.
--- a/scripts/base/protocols/imap/load.bro
+++ b/scripts/base/protocols/imap/load.bro
@ -0,0 +1,2 @@
@load ./main
--- a/scripts/base/protocols/imap/main.bro
+++ b/scripts/base/protocols/imap/main.bro
@ -0,0 +1,11 @@
 module IMAP;
 const ports = { 143/tcp };
 redef likely_server_ports += { ports };
 event bro_init() &priority=5
 	{
 	Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, ports);
 	}
--- a/scripts/policy/frameworks/intel/seen/ssl.bro
+++ b/scripts/policy/frameworks/intel/seen/ssl.bro
@ -20,6 +20,7 @@ event ssl_established(c: connection)
 	if ( c$ssl$cert_chain[0]$x509?$certificate && c$ssl$cert_chain[0]$x509$certificate?$cn )
 		Intel::seen([$indicator=c$ssl$cert_chain[0]$x509$certificate$cn,
 			$indicator_type=Intel::DOMAIN,
 			$fuid=c$ssl$cert_chain_fuids[0],
 			$conn=c,
 			$where=X509::IN_CERT]);
 	}
--- a/src/RuleCondition.cc
+++ b/src/RuleCondition.cc
@ -111,7 +111,7 @@ bool RuleConditionPayloadSize::DoMatch(Rule* rule, RuleEndpointState* state,
 		return payload_size >= val;
 	default:
-		reporter->InternalError("unknown comparision type");
+		reporter->InternalError("unknown comparison type");
 	}
 	// Should not be reached
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -21,7 +21,7 @@
 //			it may fail to match. Work-around: Insert an always
 //			matching "payload" pattern (not done in snort2bro yet)
 //		  - tcp-state always evaluates to true
-//			(implemented but deactivated for comparision to Snort)
+//			(implemented but deactivated for comparison to Snort)
 uint32 RuleHdrTest::idcounter = 0;
--- a/src/Serializer.cc
+++ b/src/Serializer.cc
@ -437,7 +437,7 @@ bool Serializer::UnserializeCall(UnserialInfo* info)
 bool Serializer::UnserializeStateAccess(UnserialInfo* info)
 	{
-	SetErrorDescr("unserializing state acess");
+	SetErrorDescr("unserializing state access");
 	StateAccess* s = StateAccess::Unserialize(info);
--- a/src/StateAccess.cc
+++ b/src/StateAccess.cc
@ -150,7 +150,7 @@ bool StateAccess::CheckOld(const char* op, ID* id, Val* index,
 	if ( should && is )
 		{
-		// There's no general comparision for non-atomic vals currently.
+		// There's no general comparison for non-atomic vals currently.
 		if ( ! (is_atomic_val(is) && is_atomic_val(should)) )
 			return true;
--- a/src/analyzer/protocol/CMakeLists.txt
+++ b/src/analyzer/protocol/CMakeLists.txt
@ -16,6 +16,7 @@ add_subdirectory(gtpv1)
 add_subdirectory(http)
 add_subdirectory(icmp)
 add_subdirectory(ident)
 add_subdirectory(imap)
 add_subdirectory(interconn)
 add_subdirectory(irc)
 add_subdirectory(krb)
--- a/src/analyzer/protocol/imap/CMakeLists.txt
+++ b/src/analyzer/protocol/imap/CMakeLists.txt
@ -0,0 +1,12 @@
 include(BroPlugin)
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
 bro_plugin_begin(Bro IMAP)
 bro_plugin_cc(Plugin.cc)
 bro_plugin_cc(IMAP.cc)
 bro_plugin_bif(events.bif)
 bro_plugin_pac(imap.pac imap-analyzer.pac imap-protocol.pac)
 bro_plugin_end()
--- a/src/analyzer/protocol/imap/IMAP.cc
+++ b/src/analyzer/protocol/imap/IMAP.cc
@ -0,0 +1,85 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 #include "IMAP.h"
 #include "analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "analyzer/Manager.h"
 using namespace analyzer::imap;
 IMAP_Analyzer::IMAP_Analyzer(Connection* conn)
 	: tcp::TCP_ApplicationAnalyzer("IMAP", conn)
 	{
 	interp = new binpac::IMAP::IMAP_Conn(this);
 	had_gap = false;
 	tls_active = false;
 	}
 IMAP_Analyzer::~IMAP_Analyzer()
 	{
 	delete interp;
 	}
 void IMAP_Analyzer::Done()
 	{
 	tcp::TCP_ApplicationAnalyzer::Done();
 	interp->FlowEOF(true);
 	interp->FlowEOF(false);
 	}
 void IMAP_Analyzer::EndpointEOF(bool is_orig)
 	{
 	tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
 	interp->FlowEOF(is_orig);
 	}
 void IMAP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 	{
 	tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
 	if ( tls_active )
 		{
 		// If TLS has been initiated, forward to child and abort further
 		// processing
 		ForwardStream(len, data, orig);
 		return;
 		}
 	assert(TCP());
 	if ( TCP()->IsPartial() )
 		return;
 	if ( had_gap )
 		// If only one side had a content gap, we could still try to
 		// deliver data to the other side if the script layer can
 		// handle this.
 		return;
 	try
 		{
 		interp->NewData(orig, data, data + len);
 		}
 	catch ( const binpac::Exception& e )
 		{
 		ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
 		}
 	}
 void IMAP_Analyzer::Undelivered(uint64 seq, int len, bool orig)
 	{
 	tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
 	had_gap = true;
 	interp->NewGap(orig, len);
 	}
 void IMAP_Analyzer::StartTLS()
 	{
 	// StartTLS was called. This means we saw a client starttls followed
 	// by a server proceed. From here on, everything should be a binary
 	// TLS datastream.
 	tls_active = true;
 	Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn());
 	if ( ssl )
 		AddChildAnalyzer(ssl);
 	}
--- a/src/analyzer/protocol/imap/IMAP.h
+++ b/src/analyzer/protocol/imap/IMAP.h
@ -0,0 +1,40 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 #ifndef ANALYZER_PROTOCOL_IMAP_IMAP_H
 #define ANALYZER_PROTOCOL_IMAP_IMAP_H
 // for std::transform
 #include <algorithm>
 #include "analyzer/protocol/tcp/TCP.h"
 #include "imap_pac.h"
 namespace analyzer { namespace imap {
 class IMAP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
 	IMAP_Analyzer(Connection* conn);
 	virtual ~IMAP_Analyzer();
 	virtual void Done();
 	virtual void DeliverStream(int len, const u_char* data, bool orig);
 	virtual void Undelivered(uint64 seq, int len, bool orig);
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	virtual void EndpointEOF(bool is_orig);
 	void StartTLS();
 	static analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new IMAP_Analyzer(conn); }
 protected:
 	binpac::IMAP::IMAP_Conn* interp;
 	bool had_gap;
 	bool tls_active;
 };
 } } // namespace analyzer::*
 #endif /* ANALYZER_PROTOCOL_IMAP_IMAP_H */
--- a/src/analyzer/protocol/imap/Plugin.cc
+++ b/src/analyzer/protocol/imap/Plugin.cc
@ -0,0 +1,22 @@
 // See the file  in the main distribution directory for copyright.
 #include "plugin/Plugin.h"
 #include "IMAP.h"
 namespace plugin {
 namespace Bro_IMAP {
 class Plugin : public plugin::Plugin {
 public:
 	plugin::Configuration Configure()
 		{
 		AddComponent(new ::analyzer::Component("IMAP", ::analyzer::imap::IMAP_Analyzer::Instantiate));
 		plugin::Configuration config;
 		config.name = "Bro::IMAP";
 		config.description = "IMAP analyzer (StartTLS only)";
 		return config;
 		}
 } plugin;
 }
 }
--- a/src/analyzer/protocol/imap/events.bif
+++ b/src/analyzer/protocol/imap/events.bif
@ -0,0 +1,13 @@
 ## Generated when a server sends a capability list to the client,
 ## after being queried using the CAPABILITY command.
 ##
 ## c: The connection.
 ##
 ## capabilities: The list of IMAP capabilities as sent by the server.
 event imap_capabilities%(c: connection, capabilities: string_vec%);
 ## Generated when a IMAP connection goes encrypted after a successful
 ## StartTLS exchange between the client and the server.
 ##
 ## c: The connection.
 event imap_starttls%(c: connection%);
--- a/src/analyzer/protocol/imap/imap-analyzer.pac
+++ b/src/analyzer/protocol/imap/imap-analyzer.pac
@ -0,0 +1,76 @@
 refine connection IMAP_Conn += {
 	%member{
 		string client_starttls_id;
 	%}
 	%init{
 	%}
 	function proc_imap_token(is_orig: bool, tag: bytestring, command: bytestring): bool
 		%{
 		string commands = std_str(command);
 		std::transform(commands.begin(), commands.end(), commands.begin(), ::tolower);
 		string tags = std_str(tag);
 		//printf("imap %s %s\n", commands.c_str(), tags.c_str());
 		if ( !is_orig && tags == "*" && commands == "ok" )
 			bro_analyzer()->ProtocolConfirmation();
 		if ( is_orig && ( command == "capability" || commands == "starttls" ) )
 			bro_analyzer()->ProtocolConfirmation();
 		if ( command == "authenticate" || command == "login" || command == "examine" || command == "create" || command == "list" || command == "fetch" )
 			{
 			bro_analyzer()->ProtocolConfirmation();
 			// Handshake has passed the phase where we should see StartTLS. Simply skip from hereon...
 			bro_analyzer()->SetSkip(true);
 			return true;
 			}
 		if ( is_orig && commands == "starttls" )
 			{
 			if ( !client_starttls_id.empty() )
 				reporter->Weird(bro_analyzer()->Conn(), "IMAP: client sent duplicate StartTLS");
 			client_starttls_id = tags;
 			}
 		if ( !is_orig && !client_starttls_id.empty() && tags == client_starttls_id )
 			{
 			if ( commands == "ok" )
 				{
 				bro_analyzer()->StartTLS();
 				BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn());
 				}
 			else
 				reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS");
 			}
 		return true;
 		%}
 	function proc_server_capability(capabilities: Capability[]): bool
 		%{
 		VectorVal* capv = new VectorVal(internal_type("string_vec")->AsVectorType());
 		for ( unsigned int i = 0; i< capabilities->size(); i++ )
 			{
 			const bytestring& capability = (*capabilities)[i]->cap();
 			capv->Assign(i, new StringVal(capability.length(), (const char*)capability.data()));
 			}
 		BifEvent::generate_imap_capabilities(bro_analyzer(), bro_analyzer()->Conn(), capv);
 		return true;
 		%}
 };
 refine typeattr ImapToken += &let {
 	proc: bool = $context.connection.proc_imap_token(is_orig, tag, command);
 };
 refine typeattr ServerCapability += &let {
 	proc: bool = $context.connection.proc_server_capability(capabilities);
 };
--- a/src/analyzer/protocol/imap/imap-protocol.pac
+++ b/src/analyzer/protocol/imap/imap-protocol.pac
@ -0,0 +1,70 @@
 # commands that we support parsing. The numbers do not really mean anything
 # in this case
 enum ImapCommand {
 	CMD_CAPABILITY,
 	CMD_UNKNOWN
 }
 type TAG = RE/[[:alnum:][:punct:]]+/;
 type CONTENT = RE/[^\r\n]*/;
 type SPACING = RE/[ ]+/;
 type OPTIONALSPACING = RE/[ ]*/;
 type NEWLINE = RE/[\r\n]+/;
 type OPTIONALNEWLINE = RE/[\r\n]*/;
 type IMAP_PDU(is_orig: bool) = ImapToken(is_orig)[] &until($input.length() == 0);
 type ImapToken(is_orig: bool) = record {
 	tag : TAG;
 	: SPACING;
 	command: TAG;
 	: OPTIONALSPACING;
 	client_or_server: case is_orig of {
 		true -> client: UnknownCommand(this) ;
 		false -> server: ServerContentText(this);
 	} &requires(pcommand) ;
 } &let {
 	pcommand: int = $context.connection.determine_command(is_orig, tag, command);
 };
 type ServerContentText(rec: ImapToken) = case rec.pcommand of {
 	CMD_CAPABILITY -> capability: ServerCapability(rec);
 	default -> unknown: UnknownCommand(rec);
 };
 type Capability = record {
 	cap: TAG;
 	: OPTIONALSPACING;
 	nl: OPTIONALNEWLINE;
 };
 type ServerCapability(rec: ImapToken) = record {
 	capabilities: Capability[] &until($context.connection.strlen($element.nl) > 0);
 };
 type UnknownCommand(rec: ImapToken) = record {
 	tagcontent: CONTENT;
 	: NEWLINE;
 };
 refine connection IMAP_Conn += {
 	function determine_command(is_orig: bool, tag: bytestring, command: bytestring): int
 		%{
 		string cmdstr = std_str(command);
 		std::transform(cmdstr.begin(), cmdstr.end(), cmdstr.begin(), ::tolower);
 		string tagstr = std_str(tag);
 		if ( !is_orig && cmdstr == "capability" && tag == "*" ) {
 			return CMD_CAPABILITY;
 		}
 		return CMD_UNKNOWN;
 		%}
 	function strlen(str: bytestring): int
 		%{
 		return str.length();
 		%}
 };
--- a/src/analyzer/protocol/imap/imap.pac
+++ b/src/analyzer/protocol/imap/imap.pac
@ -0,0 +1,37 @@
 # binpac file for the IMAP analyzer.
 # Note that we currently do not even try to parse the protocol
 # completely -- this is only supposed to be able to parse imap
 # till StartTLS does (or does not) kick in.
 %include binpac.pac
 %include bro.pac
 %extern{
 #include "events.bif.h"
 namespace analyzer { namespace imap { class IMAP_Analyzer; } }
 namespace binpac { namespace IMAP { class IMAP_Conn; } }
 typedef analyzer::imap::IMAP_Analyzer* IMAPAnalyzer;
 #include "IMAP.h"
 %}
 extern type IMAPAnalyzer;
 analyzer IMAP withcontext {
 	connection:	 IMAP_Conn;
 	flow:		 IMAP_Flow;
 };
 connection IMAP_Conn(bro_analyzer: IMAPAnalyzer) {
 	upflow = IMAP_Flow(true);
 	downflow = IMAP_Flow(false);
 };
 %include imap-protocol.pac
 flow IMAP_Flow(is_orig: bool) {
 	datagram = IMAP_PDU(is_orig) withcontext(connection, this);
 };
 %include imap-analyzer.pac
--- a/src/broker/comm.bif
+++ b/src/broker/comm.bif
@ -9,46 +9,22 @@ module Broker;
 type Broker::EndpointFlags: record;
-## Enable use of communication.
