Remove unnecessary #includes in analyzer/packet analyzer/file analyzer headers

2025-10-02 14:48:21 +00:00 · 2025-04-08 14:57:34 -07:00 · 2025-04-08 14:57:34 -07:00 · 456c1fa42c
commit 456c1fa42c
parent 896e41c794
72 changed files with 41 additions and 91 deletions
--- a/src/Discard.cc
+++ b/src/Discard.cc
@ -22,6 +22,8 @@ Discarder::Discarder() {
    discarder_maxlen = static_cast<int>(id::find_val("discarder_maxlen")->AsCount());
 }
 Discarder::~Discarder() {}
 bool Discarder::IsActive() { return check_ip || check_tcp || check_udp || check_icmp; }
 bool Discarder::NextPacket(const std::shared_ptr<IP_Hdr>& ip, int len, int caplen) {
--- a/src/Discard.h
+++ b/src/Discard.h
@ -19,7 +19,7 @@ namespace detail {
 class Discarder final {
 public:
    Discarder();
-    ~Discarder() = default;
+    ~Discarder();
    bool IsActive();
--- a/src/analyzer/Analyzer.h
+++ b/src/analyzer/Analyzer.h
@ -10,7 +10,6 @@
 #include "zeek/EventHandler.h"
 #include "zeek/IntrusivePtr.h"
 #include "zeek/Obj.h"
 #include "zeek/Tag.h"
 #include "zeek/Timer.h"
--- a/src/analyzer/Component.h
+++ b/src/analyzer/Component.h
@ -2,8 +2,6 @@
 #pragma once
 #include "zeek/zeek-config.h"
 #include "zeek/Tag.h"
 #include "zeek/plugin/Component.h"
 #include "zeek/util.h"
--- a/src/analyzer/Manager.h
+++ b/src/analyzer/Manager.h
@ -24,10 +24,10 @@
 #include <vector>
 #include "zeek/IP.h"
 #include "zeek/IPAddr.h"
 #include "zeek/Tag.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/Component.h"
 #include "zeek/analyzer/analyzer.bif.h"
 #include "zeek/net_util.h"
 #include "zeek/plugin/ComponentManager.h"
--- a/src/analyzer/protocol/conn-size/ConnSize.h
+++ b/src/analyzer/protocol/conn-size/ConnSize.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/Analyzer.h"
 namespace zeek::analyzer::conn_size {
--- a/src/analyzer/protocol/dce-rpc/DCE_RPC.h
+++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.h
@ -2,10 +2,8 @@
 #pragma once
-#include "zeek/IPAddr.h"
+#include "zeek/Conn.h"
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/dce-rpc/dce_rpc_pac.h"
 #include "zeek/analyzer/protocol/dce-rpc/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 namespace zeek::analyzer::dce_rpc {
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -792,7 +792,7 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
 void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len, String** p) {
    uint16_t dlen = ExtractShort(data, len);
-    dlen = min(len, static_cast<int>(dlen));
+    dlen = std::min(len, static_cast<int>(dlen));
    if ( p )
        *p = new String(data, dlen, false);
@ -802,8 +802,8 @@ void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len, String** p) {
 }
 String* DNS_Interpreter::ExtractStream(const u_char*& data, int& len, int l) {
-    l = max(l, 0);
+    l = std::max(l, 0);
-    int dlen = min(len, l); // Len in bytes of the algorithm use
+    int dlen = std::min(len, l); // Len in bytes of the algorithm use
    auto rval = new String(data, dlen, false);
    data += dlen;
--- a/src/analyzer/protocol/dns/DNS.h
+++ b/src/analyzer/protocol/dns/DNS.h
@ -3,7 +3,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/binpac_zeek.h"
 namespace zeek::analyzer::dns {
 namespace detail {
--- a/src/analyzer/protocol/gssapi/GSSAPI.h
+++ b/src/analyzer/protocol/gssapi/GSSAPI.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/gssapi/events.bif.h"
 #include "zeek/analyzer/protocol/gssapi/gssapi_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
--- a/src/analyzer/protocol/imap/IMAP.h
+++ b/src/analyzer/protocol/imap/IMAP.h
@ -2,9 +2,6 @@
 #pragma once
 // for std::transform
 #include <algorithm>
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "analyzer/protocol/imap/imap_pac.h"
--- a/src/analyzer/protocol/krb/KRB.h
+++ b/src/analyzer/protocol/krb/KRB.h
@ -2,15 +2,15 @@
 #pragma once
 // This is needed for USE_KRB5 below.