+function Broker::__enable%(flags: EndpointFlags%): bool
 ##
 ## flags: used to tune the local Broker endpoint behavior.
 ##
 ## Returns: true if communication is successfully initialized.
 function Broker::enable%(flags: EndpointFlags &default = EndpointFlags()%): bool
 	%{
 	return new Val(broker_mgr->Enable(flags), TYPE_BOOL);
 	%}
-## Changes endpoint flags originally supplied to :bro:see:`Broker::enable`.
+function Broker::__set_endpoint_flags%(flags: EndpointFlags%): bool
 ##
 ## flags: the new endpoint behavior flags to use.
 ##
 ## Returns: true if flags were changed.
 function Broker::set_endpoint_flags%(flags: EndpointFlags &default = EndpointFlags()%): bool
 	%{
 	return new Val(broker_mgr->SetEndpointFlags(flags), TYPE_BOOL);
 	%}
-## Allow sending messages to peers if associated with the given topic.
+function Broker::__publish_topic%(topic: string%): bool
 ## This has no effect if auto publication behavior is enabled via the flags
 ## supplied to :bro:see:`Broker::enable` or :bro:see:`Broker::set_endpoint_flags`.
 ##
 ## topic: a topic to allow messages to be published under.
 ##
 ## Returns: true if successful.
 function Broker::publish_topic%(topic: string%): bool
 	%{
 	return new Val(broker_mgr->PublishTopic(topic->CheckString()), TYPE_BOOL);
 	%}
-## Disallow sending messages to peers if associated with the given topic.
+function Broker::__unpublish_topic%(topic: string%): bool
 ## This has no effect if auto publication behavior is enabled via the flags
 ## supplied to :bro:see:`Broker::enable` or :bro:see:`Broker::set_endpoint_flags`.
 ##
 ## topic: a topic to disallow messages to be published under.
 ##
 ## Returns: true if successful.
 function Broker::unpublish_topic%(topic: string%): bool
 	%{
 	return new Val(broker_mgr->UnpublishTopic(topic->CheckString()), TYPE_BOOL);
 	%}
@ -124,20 +100,7 @@ event Broker::incoming_connection_established%(peer_name: string%);
 ## .. bro:see:: Broker::incoming_connection_established
 event Broker::incoming_connection_broken%(peer_name: string%);
-## Listen for remote connections.
+function Broker::__listen%(p: port, a: string, reuse: bool%): bool
 ##
 ## p: the TCP port to listen on.
 ##
 ## a: an address string on which to accept connections, e.g.
 ##    "127.0.0.1".  An empty string refers to @p INADDR_ANY.
 ##
 ## reuse: equivalent to behavior of SO_REUSEADDR.
 ##
 ## Returns: true if the local endpoint is now listening for connections.
 ##
 ## .. bro:see:: Broker::incoming_connection_established
 function Broker::listen%(p: port, a: string &default = "",
 					   reuse: bool &default = T%): bool
 	%{
 	if ( ! p->IsTCP() )
 		{
@ -150,22 +113,7 @@ function Broker::listen%(p: port, a: string &default = "",
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Initiate a remote connection.
+function Broker::__connect%(a: string, p: port, retry: interval%): bool
 ##
 ## a: an address to connect to, e.g. "localhost" or "127.0.0.1".
 ##
 ## p: the TCP port on which the remote side is listening.
 ##
 ## retry: an interval at which to retry establishing the
 ##        connection with the remote peer if it cannot be made initially, or
 ##        if it ever becomes disconnected.
 ##
 ## Returns: true if it's possible to try connecting with the peer and
 ##          it's a new peer.  The actual connection may not be established
 ##          until a later point in time.
 ##
 ## .. bro:see:: Broker::outgoing_connection_established
 function Broker::connect%(a: string, p: port, retry: interval%): bool
 	%{
 	if ( ! p->IsTCP() )
 		{
@ -178,15 +126,7 @@ function Broker::connect%(a: string, p: port, retry: interval%): bool
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Remove a remote connection.
+function Broker::__disconnect%(a: string, p: port%): bool
 ##
 ## a: the address used in previous successful call to :bro:see:`Broker::connect`.
 ##
 ## p: the port used in previous successful call to :bro:see:`Broker::connect`.
 ##
 ## Returns: true if the arguments match a previously successful call to
 ##          :bro:see:`Broker::connect`.
 function Broker::disconnect%(a: string, p: port%): bool
 	%{
 	if ( ! p->IsTCP() )
 		{
--- a/src/broker/data.bif
+++ b/src/broker/data.bif
@ -31,93 +31,44 @@ type Broker::Data: record;
 type Broker::TableItem: record;
-## Convert any Bro value to communication data.
+function Broker::__data%(d: any%): Broker::Data
 ##
 ## d: any Bro value to attempt to convert (not all types are supported).
 ##
 ## Returns: the converted communication data.  The returned record's optional
 ##          field will not be set if the conversion was not possible (this can
 ##          happen if the Bro data type does not support being converted to
 ##          communication data).
 function Broker::data%(d: any%): Broker::Data
 	%{
 	return bro_broker::make_data_val(d);
 	%}
-## Retrieve the type of data associated with communication data.
+function Broker::__data_type%(d: Broker::Data%): Broker::DataType
 ##
 ## d: the communication data.
 ##
 ## Returns: the data type associated with the communication data.
 function Broker::data_type%(d: Broker::Data%): Broker::DataType
 	%{
 	return bro_broker::get_data_type(d->AsRecordVal(), frame);
 	%}
-## Convert communication data with a type of :bro:see:`Broker::BOOL` to
+function Broker::__refine_to_bool%(d: Broker::Data%): bool
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_bool%(d: Broker::Data%): bool
 	%{
 	return bro_broker::refine<bool>(d->AsRecordVal(), TYPE_BOOL, frame);
 	%}
-## Convert communication data with a type of :bro:see:`Broker::INT` to
+function Broker::__refine_to_int%(d: Broker::Data%): int
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_int%(d: Broker::Data%): int
 	%{
 	return bro_broker::refine<int64_t>(d->AsRecordVal(), TYPE_INT, frame);
 	%}
-## Convert communication data with a type of :bro:see:`Broker::COUNT` to
+function Broker::__refine_to_count%(d: Broker::Data%): count
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_count%(d: Broker::Data%): count
 	%{
 	return bro_broker::refine<uint64_t>(d->AsRecordVal(), TYPE_COUNT, frame);
 	%}
-## Convert communication data with a type of :bro:see:`Broker::DOUBLE` to
+function Broker::__refine_to_double%(d: Broker::Data%): double
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_double%(d: Broker::Data%): double
 	%{
 	return bro_broker::refine<double>(d->AsRecordVal(), TYPE_DOUBLE, frame);
 	%}
-## Convert communication data with a type of :bro:see:`Broker::STRING` to
+function Broker::__refine_to_string%(d: Broker::Data%): string
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_string%(d: Broker::Data%): string
 	%{
 	return new StringVal(bro_broker::require_data_type<std::string>(d->AsRecordVal(),
 												              TYPE_STRING,
 															  frame));
 	%}
-## Convert communication data with a type of :bro:see:`Broker::ADDR` to
+function Broker::__refine_to_addr%(d: Broker::Data%): addr
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_addr%(d: Broker::Data%): addr
 	%{
 	auto& a = bro_broker::require_data_type<broker::address>(d->AsRecordVal(),
 													   TYPE_ADDR, frame);
@ -125,13 +76,7 @@ function Broker::refine_to_addr%(d: Broker::Data%): addr
 	return new AddrVal(IPAddr(*bits));
 	%}
-## Convert communication data with a type of :bro:see:`Broker::SUBNET` to
+function Broker::__refine_to_subnet%(d: Broker::Data%): subnet
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_subnet%(d: Broker::Data%): subnet
 	%{
 	auto& a = bro_broker::require_data_type<broker::subnet>(d->AsRecordVal(),
 													  TYPE_SUBNET, frame);
@ -139,71 +84,40 @@ function Broker::refine_to_subnet%(d: Broker::Data%): subnet
 	return new SubNetVal(IPPrefix(IPAddr(*bits), a.length()));
 	%}
-## Convert communication data with a type of :bro:see:`Broker::PORT` to
+function Broker::__refine_to_port%(d: Broker::Data%): port
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_port%(d: Broker::Data%): port
 	%{
 	auto& a = bro_broker::require_data_type<broker::port>(d->AsRecordVal(),
 													TYPE_SUBNET, frame);
 	return new PortVal(a.number(), bro_broker::to_bro_port_proto(a.type()));
 	%}
-## Convert communication data with a type of :bro:see:`Broker::TIME` to
+function Broker::__refine_to_time%(d: Broker::Data%): time
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_time%(d: Broker::Data%): time
 	%{
 	auto v = bro_broker::require_data_type<broker::time_point>(d->AsRecordVal(),
 														TYPE_TIME, frame).value;
 	return new Val(v, TYPE_TIME);
 	%}
-## Convert communication data with a type of :bro:see:`Broker::INTERVAL` to
+function Broker::__refine_to_interval%(d: Broker::Data%): interval
 ## an actual Bro value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the value retrieved from the communication data.
 function Broker::refine_to_interval%(d: Broker::Data%): interval
 	%{
 	auto v = bro_broker::require_data_type<broker::time_duration>(d->AsRecordVal(),
 														TYPE_TIME, frame).value;
 	return new Val(v, TYPE_INTERVAL);
 	%}
-## Convert communication data with a type of :bro:see:`Broker::ENUM` to
+function Broker::__refine_to_enum_name%(d: Broker::Data%): string
 ## the name of the enum value.  :bro:see:`lookup_ID` may be used to convert
 ## the name to the actual enum value.
 ##
 ## d: the communication data to convert.
 ##
 ## Returns: the enum name retrieved from the communication data.
 function Broker::refine_to_enum_name%(d: Broker::Data%): string
 	%{
 	auto& v = bro_broker::require_data_type<broker::enum_value>(d->AsRecordVal(),
 														TYPE_ENUM, frame).name;
 	return new StringVal(v);
 	%}
-## Create communication data of type "set".
+function Broker::__set_create%(%): Broker::Data
 function Broker::set_create%(%): Broker::Data
 	%{
 	return bro_broker::make_data_val(broker::set());
 	%}
-## Remove all elements within a set.
+function Broker::__set_clear%(s: Broker::Data%): bool
 ##
 ## s: the set to clear.
 ##
 ## Returns: always true.
 function Broker::set_clear%(s: Broker::Data%): bool
 	%{
 	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
 												   frame);
@ -211,26 +125,14 @@ function Broker::set_clear%(s: Broker::Data%): bool
 	return new Val(true, TYPE_BOOL);
 	%}
-## Get the number of elements within a set.
+function Broker::__set_size%(s: Broker::Data%): count
 ##
 ## s: the set to query.
 ##
 ## Returns: the number of elements in the set.
 function Broker::set_size%(s: Broker::Data%): count
 	%{
 	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
 												   frame);
 	return new Val(static_cast<uint64_t>(v.size()), TYPE_COUNT);
 	%}
-## Check if a set contains a particular element.
+function Broker::__set_contains%(s: Broker::Data, key: Broker::Data%): bool
 ##
 ## s: the set to query.
 ##
 ## key: the element to check for existence.
 ##
 ## Returns: true if the key exists in the set.
 function Broker::set_contains%(s: Broker::Data, key: Broker::Data%): bool
 	%{
 	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
 												   frame);
@ -238,14 +140,7 @@ function Broker::set_contains%(s: Broker::Data, key: Broker::Data%): bool
 	return new Val(v.find(k) != v.end(), TYPE_BOOL);
 	%}
-## Insert an element into a set.
+function Broker::__set_insert%(s: Broker::Data, key: Broker::Data%): bool
 ##
 ## s: the set to modify.
 ##
 ## key: the element to insert.
 ##
 ## Returns: true if the key was inserted, or false if it already existed.
 function Broker::set_insert%(s: Broker::Data, key: Broker::Data%): bool
 	%{
 	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
 												   frame);
@ -253,14 +148,7 @@ function Broker::set_insert%(s: Broker::Data, key: Broker::Data%): bool
 	return new Val(v.insert(k).second, TYPE_BOOL);
 	%}
-## Remove an element from a set.
+function Broker::__set_remove%(s: Broker::Data, key: Broker::Data%): bool
 ##
 ## s: the set to modify.
 ##
 ## key: the element to remove.
 ##
 ## Returns: true if the element existed in the set and is now removed.
 function Broker::set_remove%(s: Broker::Data, key: Broker::Data%): bool
 	%{
 	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
 												   frame);
@ -268,37 +156,18 @@ function Broker::set_remove%(s: Broker::Data, key: Broker::Data%): bool
 	return new Val(v.erase(k) > 0, TYPE_BOOL);
 	%}
-## Create an iterator for a set.  Note that this makes a copy of the set
+function Broker::__set_iterator%(s: Broker::Data%): opaque of Broker::SetIterator
 ## internally to ensure the iterator is always valid.
 ##
 ## s: the set to iterate over.
 ##
 ## Returns: an iterator.
 function Broker::set_iterator%(s: Broker::Data%): opaque of Broker::SetIterator
 	%{
 	return new bro_broker::SetIterator(s->AsRecordVal(), TYPE_TABLE, frame);
 	%}
-## Check if there are no more elements to iterate over.
+function Broker::__set_iterator_last%(it: opaque of Broker::SetIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if there are no more elements to iterator over, i.e.
 ##          the iterator is one-past-the-final-element.
 function Broker::set_iterator_last%(it: opaque of Broker::SetIterator%): bool
 	%{
 	auto set_it = static_cast<bro_broker::SetIterator*>(it);
 	return new Val(set_it->it == set_it->dat.end(), TYPE_BOOL);
 	%}
-## Advance an iterator.
+function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if the iterator, after advancing, still references an element
 ##          in the collection.  False if the iterator, after advancing, is
 ##          one-past-the-final-element.
 function Broker::set_iterator_next%(it: opaque of Broker::SetIterator%): bool
 	%{
 	auto set_it = static_cast<bro_broker::SetIterator*>(it);
@ -309,12 +178,7 @@ function Broker::set_iterator_next%(it: opaque of Broker::SetIterator%): bool
 	return new Val(set_it->it != set_it->dat.end(), TYPE_BOOL);
 	%}
-## Retrieve the data at an iterator's current position.
+function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data
 ##
 ## it: an iterator.
 ##
 ## Returns: element in the collection that the iterator currently references.
 function Broker::set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data
 	%{
 	auto set_it = static_cast<bro_broker::SetIterator*>(it);
 	auto rval = new RecordVal(BifType::Record::Broker::Data);
@ -331,18 +195,12 @@ function Broker::set_iterator_value%(it: opaque of Broker::SetIterator%): Broker
 	return rval;
 	%}
-## Create communication data of type "table".
+function Broker::__table_create%(%): Broker::Data
 function Broker::table_create%(%): Broker::Data
 	%{
 	return bro_broker::make_data_val(broker::table());
 	%}
-## Remove all elements within a table.
+function Broker::__table_clear%(t: Broker::Data%): bool
 ##
 ## t: the table to clear.
 ##
 ## Returns: always true.
 function Broker::table_clear%(t: Broker::Data%): bool
 	%{
 	auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
 													 TYPE_TABLE, frame);
@ -350,26 +208,14 @@ function Broker::table_clear%(t: Broker::Data%): bool
 	return new Val(true, TYPE_BOOL);
 	%}
-## Get the number of elements within a table.
+function Broker::__table_size%(t: Broker::Data%): count
 ##
 ## t: the table to query.
 ##
 ## Returns: the number of elements in the table.
 function Broker::table_size%(t: Broker::Data%): count
 	%{
 	auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
 													 TYPE_TABLE, frame);
 	return new Val(static_cast<uint64_t>(v.size()), TYPE_COUNT);
 	%}
-## Check if a table contains a particular key.
+function Broker::__table_contains%(t: Broker::Data, key: Broker::Data%): bool
 ##
 ## t: the table to query.
 ##
 ## key: the key to check for existence.
 ##
 ## Returns: true if the key exists in the table.
 function Broker::table_contains%(t: Broker::Data, key: Broker::Data%): bool
 	%{
 	auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
 													 TYPE_TABLE, frame);
@ -377,17 +223,7 @@ function Broker::table_contains%(t: Broker::Data, key: Broker::Data%): bool
 	return new Val(v.find(k) != v.end(), TYPE_BOOL);
 	%}
-## Insert a key-value pair into a table.
+function Broker::__table_insert%(t: Broker::Data, key: Broker::Data, val: Broker::Data%): Broker::Data
 ##
 ## t: the table to modify.
 ##
 ## key: the key at which to insert the value.
 ##
 ## val: the value to insert.
 ##
 ## Returns: true if the key-value pair was inserted, or false if the key
 ##          already existed in the table.
 function Broker::table_insert%(t: Broker::Data, key: Broker::Data, val: Broker::Data%): Broker::Data
 	%{
 	auto& table = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
 													     TYPE_TABLE, frame);
@ -408,15 +244,7 @@ function Broker::table_insert%(t: Broker::Data, key: Broker::Data, val: Broker::
 		}
 	%}
-## Remove a key-value pair from a table.
+function Broker::__table_remove%(t: Broker::Data, key: Broker::Data%): Broker::Data
 ##
 ## t: the table to modify.
 ##
 ## key: the key to remove from the table.
 ##
 ## Returns: the value associated with the key.  If the key did not exist, then
 ##          the optional field of the returned record is not set.
 function Broker::table_remove%(t: Broker::Data, key: Broker::Data%): Broker::Data
 	%{
 	auto& table = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
 													     TYPE_TABLE, frame);
@ -433,15 +261,7 @@ function Broker::table_remove%(t: Broker::Data, key: Broker::Data%): Broker::Dat
 		}
 	%}
-## Retrieve a value from a table.
+function Broker::__table_lookup%(t: Broker::Data, key: Broker::Data%): Broker::Data
 ##
 ## t: the table to query.
 ##
 ## key: the key to lookup.
 ##
 ## Returns: the value associated with the key.  If the key did not exist, then
 ##          the optional field of the returned record is not set.
 function Broker::table_lookup%(t: Broker::Data, key: Broker::Data%): Broker::Data
 	%{
 	auto& table = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
 													     TYPE_TABLE, frame);
@ -454,37 +274,18 @@ function Broker::table_lookup%(t: Broker::Data, key: Broker::Data%): Broker::Dat
 		return bro_broker::make_data_val(it->second);
 	%}
-## Create an iterator for a table.  Note that this makes a copy of the table
+function Broker::__table_iterator%(t: Broker::Data%): opaque of Broker::TableIterator
 ## internally to ensure the iterator is always valid.
 ##
 ## t: the table to iterate over.
 ##
 ## Returns: an iterator.
 function Broker::table_iterator%(t: Broker::Data%): opaque of Broker::TableIterator
 	%{
 	return new bro_broker::TableIterator(t->AsRecordVal(), TYPE_TABLE, frame);
 	%}
-## Check if there are no more elements to iterate over.
+function Broker::__table_iterator_last%(it: opaque of Broker::TableIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if there are no more elements to iterator over, i.e.
 ##          the iterator is one-past-the-final-element.
 function Broker::table_iterator_last%(it: opaque of Broker::TableIterator%): bool
 	%{
 	auto ti = static_cast<bro_broker::TableIterator*>(it);
 	return new Val(ti->it == ti->dat.end(), TYPE_BOOL);
 	%}
-## Advance an iterator.
+function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if the iterator, after advancing, still references an element
 ##          in the collection.  False if the iterator, after advancing, is
 ##          one-past-the-final-element.
 function Broker::table_iterator_next%(it: opaque of Broker::TableIterator%): bool
 	%{
 	auto ti = static_cast<bro_broker::TableIterator*>(it);
@ -495,12 +296,7 @@ function Broker::table_iterator_next%(it: opaque of Broker::TableIterator%): boo
 	return new Val(ti->it != ti->dat.end(), TYPE_BOOL);
 	%}
-## Retrieve the data at an iterator's current position.
+function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem
 ##
 ## it: an iterator.
 ##
 ## Returns: element in the collection that the iterator currently references.
 function Broker::table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem
 	%{
 	auto ti = static_cast<bro_broker::TableIterator*>(it);
 	auto rval = new RecordVal(BifType::Record::Broker::TableItem);
@ -522,18 +318,12 @@ function Broker::table_iterator_value%(it: opaque of Broker::TableIterator%): Br
 	return rval;
 	%}
-## Create communication data of type "vector".
+function Broker::__vector_create%(%): Broker::Data
 function Broker::vector_create%(%): Broker::Data
 	%{
 	return bro_broker::make_data_val(broker::vector());
 	%}
-## Remove all elements within a vector.
+function Broker::__vector_clear%(v: Broker::Data%): bool
 ##
 ## v: the vector to clear.
 ##
 ## Returns: always true.
 function Broker::vector_clear%(v: Broker::Data%): bool
 	%{
 	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
 													    TYPE_VECTOR, frame);
@ -541,30 +331,14 @@ function Broker::vector_clear%(v: Broker::Data%): bool
 	return new Val(true, TYPE_BOOL);
 	%}
-## Get the number of elements within a vector.
+function Broker::__vector_size%(v: Broker::Data%): count
 ##
 ## v: the vector to query.
 ##
 ## Returns: the number of elements in the vector.
 function Broker::vector_size%(v: Broker::Data%): count
 	%{
 	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
 													    TYPE_VECTOR, frame);
 	return new Val(static_cast<uint64_t>(vec.size()), TYPE_COUNT);
 	%}
-## Insert an element into a vector at a particular position, possibly displacing
+function Broker::__vector_insert%(v: Broker::Data, d: Broker::Data, idx: count%): bool
 ## existing elements (insertion always grows the size of the vector by one).
 ##
 ## v: the vector to modify.
 ##
 ## d: the element to insert.
 ##
 ## idx: the index at which to insert the data.  If it is greater than the
 ##      current size of the vector, the element is inserted at the end.
 ##
 ## Returns: always true.
 function Broker::vector_insert%(v: Broker::Data, d: Broker::Data, idx: count%): bool
 	%{
 	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
 													    TYPE_VECTOR, frame);
@ -574,17 +348,7 @@ function Broker::vector_insert%(v: Broker::Data, d: Broker::Data, idx: count%):
 	return new Val(true, TYPE_BOOL);
 	%}
-## Replace an element in a vector at a particular position.
+function Broker::__vector_replace%(v: Broker::Data, d: Broker::Data, idx: count%): Broker::Data
 ##
 ## v: the vector to modify.
 ##
 ## d: the element to insert.
 ##
 ## idx: the index to replace.
 ##
 ## Returns: the value that was just evicted.  If the index was larger than any
 ##          valid index, the optional field of the returned record is not set.
 function Broker::vector_replace%(v: Broker::Data, d: Broker::Data, idx: count%): Broker::Data
 	%{
 	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
 													    TYPE_VECTOR, frame);
@ -598,15 +362,7 @@ function Broker::vector_replace%(v: Broker::Data, d: Broker::Data, idx: count%):
 	return rval;
 	%}
-## Remove an element from a vector at a particular position.
+function Broker::__vector_remove%(v: Broker::Data, idx: count%): Broker::Data
 ##
 ## v: the vector to modify.
 ##
 ## idx: the index to remove.
 ##
 ## Returns: the value that was just evicted.  If the index was larger than any
 ##          valid index, the optional field of the returned record is not set.
 function Broker::vector_remove%(v: Broker::Data, idx: count%): Broker::Data
 	%{
 	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
 													    TYPE_VECTOR, frame);
@ -619,15 +375,7 @@ function Broker::vector_remove%(v: Broker::Data, idx: count%): Broker::Data
 	return rval;
 	%}
-## Lookup an element in a vector at a particular position.
+function Broker::__vector_lookup%(v: Broker::Data, idx: count%): Broker::Data
 ##
 ## v: the vector to query.
 ##
 ## idx: the index to lookup.
 ##
 ## Returns: the value at the index.  If the index was larger than any
 ##          valid index, the optional field of the returned record is not set.
 function Broker::vector_lookup%(v: Broker::Data, idx: count%): Broker::Data
 	%{
 	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
 													    TYPE_VECTOR, frame);
@ -638,37 +386,18 @@ function Broker::vector_lookup%(v: Broker::Data, idx: count%): Broker::Data
 	return bro_broker::make_data_val(vec[idx]);
 	%}
-## Create an iterator for a vector.  Note that this makes a copy of the vector
+function Broker::__vector_iterator%(v: Broker::Data%): opaque of Broker::VectorIterator
 ## internally to ensure the iterator is always valid.
 ##
 ## v: the vector to iterate over.
 ##
 ## Returns: an iterator.
 function Broker::vector_iterator%(v: Broker::Data%): opaque of Broker::VectorIterator
 	%{
 	return new bro_broker::VectorIterator(v->AsRecordVal(), TYPE_VECTOR, frame);
 	%}
-## Check if there are no more elements to iterate over.
+function Broker::__vector_iterator_last%(it: opaque of Broker::VectorIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if there are no more elements to iterator over, i.e.
 ##          the iterator is one-past-the-final-element.
 function Broker::vector_iterator_last%(it: opaque of Broker::VectorIterator%): bool
 	%{
 	auto vi = static_cast<bro_broker::VectorIterator*>(it);
 	return new Val(vi->it == vi->dat.end(), TYPE_BOOL);
 	%}
-## Advance an iterator.
+function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if the iterator, after advancing, still references an element
 ##          in the collection.  False if the iterator, after advancing, is
 ##          one-past-the-final-element.
 function Broker::vector_iterator_next%(it: opaque of Broker::VectorIterator%): bool
 	%{
 	auto vi = static_cast<bro_broker::VectorIterator*>(it);
@ -679,12 +408,7 @@ function Broker::vector_iterator_next%(it: opaque of Broker::VectorIterator%): b
 	return new Val(vi->it != vi->dat.end(), TYPE_BOOL);
 	%}
-## Retrieve the data at an iterator's current position.
+function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data
 ##
 ## it: an iterator.
 ##
 ## Returns: element in the collection that the iterator currently references.
 function Broker::vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data
 	%{
 	auto vi = static_cast<bro_broker::VectorIterator*>(it);
 	auto rval = new RecordVal(BifType::Record::Broker::Data);
@ -701,38 +425,19 @@ function Broker::vector_iterator_value%(it: opaque of Broker::VectorIterator%):
 	return rval;
 	%}
-## Create communication data of type "record".
+function Broker::__record_create%(sz: count%): Broker::Data
 ##
 ## sz: the number of fields in the record.
 ##
 ## Returns: record data, with all fields uninitialized.
 function Broker::record_create%(sz: count%): Broker::Data
 	%{
 	return bro_broker::make_data_val(broker::record(std::vector<broker::record::field>(sz)));
 	%}
-## Get the number of fields within a record.
+function Broker::__record_size%(r: Broker::Data%): count
 ##
 ## r: the record to query.
 ##
 ## Returns: the number of fields in the record.
 function Broker::record_size%(r: Broker::Data%): count
 	%{
 	auto& v = bro_broker::require_data_type<broker::record>(r->AsRecordVal(),
 													  TYPE_RECORD, frame);
 	return new Val(static_cast<uint64_t>(v.fields.size()), TYPE_COUNT);
 	%}
-## Replace a field in a record at a particular position.
+function Broker::__record_assign%(r: Broker::Data, d: Broker::Data, idx: count%): bool
 ##
 ## r: the record to modify.
 ##
 ## d: the new field value to assign.
 ##
 ## idx: the index to replace.
 ##
 ## Returns: false if the index was larger than any valid index, else true.
 function Broker::record_assign%(r: Broker::Data, d: Broker::Data, idx: count%): bool
 	%{
 	auto& v = bro_broker::require_data_type<broker::record>(r->AsRecordVal(),
 													  TYPE_RECORD, frame);
@ -745,16 +450,7 @@ function Broker::record_assign%(r: Broker::Data, d: Broker::Data, idx: count%):
 	return new Val(true, TYPE_BOOL);
 	%}
-## Lookup a field in a record at a particular position.
+function Broker::__record_lookup%(r: Broker::Data, idx: count%): Broker::Data
 ##
 ## r: the record to query.
 ##
 ## idx: the index to lookup.
 ##
 ## Returns: the value at the index.  The optional field of the returned record
 ##          may not be set if the field of the record has no value or if the
 ##          index was not valid.
 function Broker::record_lookup%(r: Broker::Data, idx: count%): Broker::Data
 	%{
 	auto& v = bro_broker::require_data_type<broker::record>(r->AsRecordVal(),
 													  TYPE_RECORD, frame);
@ -768,37 +464,18 @@ function Broker::record_lookup%(r: Broker::Data, idx: count%): Broker::Data
 	return bro_broker::make_data_val(*v.fields[idx]);
 	%}
-## Create an iterator for a record.  Note that this makes a copy of the record
+function Broker::__record_iterator%(r: Broker::Data%): opaque of Broker::RecordIterator
 ## internally to ensure the iterator is always valid.
 ##
 ## r: the record to iterate over.
 ##
 ## Returns: an iterator.
 function Broker::record_iterator%(r: Broker::Data%): opaque of Broker::RecordIterator
 	%{
 	return new bro_broker::RecordIterator(r->AsRecordVal(), TYPE_RECORD, frame);
 	%}
-## Check if there are no more elements to iterate over.
+function Broker::__record_iterator_last%(it: opaque of Broker::RecordIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if there are no more elements to iterator over, i.e.
 ##          the iterator is one-past-the-final-element.
 function Broker::record_iterator_last%(it: opaque of Broker::RecordIterator%): bool
 	%{
 	auto ri = static_cast<bro_broker::RecordIterator*>(it);
 	return new Val(ri->it == ri->dat.fields.end(), TYPE_BOOL);
 	%}
-## Advance an iterator.
+function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%): bool
 ##
 ## it: an iterator.
 ##
 ## Returns: true if the iterator, after advancing, still references an element
 ##          in the collection.  False if the iterator, after advancing, is
 ##          one-past-the-final-element.
 function Broker::record_iterator_next%(it: opaque of Broker::RecordIterator%): bool
 	%{
 	auto ri = static_cast<bro_broker::RecordIterator*>(it);
@ -809,12 +486,7 @@ function Broker::record_iterator_next%(it: opaque of Broker::RecordIterator%): b
 	return new Val(ri->it != ri->dat.fields.end(), TYPE_BOOL);
 	%}
-## Retrieve the data at an iterator's current position.
+function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data
 ##
 ## it: an iterator.
 ##
 ## Returns: element in the collection that the iterator currently references.
 function Broker::record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data
 	%{
 	auto ri = static_cast<bro_broker::RecordIterator*>(it);
 	auto rval = new RecordVal(BifType::Record::Broker::Data);
--- a/src/broker/messaging.bif
+++ b/src/broker/messaging.bif
@ -13,202 +13,99 @@ type Broker::SendFlags: record;
 type Broker::EventArgs: record;
 ## Used to handle remote print messages from peers that call
-## :bro:see:`Broker::print`.
+## :bro:see:`Broker::send_print`.
 event Broker::print_handler%(msg: string%);
-## Print a simple message to any interested peers.  The receiver can use
+function Broker::__send_print%(topic: string, msg: string, flags: Broker::SendFlags%): bool
 ## :bro:see:`Broker::print_handler` to handle messages.
 ##
 ## topic: a topic associated with the printed message.
 ##
 ## msg: the print message to send to peers.
 ##
 ## flags: tune the behavior of how the message is sent.
 ##
 ## Returns: true if the message is sent.
 function Broker::print%(topic: string, msg: string,
                      flags: SendFlags &default = SendFlags()%): bool
 	%{
 	auto rval = broker_mgr->Print(topic->CheckString(), msg->CheckString(),
 	                            flags);
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Register interest in all peer print messages that use a certain topic prefix.
+function Broker::__subscribe_to_prints%(topic_prefix: string%): bool
 ## Use :bro:see:`Broker::print_handler` to handle received messages.
 ##
 ## topic_prefix: a prefix to match against remote message topics.
 ##               e.g. an empty prefix matches everything and "a" matches
 ##               "alice" and "amy" but not "bob".
 ##
 ## Returns: true if it's a new print subscription and it is now registered.
 function Broker::subscribe_to_prints%(topic_prefix: string%): bool
 	%{
 	auto rval = broker_mgr->SubscribeToPrints(topic_prefix->CheckString());
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Unregister interest in all peer print messages that use a topic prefix.
+function Broker::__unsubscribe_to_prints%(topic_prefix: string%): bool
 ##
 ## topic_prefix: a prefix previously supplied to a successful call to
 ##               :bro:see:`Broker::subscribe_to_prints`.
 ##
 ## Returns: true if interest in the topic prefix is no longer advertised.
 function Broker::unsubscribe_to_prints%(topic_prefix: string%): bool
 	%{
 	auto rval = broker_mgr->UnsubscribeToPrints(topic_prefix->CheckString());
 	return new Val(rval, TYPE_BOOL);
 	%}
 ## Create a data structure that may be used to send a remote event via
-## :bro:see:`Broker::event`.
+## :bro:see:`Broker::send_event`.
 ##
 ## args: an event, followed by a list of argument values that may be used
 ##       to call it.
 ##
-## Returns: opaque communication data that may be used to send a remote event.
+## Returns: opaque communication data that may be used to send a remote
 ##          event.
 function Broker::event_args%(...%): Broker::EventArgs
 	%{
 	auto rval = broker_mgr->MakeEventArgs(@ARGS@);
 	return rval;
 	%}
-## Send an event to any interested peers.
+function Broker::__event%(topic: string, args: Broker::EventArgs, flags: Broker::SendFlags%): bool
 ##
 ## topic: a topic associated with the event message.
 ##
 ## args: event arguments as made by :bro:see:`Broker::event_args`.
 ##
 ## flags: tune the behavior of how the message is sent.
 ##
 ## Returns: true if the message is sent.
 function Broker::event%(topic: string, args: Broker::EventArgs,
                      flags: SendFlags &default = SendFlags()%): bool
 	%{
 	auto rval = broker_mgr->Event(topic->CheckString(), args->AsRecordVal(),
 	                            flags);
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Automatically send an event to any interested peers whenever it is
+function Broker::__auto_event%(topic: string, ev: any, flags: Broker::SendFlags%): bool
 ## locally dispatched (e.g. using "event my_event(...);" in a script).
 ##
 ## topic: a topic string associated with the event message.
 ##        Peers advertise interest by registering a subscription to some prefix
 ##        of this topic name.
 ##
 ## ev: a Bro event value.
 ##
 ## flags: tune the behavior of how the message is sent.
 ##
 ## Returns: true if automatic event sending is now enabled.
 function Broker::auto_event%(topic: string, ev: any,
                           flags: SendFlags &default = SendFlags()%): bool
 	%{
 	auto rval = broker_mgr->AutoEvent(topic->CheckString(), ev, flags);
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Stop automatically sending an event to peers upon local dispatch.
+function Broker::__auto_event_stop%(topic: string, ev: any%): bool
 ##
 ## topic: a topic originally given to :bro:see:`Broker::auto_event`.
 ##
 ## ev: an event originally given to :bro:see:`Broker::auto_event`.
 ##
 ## Returns: true if automatic events will not occur for the topic/event pair.
 function Broker::auto_event_stop%(topic: string, ev: any%): bool
 	%{
 	auto rval = broker_mgr->AutoEventStop(topic->CheckString(), ev);
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Register interest in all peer event messages that use a certain topic prefix.
+function Broker::__subscribe_to_events%(topic_prefix: string%): bool
 ##
 ## topic_prefix: a prefix to match against remote message topics.
 ##               e.g. an empty prefix matches everything and "a" matches
 ##               "alice" and "amy" but not "bob".
 ##
 ## Returns: true if it's a new event subscription and it is now registered.
 function Broker::subscribe_to_events%(topic_prefix: string%): bool
 	%{
 	auto rval = broker_mgr->SubscribeToEvents(topic_prefix->CheckString());
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Unregister interest in all peer event messages that use a topic prefix.
+function Broker::__unsubscribe_to_events%(topic_prefix: string%): bool
 ##
 ## topic_prefix: a prefix previously supplied to a successful call to
 ##               :bro:see:`Broker::subscribe_to_events`.
 ##
 ## Returns: true if interest in the topic prefix is no longer advertised.
 function Broker::unsubscribe_to_events%(topic_prefix: string%): bool
 	%{
 	auto rval = broker_mgr->UnsubscribeToEvents(topic_prefix->CheckString());
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Enable remote logs for a given log stream.
+function Broker::__enable_remote_logs%(id: Log::ID, flags: Broker::SendFlags%): bool
 ##
 ## id: the log stream to enable remote logs for.
 ##
 ## flags: tune the behavior of how log entry messages are sent.
 ##
 ## Returns: true if remote logs are enabled for the stream.
 function
 Broker::enable_remote_logs%(id: Log::ID,
                          flags: SendFlags &default = SendFlags()%): bool
 	%{
 	auto rval = log_mgr->EnableRemoteLogs(id->AsEnumVal(),
 	                                   bro_broker::Manager::send_flags_to_int(flags));
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Disable remote logs for a given log stream.
+function Broker::__disable_remote_logs%(id: Log::ID%): bool
 ##
 ## id: the log stream to disable remote logs for.
 ##
 ## Returns: true if remote logs are disabled for the stream.
 function Broker::disable_remote_logs%(id: Log::ID%): bool
 	%{
 	auto rval = log_mgr->DisableRemoteLogs(id->AsEnumVal());
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Check if remote logs are enabled for a given log stream.
+function Broker::__remote_logs_enabled%(id: Log::ID%): bool
 ##
 ## id: the log stream to check.
 ##
 ## Returns: true if remote logs are enabled for the given stream.
 function Broker::remote_logs_enabled%(id: Log::ID%): bool
 	%{
 	auto rval = log_mgr->RemoteLogsAreEnabled(id->AsEnumVal());
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Register interest in all peer log messages that use a certain topic prefix.
+function Broker::__subscribe_to_logs%(topic_prefix: string%): bool
 ## Logs are implicitly sent with topic "bro/log/<stream-name>" and the
 ## receiving side processes them through the logging framework as usual.
 ##
 ## topic_prefix: a prefix to match against remote message topics.
 ##               e.g. an empty prefix matches everything and "a" matches
 ##               "alice" and "amy" but not "bob".
 ##
 ## Returns: true if it's a new log subscription and it is now registered.
 function Broker::subscribe_to_logs%(topic_prefix: string%): bool
 	%{
 	auto rval = broker_mgr->SubscribeToLogs(topic_prefix->CheckString());
 	return new Val(rval, TYPE_BOOL);
 	%}
-## Unregister interest in all peer log messages that use a topic prefix.
+function Broker::__unsubscribe_to_logs%(topic_prefix: string%): bool
 ## Logs are implicitly sent with topic "bro/log/<stream-name>" and the
 ## receiving side processes them through the logging framework as usual.
 ##
 ## topic_prefix: a prefix previously supplied to a successful call to
 ##               :bro:see:`Broker::subscribe_to_logs`.
 ##
 ## Returns: true if interest in the topic prefix is no longer advertised.
 function Broker::unsubscribe_to_logs%(topic_prefix: string%): bool
 	%{
 	auto rval = broker_mgr->UnsubscribeToLogs(topic_prefix->CheckString());
 	return new Val(rval, TYPE_BOOL);
--- a/src/broker/store.bif
+++ b/src/broker/store.bif
@ -23,16 +23,7 @@ enum BackendType %{
 	ROCKSDB,
 %}
-## Create a master data store which contains key-value pairs.
+function Broker::__create_master%(id: string, b: BackendType,
 ##
 ## id: a unique name for the data store.
 ##
 ## b: the storage backend to use.
 ##
 ## options: tunes how some storage backends operate.
 ##
 ## Returns: a handle to the data store.
 function Broker::create_master%(id: string, b: BackendType &default = MEMORY,
                               options: BackendOptions &default = BackendOptions()%): opaque of Broker::Handle
 	%{
 	auto id_str = id->CheckString();
@ -53,29 +44,7 @@ function Broker::create_master%(id: string, b: BackendType &default = MEMORY,
 	return rval;
 	%}
-## Create a clone of a master data store which may live with a remote peer.
+function Broker::__create_clone%(id: string, b: BackendType,
 ## A clone automatically synchronizes to the master by automatically receiving
 ## modifications and applying them locally.  Direct modifications are not
 ## possible, they must be sent through the master store, which then
 ## automatically broadcasts the changes out to clones.  But queries may be made
 ## directly against the local cloned copy, which may be resolved quicker than
 ## reaching out to a remote master store.
 ##
 ## id: the unique name which identifies the master data store.
 ##
 ## b: the storage backend to use.
 ##
 ## options: tunes how some storage backends operate.
 ##
 ## resync: the interval at which to re-attempt synchronizing with the master
 ##         store should the connection be lost.  If the clone has not yet
 ##         synchronized for the first time, updates and queries queue up until
 ##         the synchronization completes.  After, if the connection to the
 ##         master store is lost, queries continue to use the clone's version,
 ##         but updates will be lost until the master is once again available.
 ##
 ## Returns: a handle to the data store.
 function Broker::create_clone%(id: string, b: BackendType &default = MEMORY,
                              options: BackendOptions &default = BackendOptions(),
                              resync: interval &default = 1sec%): opaque of Broker::Handle
 	%{
@ -98,13 +67,7 @@ function Broker::create_clone%(id: string, b: BackendType &default = MEMORY,
 	return rval;
 	%}
-## Create a frontend interface to an existing master data store that allows
+function Broker::__create_frontend%(id: string%): opaque of Broker::Handle
 ## querying and updating its contents.
 ##
 ## id: the unique name which identifies the master data store.
 ##
 ## Returns: a handle to the data store.
 function Broker::create_frontend%(id: string%): opaque of Broker::Handle
 	%{
 	auto id_str = id->CheckString();
 	auto type = bro_broker::StoreType::FRONTEND;
@ -122,13 +85,7 @@ function Broker::create_frontend%(id: string%): opaque of Broker::Handle
 	return rval;
 	%}
-## Close a data store.
+function Broker::__close_by_handle%(h: opaque of Broker::Handle%): bool
 ##
 ## h: a data store handle.
 ##
 ## Returns: true if store was valid and is now closed.  The handle can no
 ##          longer be used for data store operations.
 function Broker::close_by_handle%(h: opaque of Broker::Handle%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -143,18 +100,7 @@ function Broker::close_by_handle%(h: opaque of Broker::Handle%): bool
 # non-blocking update API #
 ###########################
-## Insert a key-value pair in to the store.
+function Broker::__insert%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to modify.
 ##
 ## k: the key to insert.
 ##
 ## v: the value to insert.
 ##
 ## e: the expiration time of the key-value pair.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::insert%(h: opaque of Broker::Handle,
                        k: Broker::Data, v: Broker::Data,
                        e: Broker::ExpiryTime &default = Broker::ExpiryTime()%): bool
 	%{
@ -191,14 +137,7 @@ function Broker::insert%(h: opaque of Broker::Handle,
 	return new Val(true, TYPE_BOOL);
 	%}
-## Remove a key-value pair from the store.
+function Broker::__erase%(h: opaque of Broker::Handle, k: Broker::Data%): bool
 ##
 ## h: the handle of the store to modify.
 ##
 ## k: the key to remove.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::erase%(h: opaque of Broker::Handle, k: Broker::Data%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -210,12 +149,7 @@ function Broker::erase%(h: opaque of Broker::Handle, k: Broker::Data%): bool
 	return new Val(true, TYPE_BOOL);
 	%}
-## Remove all key-value pairs from the store.
+function Broker::__clear%(h: opaque of Broker::Handle%): bool
 ##
 ## h: the handle of the store to modify.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::clear%(h: opaque of Broker::Handle%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -226,17 +160,7 @@ function Broker::clear%(h: opaque of Broker::Handle%): bool
 	return new Val(true, TYPE_BOOL);
 	%}
-## Increment an integer value in a data store.
+function Broker::__increment%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to modify.
 ##
 ## k: the key whose associated value is to be modified.
 ##
 ## by: the amount to increment the value by.  A non-existent key will first
 ##     create it with an implicit value of zero before incrementing.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::increment%(h: opaque of Broker::Handle,
                           k: Broker::Data, by: int &default = +1%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -249,17 +173,7 @@ function Broker::increment%(h: opaque of Broker::Handle,
 	return new Val(true, TYPE_BOOL);
 	%}
-## Decrement an integer value in a data store.
+function Broker::__decrement%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to modify.
 ##
 ## k: the key whose associated value is to be modified.
 ##
 ## by: the amount to decrement the value by.  A non-existent key will first
 ##     create it with an implicit value of zero before decrementing.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::decrement%(h: opaque of Broker::Handle,
                           k: Broker::Data, by: int &default = +1%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -272,17 +186,7 @@ function Broker::decrement%(h: opaque of Broker::Handle,
 	return new Val(true, TYPE_BOOL);
 	%}
-## Add an element to a set value in a data store.
+function Broker::__add_to_set%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to modify.
 ##
 ## k: the key whose associated value is to be modified.
 ##
 ## element: the element to add to the set.  A non-existent key will first
 ##          create it with an implicit empty set value before modifying.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::add_to_set%(h: opaque of Broker::Handle,
                            k: Broker::Data, element: Broker::Data%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -296,17 +200,7 @@ function Broker::add_to_set%(h: opaque of Broker::Handle,
 	return new Val(true, TYPE_BOOL);
 	%}
-## Remove an element from a set value in a data store.
+function Broker::__remove_from_set%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to modify.
 ##
 ## k: the key whose associated value is to be modified.
 ##
 ## element: the element to remove from the set.  A non-existent key will
 ##          implicitly create an empty set value associated with the key.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::remove_from_set%(h: opaque of Broker::Handle,
                                 k: Broker::Data, element: Broker::Data%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -320,17 +214,7 @@ function Broker::remove_from_set%(h: opaque of Broker::Handle,
 	return new Val(true, TYPE_BOOL);
 	%}
-## Add a new item to the head of a vector value in a data store.
+function Broker::__push_left%(h: opaque of Broker::Handle, k: Broker::Data,
 ##
 ## h: the handle of store to modify.
 ##
 ## k: the key whose associated value is to be modified.
 ##
 ## items: the element to insert in to the vector.  A non-existent key will first
 ##        create an empty vector value before modifying.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::push_left%(h: opaque of Broker::Handle, k: Broker::Data,
                           items: Broker::DataVector%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -353,17 +237,7 @@ function Broker::push_left%(h: opaque of Broker::Handle, k: Broker::Data,
 	return new Val(true, TYPE_BOOL);
 	%}
-## Add a new item to the tail of a vector value in a data store.
+function Broker::__push_right%(h: opaque of Broker::Handle, k: Broker::Data,
 ##
 ## h: the handle of store to modify.
 ##
 ## k: the key whose associated value is to be modified.
 ##
 ## items: the element to insert in to the vector.  A non-existent key will first
 ##        create an empty vector value before modifying.
 ##
 ## Returns: false if the store handle was not valid.
 function Broker::push_right%(h: opaque of Broker::Handle, k: Broker::Data,
                            items: Broker::DataVector%): bool
 	%{
 	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -437,14 +311,7 @@ static bool prepare_for_query(Val* opaque, Frame* frame,
 %%}
-## Pop the head of a data store vector value.
+function Broker::__pop_left%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to query.
 ##
 ## k: the key associated with the vector to modify.
 ##
 ## Returns: the result of the query.
 function Broker::pop_left%(h: opaque of Broker::Handle,
                          k: Broker::Data%): Broker::QueryResult
 	%{
 	if ( ! broker_mgr->Enabled() )
@ -467,14 +334,7 @@ function Broker::pop_left%(h: opaque of Broker::Handle,
 	return 0;
 	%}
-## Pop the tail of a data store vector value.
+function Broker::__pop_right%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to query.
 ##
 ## k: the key associated with the vector to modify.
 ##
 ## Returns: the result of the query.
 function Broker::pop_right%(h: opaque of Broker::Handle,
                           k: Broker::Data%): Broker::QueryResult
 	%{
 	if ( ! broker_mgr->Enabled() )
@ -497,14 +357,7 @@ function Broker::pop_right%(h: opaque of Broker::Handle,
 	return 0;
 	%}
-## Lookup the value associated with a key in a data store.
+function Broker::__lookup%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to query.
 ##
 ## k: the key to lookup.
 ##
 ## Returns: the result of the query.
 function Broker::lookup%(h: opaque of Broker::Handle,
                       k: Broker::Data%): Broker::QueryResult
 	%{
 	if ( ! broker_mgr->Enabled() )
@ -527,14 +380,7 @@ function Broker::lookup%(h: opaque of Broker::Handle,
 	return 0;
 	%}
-## Check if a data store contains a given key.
+function Broker::__exists%(h: opaque of Broker::Handle,
 ##
 ## h: the handle of the store to query.
 ##
 ## k: the key to check for existence.
 ##
 ## Returns: the result of the query (uses :bro:see:`Broker::BOOL`).
 function Broker::exists%(h: opaque of Broker::Handle,
                        k: Broker::Data%): Broker::QueryResult
 	%{
 	if ( ! broker_mgr->Enabled() )
@ -557,12 +403,7 @@ function Broker::exists%(h: opaque of Broker::Handle,
 	return 0;
 	%}
-## Retrieve all keys in a data store.
+function Broker::__keys%(h: opaque of Broker::Handle%): Broker::QueryResult
 ##
 ## h: the handle of the store to query.
 ##
 ## Returns: the result of the query (uses :bro:see:`Broker::VECTOR`).
 function Broker::keys%(h: opaque of Broker::Handle%): Broker::QueryResult
 	%{
 	double timeout;
 	bro_broker::StoreQueryCallback* cb;
@ -575,12 +416,7 @@ function Broker::keys%(h: opaque of Broker::Handle%): Broker::QueryResult
 	return 0;
 	%}
-## Get the number of key-value pairs in a data store.
+function Broker::__size%(h: opaque of Broker::Handle%): Broker::QueryResult
 ##
 ## h: the handle of the store to query.
 ##
 ## Returns: the result of the query (uses :bro:see:`Broker::COUNT`).
 function Broker::size%(h: opaque of Broker::Handle%): Broker::QueryResult
 	%{
 	if ( ! broker_mgr->Enabled() )
 		return bro_broker::query_result();
--- a/src/broxygen/Configuration.cc
+++ b/src/broxygen/Configuration.cc
@ -65,7 +65,7 @@ Config::Config(const string& arg_file, const string& delim)
 		Target* target = target_factory.Create(tokens[0], tokens[2], tokens[1]);
 		if ( ! target )
-			reporter->FatalError("unkown Broxygen target type: %s",
+			reporter->FatalError("unknown Broxygen target type: %s",
 			                     tokens[0].c_str());
 		targets.push_back(target);
--- a/src/iosource/PktSrc.cc
+++ b/src/iosource/PktSrc.cc
@ -91,7 +91,7 @@ void PktSrc::Opened(const Properties& arg_props)
 		{
 		char buf[512];
 		safe_snprintf(buf, sizeof(buf),
-			 "unknown data link type 0x%x", props.link_type);
+			 "unknown data link type 0x%x", arg_props.link_type);
 		Error(buf);
 		Close();
 		return;
--- a/src/nb_dns.c
+++ b/src/nb_dns.c
@ -389,7 +389,7 @@ nb_dns_addr_request2(register struct nb_dns_info *nd, char *addrp,
 	default:
 		snprintf(errstr, NB_DNS_ERRSIZE,
-		    "nb_dns_addr_request2(): uknown address family %d", af);
+		    "nb_dns_addr_request2(): unknown address family %d", af);
 		return (-1);
 	}
--- a/testing/btest/Baseline/broker.data/out
+++ b/testing/btest/Baseline/broker.data/out
@ -30,12 +30,21 @@ hello
 42.0
 180.0
 Broker::BOOL
 ***************************
 {
 two,
 one,
 three
 }
 {
 [two] = 2,
 [one] = 1,
 [three] = 3
 }
 [zero, one, two]
 [a=<uninitialized>, b=bee, c=1]
 [a=test, b=bee, c=1]
 [a=test, b=testagain, c=1]
 ***************************
 0
 T
 1
@ -43,19 +52,20 @@ T
 F
 T
 2
 F
 2
 T
 1
 F
 {
 bye
 }
 T
 0
 ***************************
 {
-[two] = 2,
+
 [one] = 1,
 [three] = 3
 }
 ***************************
 0
 [d=<uninitialized>]
 1
@ -69,8 +79,14 @@ F
 37
 [d=broker::data{42}]
 1
 [d=<uninitialized>]
 1
 T
 0
 {
 }
 ***************************
 [zero, one, two]
 0
 T
 T
@ -85,10 +101,10 @@ T
 [d=broker::data{bah}]
 [hi, salutations, greetings]
 3
 T
 0
 []
 ***************************
 [a=<uninitialized>, b=bee, c=1]
 [a=test, b=bee, c=1]
 [a=test, b=testagain, c=1]
 3
 T
 T
@ -97,3 +113,6 @@ T
 [d=broker::data{hello}]
 [d=broker::data{37}]
 3
 T
 3
 [d=broker::data{goodbye}]
--- a/testing/btest/Baseline/core.leaks.broker.data/bro..stdout
+++ b/testing/btest/Baseline/core.leaks.broker.data/bro..stdout
@ -30,12 +30,21 @@ hello
 42.0
 180.0
 Broker::BOOL
 ***************************
 {
 two,
 one,
 three
 }
 {
 [two] = 2,
 [one] = 1,
 [three] = 3
 }
 [zero, one, two]
 [a=<uninitialized>, b=bee, c=1]
 [a=test, b=bee, c=1]
 [a=test, b=testagain, c=1]
 ***************************
 0
 T
 1
@ -43,19 +52,20 @@ T
 F
 T
 2
 F
 2
 T
 1
 F
 {
 bye
 }
 T
 0
 ***************************
 {
-[two] = 2,
+
 [one] = 1,
 [three] = 3
 }
 ***************************
 0
 [d=<uninitialized>]
 1
@ -69,8 +79,14 @@ F
 37
 [d=broker::data{42}]
 1
 [d=<uninitialized>]
 1
 T
 0
 {
 }
 ***************************
 [zero, one, two]
 0
 T
 T
@ -85,10 +101,10 @@ T
 [d=broker::data{bah}]
 [hi, salutations, greetings]
 3
 T
 0
 []
 ***************************
 [a=<uninitialized>, b=bee, c=1]
 [a=test, b=bee, c=1]
 [a=test, b=testagain, c=1]
 3
 T
 T
@ -97,3 +113,6 @@ T
 [d=broker::data{hello}]
 [d=broker::data{37}]
 3
 T
 3
 [d=broker::data{goodbye}]
--- a/testing/btest/Baseline/core.print-bpf-filters/output2
+++ b/testing/btest/Baseline/core.print-bpf-filters/output2
@ -1,5 +1,6 @@
 2 1080
 1 137
 1 143
 1 1434
 1 161
 1 162
@ -47,8 +48,8 @@
 1 992
 1 993
 1 995
-54 and
+55 and
-53 or
+54 or
-54 port
+55 port
-36 tcp
+37 tcp
 18 udp
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2016-04-22-23-21-01
+#open	2016-04-26-18-11-39
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@ -17,7 +17,11 @@ scripts/base/init-bare.bro
  build/scripts/base/bif/event.bif.bro
  scripts/base/frameworks/broker/__load__.bro
    scripts/base/frameworks/broker/main.bro
      build/scripts/base/bif/comm.bif.bro
      build/scripts/base/bif/messaging.bif.bro
    scripts/base/frameworks/broker/store.bro
      build/scripts/base/bif/data.bif.bro
      build/scripts/base/bif/store.bif.bro
  scripts/base/frameworks/logging/__load__.bro
    scripts/base/frameworks/logging/main.bro
      build/scripts/base/bif/logging.bif.bro
@ -51,10 +55,6 @@ scripts/base/init-bare.bro
    build/scripts/base/bif/bloom-filter.bif.bro
    build/scripts/base/bif/cardinality-counter.bif.bro
    build/scripts/base/bif/top-k.bif.bro
    build/scripts/base/bif/comm.bif.bro
    build/scripts/base/bif/data.bif.bro
    build/scripts/base/bif/messaging.bif.bro
    build/scripts/base/bif/store.bif.bro
  build/scripts/base/bif/plugins/__load__.bro
    build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
    build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
@ -76,6 +76,7 @@ scripts/base/init-bare.bro
    build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro
    build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro
    build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro
    build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro
    build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro
    build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro
    build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro
@ -131,4 +132,4 @@ scripts/base/init-bare.bro
    build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
 scripts/policy/misc/loaded-scripts.bro
  scripts/base/utils/paths.bro
-#close	2016-04-22-23-21-01
+#close	2016-04-26-18-11-39
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2016-04-22-23-21-18
+#open	2016-04-26-18-11-49
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@ -17,7 +17,11 @@ scripts/base/init-bare.bro
  build/scripts/base/bif/event.bif.bro
  scripts/base/frameworks/broker/__load__.bro
    scripts/base/frameworks/broker/main.bro
      build/scripts/base/bif/comm.bif.bro
      build/scripts/base/bif/messaging.bif.bro
    scripts/base/frameworks/broker/store.bro
      build/scripts/base/bif/data.bif.bro
      build/scripts/base/bif/store.bif.bro
  scripts/base/frameworks/logging/__load__.bro
    scripts/base/frameworks/logging/main.bro
      build/scripts/base/bif/logging.bif.bro
@ -51,10 +55,6 @@ scripts/base/init-bare.bro
    build/scripts/base/bif/bloom-filter.bif.bro
    build/scripts/base/bif/cardinality-counter.bif.bro
    build/scripts/base/bif/top-k.bif.bro
    build/scripts/base/bif/comm.bif.bro
    build/scripts/base/bif/data.bif.bro
    build/scripts/base/bif/messaging.bif.bro
    build/scripts/base/bif/store.bif.bro
  build/scripts/base/bif/plugins/__load__.bro
    build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
    build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
@ -76,6 +76,7 @@ scripts/base/init-bare.bro
    build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro
    build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro
    build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro
    build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro
    build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro
    build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro
    build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro
@ -252,6 +253,8 @@ scripts/base/init-default.bro
    scripts/base/protocols/http/entities.bro
    scripts/base/protocols/http/utils.bro
    scripts/base/protocols/http/files.bro
  scripts/base/protocols/imap/__load__.bro
    scripts/base/protocols/imap/main.bro
  scripts/base/protocols/irc/__load__.bro
    scripts/base/protocols/irc/main.bro
    scripts/base/protocols/irc/dcc-send.bro
@ -302,4 +305,4 @@ scripts/base/init-default.bro
  scripts/base/misc/find-checksum-offloading.bro
  scripts/base/misc/find-filtered-trace.bro
 scripts/policy/misc/loaded-scripts.bro
-#close	2016-04-22-23-21-18
+#close	2016-04-26-18-11-49
--- a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-connector_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-connector_bro/output
@ -21,11 +21,11 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established",
 	      peer_address, peer_port, peer_name;
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "hi", 0));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "hi", 0));
 	event my_auto_event("stuff", 88);
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "...", 1));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "...", 1));
 	event my_auto_event("more stuff", 51);
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "bye", 2));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "bye", 2));
 	}
 event Broker::outgoing_connection_broken(peer_address: string,
--- a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-connector_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-connector_bro/output
@ -18,9 +18,9 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established",
 	      peer_address, peer_port, peer_name;
-	Broker::print("bro/print/hi", "hello");
+	Broker::send_print("bro/print/hi", "hello");
-	Broker::print("bro/print/stuff", "...");
+	Broker::send_print("bro/print/stuff", "...");
-	Broker::print("bro/print/bye", "goodbye");
+	Broker::send_print("bro/print/bye", "goodbye");
 	}
 event Broker::outgoing_connection_broken(peer_address: string,
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -25,6 +25,7 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IMAP, 143/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp)) -> <no result>
@ -83,6 +84,7 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IMAP, 143/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp)) -> <no result>
@ -122,6 +124,7 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {631<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> <no result>
@ -230,7 +233,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1461367323.154279, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1461868125.285894, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
@ -351,7 +354,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1461367323.154279, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1461868125.285894, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -416,6 +419,7 @@
 0.000000   MetaHookPost  LoadFile(./Bro_HTTP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_HTTP.functions.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_ICMP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_IMAP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_IRC.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_Ident.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_InterConn.events.bif.bro) -> -1
@ -566,11 +570,13 @@
 0.000000   MetaHookPost  LoadFile(base<...>/bro.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/broker) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/cluster) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/comm.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/communication) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/conn) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/conn-ids) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/const.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/control) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/data.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/dhcp) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/dir) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/directions-and-hosts) -> -1
@ -587,6 +593,7 @@
 0.000000   MetaHookPost  LoadFile(base<...>/ftp) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/hash) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/http) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/imap) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/input) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/input.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/intel) -> -1
@ -596,6 +603,7 @@
 0.000000   MetaHookPost  LoadFile(base<...>/logging) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/logging.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/main) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/messaging.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/modbus) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/mysql) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/netcontrol) -> -1
@ -623,6 +631,7 @@
 0.000000   MetaHookPost  LoadFile(base<...>/software) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/ssh) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/ssl) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/store.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/strings) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/strings.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/sumstats) -> -1
@ -665,6 +674,7 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IMAP, 143/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp))
@ -723,6 +733,7 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IMAP, 143/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp))
@ -762,6 +773,7 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {631<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp}))
@ -870,7 +882,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1461367323.154279, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1461868125.285894, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
@ -991,7 +1003,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1461367323.154279, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1461868125.285894, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@ -1056,6 +1068,7 @@
 0.000000   MetaHookPre   LoadFile(./Bro_HTTP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_HTTP.functions.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_ICMP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_IMAP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_IRC.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_Ident.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_InterConn.events.bif.bro)
@ -1206,11 +1219,13 @@
 0.000000   MetaHookPre   LoadFile(base<...>/bro.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/broker)
 0.000000   MetaHookPre   LoadFile(base<...>/cluster)
 0.000000   MetaHookPre   LoadFile(base<...>/comm.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/communication)
 0.000000   MetaHookPre   LoadFile(base<...>/conn)
 0.000000   MetaHookPre   LoadFile(base<...>/conn-ids)
 0.000000   MetaHookPre   LoadFile(base<...>/const.bif.bro)
 0.000000   MetaHookPre   LoadFile(base<...>/control)
 0.000000   MetaHookPre   LoadFile(base<...>/data.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/dhcp)
 0.000000   MetaHookPre   LoadFile(base<...>/dir)
 0.000000   MetaHookPre   LoadFile(base<...>/directions-and-hosts)
@ -1227,6 +1242,7 @@
 0.000000   MetaHookPre   LoadFile(base<...>/ftp)
 0.000000   MetaHookPre   LoadFile(base<...>/hash)
 0.000000   MetaHookPre   LoadFile(base<...>/http)
 0.000000   MetaHookPre   LoadFile(base<...>/imap)
 0.000000   MetaHookPre   LoadFile(base<...>/input)
 0.000000   MetaHookPre   LoadFile(base<...>/input.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/intel)
@ -1236,6 +1252,7 @@
 0.000000   MetaHookPre   LoadFile(base<...>/logging)
 0.000000   MetaHookPre   LoadFile(base<...>/logging.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/main)
 0.000000   MetaHookPre   LoadFile(base<...>/messaging.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/modbus)
 0.000000   MetaHookPre   LoadFile(base<...>/mysql)
 0.000000   MetaHookPre   LoadFile(base<...>/netcontrol)
@ -1263,6 +1280,7 @@
 0.000000   MetaHookPre   LoadFile(base<...>/software)
 0.000000   MetaHookPre   LoadFile(base<...>/ssh)
 0.000000   MetaHookPre   LoadFile(base<...>/ssl)
 0.000000   MetaHookPre   LoadFile(base<...>/store.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/strings)
 0.000000   MetaHookPre   LoadFile(base<...>/strings.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/sumstats)
@ -1305,6 +1323,7 @@
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp)
@ -1363,6 +1382,7 @@
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp)
@ -1402,6 +1422,7 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {631<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6669<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp})
@ -1509,7 +1530,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1461367323.154279, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1461868125.285894, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@ -1630,7 +1651,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1461367323.154279, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1461868125.285894, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
--- a/testing/btest/Baseline/scripts.base.protocols.imap.capabilities/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.imap.capabilities/.stdout
@ -0,0 +1 @@
 [IMAP4rev1, CHILDREN, ENABLE, ID, IDLE, LIST-EXTENDED, LIST-STATUS, LITERAL+, MOVE, NAMESPACE, SASL-IR, SORT, SPECIAL-USE, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN, STARTTLS, AUTH=LOGIN, AUTH=PLAIN]
--- a/testing/btest/Baseline/scripts.base.protocols.imap.starttls/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.imap.starttls/.stdout
@ -0,0 +1 @@
 Tls started for connection
--- a/testing/btest/Baseline/scripts.base.protocols.imap.starttls/conn.log
+++ b/testing/btest/Baseline/scripts.base.protocols.imap.starttls/conn.log
@ -0,0 +1,10 @@
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	conn
 #open	2015-07-22-17-31-02
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1437584567.812552	CXWv6p3arKYeMETxOg	192.168.17.53	49640	212.227.17.186	143	tcp	ssl,imap	2.827002	540	5653	SF	-	-	0	ShAdDafFr	18	1284	14	6225	(empty)
 #close	2015-07-22-17-31-02
--- a/testing/btest/Baseline/scripts.base.protocols.imap.starttls/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.imap.starttls/ssl.log
@ -0,0 +1,10 @@
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
 #open	2015-07-22-17-31-02
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
 #types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string
 1437584568.570497	CXWv6p3arKYeMETxOg	192.168.17.53	49640	212.227.17.186	143	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	FOWmhO3rUj3SEB5RTb,FjH9n52SzEIJ9UoVK9,FisDHa396LIaZadgG9	(empty)	CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE	CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE	-	-
 #close	2015-07-22-17-31-02
--- a/testing/btest/Baseline/scripts.base.protocols.imap.starttls/x509.log
+++ b/testing/btest/Baseline/scripts.base.protocols.imap.starttls/x509.log
@ -0,0 +1,12 @@
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	x509
 #open	2015-07-22-17-31-02
 #fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
 #types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
 1437584568.769690	FOWmhO3rUj3SEB5RTb	3	339D9ED8E73927C9	CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE	CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE	1384251451.000000	1479427199.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	imap.gmx.net,imap.gmx.de	-	-	-	F	-
 1437584568.769690	FjH9n52SzEIJ9UoVK9	3	21B6777E8CBD0EA8	CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE	CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE	1362146309.000000	1562716740.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
 1437584568.769690	FisDHa396LIaZadgG9	3	26	CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE	CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE	931522260.000000	1562716740.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	5
 #close	2015-07-22-17-31-02
--- a/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log
@ -3,23 +3,23 @@
 #empty_field	(empty)
 #unset_field	-
 #path	intel
-#open	2016-04-11-13-48-49
+#open	2016-04-25-23-53-37
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	seen.indicator	seen.indicator_type	seen.where	seen.node	sources
 #types	time	string	addr	port	addr	port	string	string	string	string	enum	enum	string	set[string]
 1416942644.593119	CXWv6p3arKYeMETxOg	192.168.4.149	49422	23.92.19.75	443	F0txuw2pvrkZOn04a8	application/pkix-cert	23.92.19.75:443/tcp	www.pantz.org	Intel::DOMAIN	X509::IN_CERT	bro	source1
-#close	2016-04-11-13-48-49
+#close	2016-04-25-23-53-37
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	intel
-#open	2016-04-11-13-48-49
+#open	2016-04-25-23-53-38
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	seen.indicator	seen.indicator_type	seen.where	seen.node	sources
 #types	time	string	addr	port	addr	port	string	string	string	string	enum	enum	string	set[string]
 1170717505.735416	CXWv6p3arKYeMETxOg	192.150.187.164	58868	194.127.84.106	443	FeCwNK3rzqPnZ7eBQ5	application/pkix-cert	194.127.84.106:443/tcp	2c322ae2b7fe91391345e070b63668978bb1c9da	Intel::CERT_HASH	X509::IN_CERT	bro	source1
-1170717505.934612	CXWv6p3arKYeMETxOg	192.150.187.164	58868	194.127.84.106	443	-	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
+1170717505.934612	CXWv6p3arKYeMETxOg	192.150.187.164	58868	194.127.84.106	443	FeCwNK3rzqPnZ7eBQ5	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
 1170717508.883051	CjhGID4nQcgTWjvg4c	192.150.187.164	58869	194.127.84.106	443	FjkLnG4s34DVZlaBNc	application/pkix-cert	194.127.84.106:443/tcp	2c322ae2b7fe91391345e070b63668978bb1c9da	Intel::CERT_HASH	X509::IN_CERT	bro	source1
-1170717509.082241	CjhGID4nQcgTWjvg4c	192.150.187.164	58869	194.127.84.106	443	-	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
+1170717509.082241	CjhGID4nQcgTWjvg4c	192.150.187.164	58869	194.127.84.106	443	FjkLnG4s34DVZlaBNc	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
 1170717511.909717	CCvvfg3TEfuqmmG4bh	192.150.187.164	58870	194.127.84.106	443	FQXAWgI2FB5STbrff	application/pkix-cert	194.127.84.106:443/tcp	2c322ae2b7fe91391345e070b63668978bb1c9da	Intel::CERT_HASH	X509::IN_CERT	bro	source1
-1170717512.108799	CCvvfg3TEfuqmmG4bh	192.150.187.164	58870	194.127.84.106	443	-	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
+1170717512.108799	CCvvfg3TEfuqmmG4bh	192.150.187.164	58870	194.127.84.106	443	FQXAWgI2FB5STbrff	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
-#close	2016-04-11-13-48-49
+#close	2016-04-25-23-53-38
--- a/testing/btest/Traces/tls/imap-starttls.pcap
+++ b/testing/btest/Traces/tls/imap-starttls.pcap
--- a/testing/btest/broker/clone_store.bro
+++ b/testing/btest/broker/clone_store.bro
@ -1,8 +1,8 @@
 # @TEST-SERIALIZE: brokercomm
 # @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
-# @TEST-EXEC: btest-bg-run clone "bro -b -r $TRACES/wikipedia.trace ../clone.bro broker_port=$BROKER_PORT >clone.out"
+# @TEST-EXEC: btest-bg-run clone "bro -b ../clone.bro broker_port=$BROKER_PORT >clone.out"
-# @TEST-EXEC: btest-bg-run master "bro -b -r $TRACES/wikipedia.trace ../master.bro broker_port=$BROKER_PORT >master.out"
+# @TEST-EXEC: btest-bg-run master "bro -b ../master.bro broker_port=$BROKER_PORT >master.out"
 # @TEST-EXEC: btest-bg-wait 60
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out
--- a/testing/btest/broker/connection_updates.bro
+++ b/testing/btest/broker/connection_updates.bro
@ -22,12 +22,12 @@ event bro_init()
 event Broker::incoming_connection_established(peer_name: string)
 	{
-	print "Broker::incoming_connection_established", peer_name;;
+	print "Broker::incoming_connection_established", peer_name;
 	}
 event Broker::incoming_connection_broken(peer_name: string)
 	{
-	print "Broker::incoming_connection_broken", peer_name;;
+	print "Broker::incoming_connection_broken", peer_name;
 	terminate();
 	}
@ -50,7 +50,7 @@ event Broker::outgoing_connection_established(peer_address: string,
                                            peer_name: string)
 	{
 	print "Broker::outgoing_connection_established",
-	      peer_address, peer_port, peer_name;;
+	      peer_address, peer_port, peer_name;
 	terminate();
 	}
--- a/testing/btest/broker/data.bro
+++ b/testing/btest/broker/data.bro
@ -13,7 +13,7 @@ type bro_record : record {
 	c: count;
 };
-function comm_record_to_bro_record_recurse(it: opaque of Broker::RecordIterator,
+function broker_to_bro_record_recurse(it: opaque of Broker::RecordIterator,
                                           rval: bro_record,
                                           idx: count): bro_record
 	{
@ -37,17 +37,17 @@ function comm_record_to_bro_record_recurse(it: opaque of Broker::RecordIterator,
 	++idx;
 	Broker::record_iterator_next(it);
-	return comm_record_to_bro_record_recurse(it, rval, idx);
+	return broker_to_bro_record_recurse(it, rval, idx);
 	}
-function comm_record_to_bro_record(d: Broker::Data): bro_record
+function broker_to_bro_record(d: Broker::Data): bro_record
 	{
-	return comm_record_to_bro_record_recurse(Broker::record_iterator(d),
+	return broker_to_bro_record_recurse(Broker::record_iterator(d),
 	                                         bro_record($c = 0), 0);
 	}
 function
-comm_set_to_bro_set_recurse(it: opaque of Broker::SetIterator,
+broker_to_bro_set_recurse(it: opaque of Broker::SetIterator,
                            rval: bro_set): bro_set
 	{
 	if ( Broker::set_iterator_last(it) )
@ -55,17 +55,17 @@ comm_set_to_bro_set_recurse(it: opaque of Broker::SetIterator,
 	add rval[Broker::refine_to_string(Broker::set_iterator_value(it))];
 	Broker::set_iterator_next(it);
-	return comm_set_to_bro_set_recurse(it, rval);
+	return broker_to_bro_set_recurse(it, rval);
 	}
-function comm_set_to_bro_set(d: Broker::Data): bro_set
+function broker_to_bro_set(d: Broker::Data): bro_set
 	{
-	return comm_set_to_bro_set_recurse(Broker::set_iterator(d), bro_set());
+	return broker_to_bro_set_recurse(Broker::set_iterator(d), bro_set());
 	}
 function
-comm_table_to_bro_table_recurse(it: opaque of Broker::TableIterator,
+broker_to_bro_table_recurse(it: opaque of Broker::TableIterator,
                                rval: bro_table): bro_table
 	{
 	if ( Broker::table_iterator_last(it) )
@ -74,16 +74,16 @@ comm_table_to_bro_table_recurse(it: opaque of Broker::TableIterator,
 	local item = Broker::table_iterator_value(it);
 	rval[Broker::refine_to_string(item$key)] = Broker::refine_to_count(item$val);
 	Broker::table_iterator_next(it);
-	return comm_table_to_bro_table_recurse(it, rval);
+	return broker_to_bro_table_recurse(it, rval);
 	}
-function comm_table_to_bro_table(d: Broker::Data): bro_table
+function broker_to_bro_table(d: Broker::Data): bro_table
 	{
-	return comm_table_to_bro_table_recurse(Broker::table_iterator(d),
+	return broker_to_bro_table_recurse(Broker::table_iterator(d),
 	                                       bro_table());
 	}
-function comm_vector_to_bro_vector_recurse(it: opaque of Broker::VectorIterator,
+function broker_to_bro_vector_recurse(it: opaque of Broker::VectorIterator,
                                           rval: bro_vector): bro_vector
 	{
 	if ( Broker::vector_iterator_last(it) )
@ -91,18 +91,21 @@ function comm_vector_to_bro_vector_recurse(it: opaque of Broker::VectorIterator,
 	rval[|rval|] = Broker::refine_to_string(Broker::vector_iterator_value(it));
 	Broker::vector_iterator_next(it);
-	return comm_vector_to_bro_vector_recurse(it, rval);
+	return broker_to_bro_vector_recurse(it, rval);
 	}
-function comm_vector_to_bro_vector(d: Broker::Data): bro_vector
+function broker_to_bro_vector(d: Broker::Data): bro_vector
 	{
-	return comm_vector_to_bro_vector_recurse(Broker::vector_iterator(d),
+	return broker_to_bro_vector_recurse(Broker::vector_iterator(d),
 	                                         bro_vector());
 	}
 event bro_init()
 {
 Broker::enable();
 ### Print every broker data type
 print Broker::data_type(Broker::data(T));
 print Broker::data_type(Broker::data(+1));
 print Broker::data_type(Broker::data(1));
@ -125,6 +128,8 @@ print Broker::data_type(Broker::data(r));
 print "***************************";
 ### Convert a Bro value to a broker value, then print the result
 print Broker::refine_to_bool(Broker::data(T));
 print Broker::refine_to_bool(Broker::data(F));
 print Broker::refine_to_int(Broker::data(+1));
@ -142,10 +147,30 @@ print Broker::refine_to_time(Broker::data(double_to_time(42)));
 print Broker::refine_to_interval(Broker::data(3min));
 print Broker::refine_to_enum_name(Broker::data(Broker::BOOL));
 local cs = Broker::data(s);
 print broker_to_bro_set(cs);
 local ct = Broker::data(t);
 print broker_to_bro_table(ct);
 local cv = Broker::data(v);
 print broker_to_bro_vector(cv);
 local cr = Broker::data(r);
 print broker_to_bro_record(cr);
 r$a = "test";
 cr = Broker::data(r);
 print broker_to_bro_record(cr);
 r$b = "testagain";
 cr = Broker::data(r);
 print broker_to_bro_record(cr);
 print "***************************";
-local cs = Broker::data(s);
+### Test the broker set BIFs
-print comm_set_to_bro_set(cs);
+
 cs = Broker::set_create();
 print Broker::set_size(cs);
 print Broker::set_insert(cs, Broker::data("hi"));
@ -154,17 +179,20 @@ print Broker::set_contains(cs, Broker::data("hi"));
 print Broker::set_contains(cs, Broker::data("bye"));
 print Broker::set_insert(cs, Broker::data("bye"));
 print Broker::set_size(cs);
 print Broker::set_insert(cs, Broker::data("bye"));
 print Broker::set_size(cs);
 print Broker::set_remove(cs, Broker::data("hi"));
 print Broker::set_size(cs);
 print Broker::set_remove(cs, Broker::data("hi"));
-print comm_set_to_bro_set(cs);
+print broker_to_bro_set(cs);
-Broker::set_clear(cs);
+print Broker::set_clear(cs);
 print Broker::set_size(cs);
 print broker_to_bro_set(cs);
 print "***************************";
-local ct = Broker::data(t);
+### Test the broker table BIFs
-print comm_table_to_bro_table(ct);
+
 ct = Broker::table_create();
 print Broker::table_size(ct);
 print Broker::table_insert(ct, Broker::data("hi"), Broker::data(42));
@ -179,37 +207,39 @@ print Broker::table_size(ct);
 print Broker::refine_to_count(Broker::table_lookup(ct, Broker::data("bye")));
 print Broker::table_remove(ct, Broker::data("hi"));
 print Broker::table_size(ct);
 print Broker::table_remove(ct, Broker::data("hi"));
 print Broker::table_size(ct);
 print Broker::table_clear(ct);
 print Broker::table_size(ct);
 print broker_to_bro_table(ct);
 print "***************************";
-local cv = Broker::data(v);
+### Test the broker vector BIFs
-print comm_vector_to_bro_vector(cv);
+
 cv = Broker::vector_create();
 print Broker::vector_size(cv);
 print Broker::vector_insert(cv, Broker::data("hi"), 0);
 print Broker::vector_insert(cv, Broker::data("hello"), 1);
 print Broker::vector_insert(cv, Broker::data("greetings"), 2);
 print Broker::vector_insert(cv, Broker::data("salutations"), 1);
-print comm_vector_to_bro_vector(cv);
+print broker_to_bro_vector(cv);
 print Broker::vector_size(cv);
 print Broker::vector_replace(cv, Broker::data("bah"), 2);
 print Broker::vector_lookup(cv, 2);
 print Broker::vector_lookup(cv, 0);
-print comm_vector_to_bro_vector(cv);
+print broker_to_bro_vector(cv);
 print Broker::vector_remove(cv, 2);
-print comm_vector_to_bro_vector(cv);
+print broker_to_bro_vector(cv);
 print Broker::vector_size(cv);
 print Broker::vector_clear(cv);
 print Broker::vector_size(cv);
 print broker_to_bro_vector(cv);
 print "***************************";
-local cr = Broker::data(r);
+### Test the broker record BIFs
-print comm_record_to_bro_record(cr);
+
 r$a = "test";
 cr = Broker::data(r);
 print comm_record_to_bro_record(cr);
 r$b = "testagain";
 cr = Broker::data(r);
 print comm_record_to_bro_record(cr);
 cr = Broker::record_create(3);
 print Broker::record_size(cr);
 print Broker::record_assign(cr, Broker::data("hi"), 0);
@ -219,4 +249,7 @@ print Broker::record_lookup(cr, 0);
 print Broker::record_lookup(cr, 1);
 print Broker::record_lookup(cr, 2);
 print Broker::record_size(cr);
 print Broker::record_assign(cr, Broker::data("goodbye"), 1);
 print Broker::record_size(cr);
 print Broker::record_lookup(cr, 1);
 }
--- a/testing/btest/broker/remote_event.test
+++ b/testing/btest/broker/remote_event.test
@ -40,7 +40,7 @@ event event_handler(msg: string, n: count)
 	event auto_event_handler(msg, n);
 	local args = Broker::event_args(event_handler, "pong", n);
-	Broker::event("bro/event/my_topic", args);
+	Broker::send_event("bro/event/my_topic", args);
 	}
@TEST-END-FILE
@ -68,7 +68,7 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established", peer_address, peer_port;
 	local args = Broker::event_args(event_handler, "ping", event_count);
-	Broker::event("bro/event/hi", args);
+	Broker::send_event("bro/event/hi", args);
 	++event_count;
 	}
@ -82,7 +82,7 @@ event event_handler(msg: string, n: count)
 	{
 	print "got event msg", msg, n;
 	local args = Broker::event_args(event_handler, "ping", event_count);
-    Broker::event("bro/event/hi", args);
+    Broker::send_event("bro/event/hi", args);
 	++event_count;
 	}
--- a/testing/btest/broker/remote_print.test
+++ b/testing/btest/broker/remote_print.test
@ -16,8 +16,8 @@ redef exit_only_after_terminate = T;
 event bro_init()
 	{
 	Broker::enable();
 	Broker::listen(broker_port, "127.0.0.1");
 	Broker::subscribe_to_prints("bro/print/");
 	Broker::listen(broker_port, "127.0.0.1");
 	}
 global messages_to_recv = 6;
@ -35,7 +35,7 @@ event Broker::print_handler(msg: string)
 		return;
 		}
-	Broker::print("bro/print/my_topic", fmt("pong %d", messages_sent));
+	Broker::send_print("bro/print/my_topic", fmt("pong %d", messages_sent));
 	++messages_sent;
 	}
@ -62,7 +62,7 @@ event Broker::outgoing_connection_established(peer_address: string,
                                            peer_name: string)
 	{
 	print "Broker::outgoing_connection_established", peer_address, peer_port;
-	Broker::print("bro/print/hi", fmt("ping %d", messages_sent));
+	Broker::send_print("bro/print/hi", fmt("ping %d", messages_sent));
 	++messages_sent;
 	}
@ -76,7 +76,7 @@ event Broker::print_handler(msg: string)
 	{
 	++messages_recv;
 	print "got print msg", msg;
-	Broker::print("bro/print/hi", fmt("ping %d", messages_sent));
+	Broker::send_print("bro/print/hi", fmt("ping %d", messages_sent));
 	++messages_sent;
 	}
--- a/testing/btest/core/leaks/broker/clone_store.bro
+++ b/testing/btest/core/leaks/broker/clone_store.bro
@ -51,8 +51,8 @@ event ready()
 event bro_init()
 	{
 	Broker::enable();
 	Broker::listen(broker_port, "127.0.0.1");
 	Broker::subscribe_to_events("bro/event/ready");
 	Broker::listen(broker_port, "127.0.0.1");
 	}
@TEST-END-FILE
@ -105,9 +105,9 @@ event Broker::outgoing_connection_established(peer_address: string,
 event bro_init()
 	{
 	Broker::enable();
 	Broker::auto_event("bro/event/ready", ready);
 	h = Broker::create_master("mystore");
 	Broker::connect("127.0.0.1", broker_port, 1secs);
 	Broker::auto_event("bro/event/ready", ready);
 	}
@TEST-END-FILE
--- a/testing/btest/core/leaks/broker/data.bro
+++ b/testing/btest/core/leaks/broker/data.bro
@ -16,7 +16,7 @@ type bro_record : record {
 	c: count;
 };
-function comm_record_to_bro_record_recurse(it: opaque of Broker::RecordIterator,
+function broker_to_bro_record_recurse(it: opaque of Broker::RecordIterator,
                                           rval: bro_record,
                                           idx: count): bro_record
 	{
@ -40,17 +40,17 @@ function comm_record_to_bro_record_recurse(it: opaque of Broker::RecordIterator,
 	++idx;
 	Broker::record_iterator_next(it);
-	return comm_record_to_bro_record_recurse(it, rval, idx);
+	return broker_to_bro_record_recurse(it, rval, idx);
 	}
-function comm_record_to_bro_record(d: Broker::Data): bro_record
+function broker_to_bro_record(d: Broker::Data): bro_record
 	{
-	return comm_record_to_bro_record_recurse(Broker::record_iterator(d),
+	return broker_to_bro_record_recurse(Broker::record_iterator(d),
 	                                         bro_record($c = 0), 0);
 	}
 function
-comm_set_to_bro_set_recurse(it: opaque of Broker::SetIterator,
+broker_to_bro_set_recurse(it: opaque of Broker::SetIterator,
                            rval: bro_set): bro_set
 	{
 	if ( Broker::set_iterator_last(it) )
@ -58,17 +58,17 @@ comm_set_to_bro_set_recurse(it: opaque of Broker::SetIterator,
 	add rval[Broker::refine_to_string(Broker::set_iterator_value(it))];
 	Broker::set_iterator_next(it);
-	return comm_set_to_bro_set_recurse(it, rval);
+	return broker_to_bro_set_recurse(it, rval);
 	}
-function comm_set_to_bro_set(d: Broker::Data): bro_set
+function broker_to_bro_set(d: Broker::Data): bro_set
 	{
-	return comm_set_to_bro_set_recurse(Broker::set_iterator(d), bro_set());
+	return broker_to_bro_set_recurse(Broker::set_iterator(d), bro_set());
 	}
 function
-comm_table_to_bro_table_recurse(it: opaque of Broker::TableIterator,
+broker_to_bro_table_recurse(it: opaque of Broker::TableIterator,
                                rval: bro_table): bro_table
 	{
 	if ( Broker::table_iterator_last(it) )
@ -77,16 +77,16 @@ comm_table_to_bro_table_recurse(it: opaque of Broker::TableIterator,
 	local item = Broker::table_iterator_value(it);
 	rval[Broker::refine_to_string(item$key)] = Broker::refine_to_count(item$val);
 	Broker::table_iterator_next(it);
-	return comm_table_to_bro_table_recurse(it, rval);
+	return broker_to_bro_table_recurse(it, rval);
 	}
-function comm_table_to_bro_table(d: Broker::Data): bro_table
+function broker_to_bro_table(d: Broker::Data): bro_table
 	{
-	return comm_table_to_bro_table_recurse(Broker::table_iterator(d),
+	return broker_to_bro_table_recurse(Broker::table_iterator(d),
 	                                       bro_table());
 	}
-function comm_vector_to_bro_vector_recurse(it: opaque of Broker::VectorIterator,
+function broker_to_bro_vector_recurse(it: opaque of Broker::VectorIterator,
                                           rval: bro_vector): bro_vector
 	{
 	if ( Broker::vector_iterator_last(it) )
@ -94,26 +94,29 @@ function comm_vector_to_bro_vector_recurse(it: opaque of Broker::VectorIterator,
 	rval[|rval|] = Broker::refine_to_string(Broker::vector_iterator_value(it));
 	Broker::vector_iterator_next(it);
-	return comm_vector_to_bro_vector_recurse(it, rval);
+	return broker_to_bro_vector_recurse(it, rval);
 	}
-function comm_vector_to_bro_vector(d: Broker::Data): bro_vector
+function broker_to_bro_vector(d: Broker::Data): bro_vector
 	{
-	return comm_vector_to_bro_vector_recurse(Broker::vector_iterator(d),
+	return broker_to_bro_vector_recurse(Broker::vector_iterator(d),
 	                                         bro_vector());
 	}
 event bro_init()
-	{
+{
 Broker::enable();
-	}
+}
 global did_it = F;
 event new_connection(c: connection)
-	{
+{
 if ( did_it ) return;
 did_it = T;
 ### Print every broker data type
 print Broker::data_type(Broker::data(T));
 print Broker::data_type(Broker::data(+1));
 print Broker::data_type(Broker::data(1));
@ -136,6 +139,8 @@ print Broker::data_type(Broker::data(r));
 print "***************************";
 ### Convert a Bro value to a broker value, then print the result
 print Broker::refine_to_bool(Broker::data(T));
 print Broker::refine_to_bool(Broker::data(F));
 print Broker::refine_to_int(Broker::data(+1));
@ -153,10 +158,30 @@ print Broker::refine_to_time(Broker::data(double_to_time(42)));
 print Broker::refine_to_interval(Broker::data(3min));
 print Broker::refine_to_enum_name(Broker::data(Broker::BOOL));
 local cs = Broker::data(s);
 print broker_to_bro_set(cs);
 local ct = Broker::data(t);
 print broker_to_bro_table(ct);
 local cv = Broker::data(v);
 print broker_to_bro_vector(cv);
 local cr = Broker::data(r);
 print broker_to_bro_record(cr);
 r$a = "test";
 cr = Broker::data(r);
 print broker_to_bro_record(cr);
 r$b = "testagain";
 cr = Broker::data(r);
 print broker_to_bro_record(cr);
 print "***************************";
-local cs = Broker::data(s);
+### Test the broker set BIFs
-print comm_set_to_bro_set(cs);
+
 cs = Broker::set_create();
 print Broker::set_size(cs);
 print Broker::set_insert(cs, Broker::data("hi"));
@ -165,17 +190,20 @@ print Broker::set_contains(cs, Broker::data("hi"));
 print Broker::set_contains(cs, Broker::data("bye"));
 print Broker::set_insert(cs, Broker::data("bye"));
 print Broker::set_size(cs);
 print Broker::set_insert(cs, Broker::data("bye"));
 print Broker::set_size(cs);
 print Broker::set_remove(cs, Broker::data("hi"));
 print Broker::set_size(cs);
 print Broker::set_remove(cs, Broker::data("hi"));
-print comm_set_to_bro_set(cs);
+print broker_to_bro_set(cs);
-Broker::set_clear(cs);
+print Broker::set_clear(cs);
 print Broker::set_size(cs);
 print broker_to_bro_set(cs);
 print "***************************";
-local ct = Broker::data(t);
+### Test the broker table BIFs
-print comm_table_to_bro_table(ct);
+
 ct = Broker::table_create();
 print Broker::table_size(ct);
 print Broker::table_insert(ct, Broker::data("hi"), Broker::data(42));
@ -190,37 +218,39 @@ print Broker::table_size(ct);
 print Broker::refine_to_count(Broker::table_lookup(ct, Broker::data("bye")));
 print Broker::table_remove(ct, Broker::data("hi"));
 print Broker::table_size(ct);
 print Broker::table_remove(ct, Broker::data("hi"));
 print Broker::table_size(ct);
 print Broker::table_clear(ct);
 print Broker::table_size(ct);
 print broker_to_bro_table(ct);
 print "***************************";
-local cv = Broker::data(v);
+### Test the broker vector BIFs
-print comm_vector_to_bro_vector(cv);
+
 cv = Broker::vector_create();
 print Broker::vector_size(cv);
 print Broker::vector_insert(cv, Broker::data("hi"), 0);
 print Broker::vector_insert(cv, Broker::data("hello"), 1);
 print Broker::vector_insert(cv, Broker::data("greetings"), 2);
 print Broker::vector_insert(cv, Broker::data("salutations"), 1);
-print comm_vector_to_bro_vector(cv);
+print broker_to_bro_vector(cv);
 print Broker::vector_size(cv);
 print Broker::vector_replace(cv, Broker::data("bah"), 2);
 print Broker::vector_lookup(cv, 2);
 print Broker::vector_lookup(cv, 0);
-print comm_vector_to_bro_vector(cv);
+print broker_to_bro_vector(cv);
 print Broker::vector_remove(cv, 2);
-print comm_vector_to_bro_vector(cv);
+print broker_to_bro_vector(cv);
 print Broker::vector_size(cv);
 print Broker::vector_clear(cv);
 print Broker::vector_size(cv);
 print broker_to_bro_vector(cv);
 print "***************************";
-local cr = Broker::data(r);
+### Test the broker record BIFs
-print comm_record_to_bro_record(cr);
+
 r$a = "test";
 cr = Broker::data(r);
 print comm_record_to_bro_record(cr);
 r$b = "testagain";
 cr = Broker::data(r);
 print comm_record_to_bro_record(cr);
 cr = Broker::record_create(3);
 print Broker::record_size(cr);
 print Broker::record_assign(cr, Broker::data("hi"), 0);
@ -230,4 +260,7 @@ print Broker::record_lookup(cr, 0);
 print Broker::record_lookup(cr, 1);
 print Broker::record_lookup(cr, 2);
 print Broker::record_size(cr);
 print Broker::record_assign(cr, Broker::data("goodbye"), 1);
 print Broker::record_size(cr);
 print Broker::record_lookup(cr, 1);
 }
--- a/testing/btest/core/leaks/broker/remote_event.test
+++ b/testing/btest/core/leaks/broker/remote_event.test
@ -21,9 +21,9 @@ global auto_event_handler: event(msg: string, c: count);
 event bro_init()
 	{
 	Broker::enable();
 	Broker::listen(broker_port, "127.0.0.1");
 	Broker::subscribe_to_events("bro/event/");
 	Broker::auto_event("bro/event/my_topic", auto_event_handler);
 	Broker::listen(broker_port, "127.0.0.1");
 	}
 global event_count = 0;
@ -42,7 +42,7 @@ event event_handler(msg: string, n: count)
 	event auto_event_handler(msg, n);
 	local args = Broker::event_args(event_handler, "pong", n);
-	Broker::event("bro/event/my_topic", args);
+	Broker::send_event("bro/event/my_topic", args);
 	}
@TEST-END-FILE
@ -70,7 +70,7 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established", peer_address, peer_port;
 	local args = Broker::event_args(event_handler, "ping", event_count);
-	Broker::event("bro/event/hi", args);
+	Broker::send_event("bro/event/hi", args);
 	++event_count;
 	}
@ -84,7 +84,7 @@ event event_handler(msg: string, n: count)
 	{
 	print "got event msg", msg, n;
 	local args = Broker::event_args(event_handler, "ping", event_count);
-    Broker::event("bro/event/hi", args);
+	Broker::send_event("bro/event/hi", args);
 	++event_count;
 	}
--- a/testing/btest/core/leaks/broker/remote_log.test
+++ b/testing/btest/core/leaks/broker/remote_log.test
@ -42,8 +42,8 @@ redef exit_only_after_terminate = T;
 event bro_init()
 	{
 	Broker::listen(broker_port, "127.0.0.1");
 	Broker::subscribe_to_logs("bro/log/");
 	Broker::listen(broker_port, "127.0.0.1");
 	}
 event Test::log_test(rec: Test::Info)
--- a/testing/btest/core/leaks/broker/remote_print.test
+++ b/testing/btest/core/leaks/broker/remote_print.test
@ -18,8 +18,8 @@ redef exit_only_after_terminate = T;
 event bro_init()
 	{
 	Broker::enable();
 	Broker::listen(broker_port, "127.0.0.1");
 	Broker::subscribe_to_prints("bro/print/");
 	Broker::listen(broker_port, "127.0.0.1");
 	}
 global messages_to_recv = 6;
@ -37,7 +37,7 @@ event Broker::print_handler(msg: string)
 		return;
 		}
-	Broker::print("bro/print/my_topic", fmt("pong %d", messages_sent));
+	Broker::send_print("bro/print/my_topic", fmt("pong %d", messages_sent));
 	++messages_sent;
 	}
@ -64,7 +64,7 @@ event Broker::outgoing_connection_established(peer_address: string,
                                            peer_name: string)
 	{
 	print "Broker::outgoing_connection_established", peer_address, peer_port;
-	Broker::print("bro/print/hi", fmt("ping %d", messages_sent));
+	Broker::send_print("bro/print/hi", fmt("ping %d", messages_sent));
 	++messages_sent;
 	}
@ -78,7 +78,7 @@ event Broker::print_handler(msg: string)
 	{
 	++messages_recv;
 	print "got print msg", msg;
-	Broker::print("bro/print/hi", fmt("ping %d", messages_sent));
+	Broker::send_print("bro/print/hi", fmt("ping %d", messages_sent));
 	++messages_sent;
 	}
--- a/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-connector_bro.btest
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-connector_bro.btest
@ -21,11 +21,11 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established",
 	      peer_address, peer_port, peer_name;
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "hi", 0));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "hi", 0));
 	event my_auto_event("stuff", 88);
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "...", 1));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "...", 1));
 	event my_auto_event("more stuff", 51);
-	Broker::event("bro/event/my_event", Broker::event_args(my_event, "bye", 2));
+	Broker::send_event("bro/event/my_event", Broker::event_args(my_event, "bye", 2));
 	}
 event Broker::outgoing_connection_broken(peer_address: string,
--- a/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-connector_bro.btest
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-connector_bro.btest
@ -18,9 +18,9 @@ event Broker::outgoing_connection_established(peer_address: string,
 	{
 	print "Broker::outgoing_connection_established",
 	      peer_address, peer_port, peer_name;
-	Broker::print("bro/print/hi", "hello");
+	Broker::send_print("bro/print/hi", "hello");
-	Broker::print("bro/print/stuff", "...");
+	Broker::send_print("bro/print/stuff", "...");
-	Broker::print("bro/print/bye", "goodbye");
+	Broker::send_print("bro/print/bye", "goodbye");
 	}
 event Broker::outgoing_connection_broken(peer_address: string,
--- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro
@ -105,14 +105,14 @@ event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::
 	{
 	print "add_rule", id, r$entity, r$ty, ar;
-	Broker::event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_added, id, r, ar$command));
+	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_added, id, r, ar$command));
 	}
 event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
 	{
 	print "remove_rule", id, r$entity, r$ty, ar;
-	Broker::event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
 	if ( r$cid == 4 )
 		terminate();
--- a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.bro
@ -98,14 +98,14 @@ event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::
 	{
 	print "add_rule", id, r$entity, r$ty, ar;
-	Broker::event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_added, id, r, ar$command));
+	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_added, id, r, ar$command));
 	}
 event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
 	{
 	print "remove_rule", id, r$entity, r$ty, ar;
-	Broker::event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
 	if ( r$cid == 4 )
 		terminate();
--- a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro
@ -89,15 +89,15 @@ event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
 	{
 	print "add_rule", id, r$entity, r$ty;
-	Broker::event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_added, id, r, ""));
+	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_added, id, r, ""));
 	}
 event NetControl::broker_remove_rule(id: count, r: NetControl::Rule)
 	{
 	print "remove_rule", id, r$entity, r$ty;
-	Broker::event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
+	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
-	Broker::event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_removed, id, r, ""));
+	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_removed, id, r, ""));
 	if ( r$cid == 3 )
 		terminate();
--- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro
+++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro
@ -104,8 +104,8 @@ function got_message()
 event OpenFlow::broker_flow_mod(name: string, dpid: count, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod)
 	{
 	print "got flow_mod", dpid, match, flow_mod;
-	Broker::event("bro/event/openflow", Broker::event_args(OpenFlow::flow_mod_success, name, match, flow_mod, ""));
+	Broker::send_event("bro/event/openflow", Broker::event_args(OpenFlow::flow_mod_success, name, match, flow_mod, ""));
-	Broker::event("bro/event/openflow", Broker::event_args(OpenFlow::flow_mod_failure, name, match, flow_mod, ""));
+	Broker::send_event("bro/event/openflow", Broker::event_args(OpenFlow::flow_mod_failure, name, match, flow_mod, ""));
 	got_message();
 	}
--- a/testing/btest/scripts/base/protocols/imap/capabilities.test
+++ b/testing/btest/scripts/base/protocols/imap/capabilities.test
@ -0,0 +1,12 @@
 # @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT
 # @TEST-EXEC: btest-diff .stdout
@load base/protocols/ssl
@load base/protocols/conn
@load base/frameworks/dpd
@load base/protocols/imap
 event imap_capabilities(c: connection, capabilities: string_vec)
 	{
 	print capabilities;
 	}
--- a/testing/btest/scripts/base/protocols/imap/starttls.test
+++ b/testing/btest/scripts/base/protocols/imap/starttls.test
@ -0,0 +1,15 @@
 # @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff ssl.log
 # @TEST-EXEC: btest-diff x509.log
 # @TEST-EXEC: btest-diff .stdout
@load base/protocols/ssl
@load base/protocols/conn
@load base/frameworks/dpd
@load base/protocols/imap
 event imap_starttls(c: connection)
 	{
 	print "Tls started for connection";
 	}
		`@ -1 +1 @@`
			`Subproject commit 424d40c1e8d5888311b50c0e5a9dfc9c5f818b66`				`Subproject commit edbbe445d92cc6a5c2557661195f486b784769db`
		`@ -1 +1 @@`
			`Subproject commit 105dfe4ad6c4ae4563b21cb0466ee350f0af0d43`				`Subproject commit cb771a3cf592d46643eea35d206b9f3e1a0758f7`
		`@ -1 +1 @@`
			`Subproject commit f83038b17fc83788415a58d77f75ad182ca6a9b7`				`Subproject commit b4d1686cdd3f5505e405667b1083e8335cae6928`
		`@ -1 +1 @@`
			`Subproject commit 583f3a3ff1847cf96a87f865d5cf0f36fae9dd67`				`Subproject commit 7df7878abfd864f9ae5609918c0f04f58b5f5e2d`
		`@ -1 +1 @@`
			`Subproject commit 6684ab5109f526fb535013760f17a4c8dff093ae`				`Subproject commit bb3f55f198f9cfd5e545345dd6425dd08ca1d45e`
 1080
 137
+143
 1434
 161
 162
 992
 993
 995
 and
 or
 port
 tcp
 udp
		`@ -0,0 +1 @@`
							`[IMAP4rev1, CHILDREN, ENABLE, ID, IDLE, LIST-EXTENDED, LIST-STATUS, LITERAL+, MOVE, NAMESPACE, SASL-IR, SORT, SPECIAL-USE, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN, STARTTLS, AUTH=LOGIN, AUTH=PLAIN]`