 #include "zeek/zeek-config.h"
 #include <mutex>
 #ifdef USE_KRB5
 #include <krb5/krb5.h>
 #endif
-#include "analyzer/protocol/krb/krb_pac.h"
+#include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/protocol/krb/krb_pac.h"
 namespace zeek::analyzer::krb {
--- a/src/analyzer/protocol/mime/MIME.h
+++ b/src/analyzer/protocol/mime/MIME.h
@ -4,7 +4,6 @@
 #include <cassert>
 #include <cstdio>
 #include <queue>
 #include <vector>
 #include "zeek/Reporter.h"
--- a/src/analyzer/protocol/mqtt/MQTT.h
+++ b/src/analyzer/protocol/mqtt/MQTT.h
@ -4,7 +4,6 @@
 #pragma once
 #include "zeek/ID.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 namespace binpac {
--- a/src/analyzer/protocol/mysql/MySQL.h
+++ b/src/analyzer/protocol/mysql/MySQL.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/mysql/events.bif.h"
 #include "zeek/analyzer/protocol/mysql/mysql_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
--- a/src/analyzer/protocol/ncp/NCP.h
+++ b/src/analyzer/protocol/ncp/NCP.h
@ -17,7 +17,6 @@
 //
 //	http://faydoc.tripod.com/structures/21/2149.htm
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "analyzer/protocol/ncp/ncp_pac.h"
--- a/src/analyzer/protocol/ntlm/NTLM.h
+++ b/src/analyzer/protocol/ntlm/NTLM.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/ntlm/events.bif.h"
 #include "zeek/analyzer/protocol/ntlm/ntlm_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
--- a/src/analyzer/protocol/ntp/NTP.h
+++ b/src/analyzer/protocol/ntp/NTP.h
@ -2,9 +2,7 @@
 #pragma once
 #include "zeek/analyzer/protocol/ntp/events.bif.h"
 #include "zeek/analyzer/protocol/ntp/ntp_pac.h"
 #include "zeek/analyzer/protocol/ntp/types.bif.h"
 namespace zeek::analyzer::ntp {
--- a/src/analyzer/protocol/radius/RADIUS.h
+++ b/src/analyzer/protocol/radius/RADIUS.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/radius/events.bif.h"
 #include "zeek/analyzer/protocol/radius/radius_pac.h"
 namespace zeek::analyzer::radius {
--- a/src/analyzer/protocol/rdp/RDP.h
+++ b/src/analyzer/protocol/rdp/RDP.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/rdp/events.bif.h"
 #include "zeek/analyzer/protocol/rdp/rdp_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
--- a/src/analyzer/protocol/rdp/RDPEUDP.h
+++ b/src/analyzer/protocol/rdp/RDPEUDP.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/rdp/events.bif.h"
 #include "zeek/analyzer/protocol/rdp/rdpeudp_pac.h"
 namespace zeek::analyzer::rdpeudp {
--- a/src/analyzer/protocol/rfb/RFB.h
+++ b/src/analyzer/protocol/rfb/RFB.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/rfb/events.bif.h"
 #include "zeek/analyzer/protocol/rfb/rfb_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
--- a/src/analyzer/protocol/rpc/NFS.h
+++ b/src/analyzer/protocol/rpc/NFS.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/rpc/RPC.h"
 namespace zeek::analyzer::rpc {
--- a/src/analyzer/protocol/rpc/RPC.h
+++ b/src/analyzer/protocol/rpc/RPC.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 namespace zeek::analyzer::rpc {
--- a/src/analyzer/protocol/rpc/XDR.h
+++ b/src/analyzer/protocol/rpc/XDR.h
@ -5,8 +5,6 @@
 #include <netinet/in.h>
 #include <sys/types.h>
 #include "zeek/util.h"
 namespace zeek::analyzer::rpc {
 extern uint32_t extract_XDR_uint32(const u_char*& buf, int& len);
--- a/src/analyzer/protocol/sip/SIP.h
+++ b/src/analyzer/protocol/sip/SIP.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/sip/events.bif.h"
 #include "zeek/analyzer/protocol/sip/sip_pac.h"
 namespace zeek::analyzer::sip {
--- a/src/analyzer/protocol/snmp/SNMP.h
+++ b/src/analyzer/protocol/snmp/SNMP.h
@ -2,7 +2,8 @@
 #pragma once
-#include "analyzer/protocol/snmp/snmp_pac.h"
+#include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/protocol/snmp/snmp_pac.h"
 namespace zeek::analyzer::snmp {
--- a/src/analyzer/protocol/snmp/snmp.pac
+++ b/src/analyzer/protocol/snmp/snmp.pac
@ -2,7 +2,6 @@
 %include zeek.pac
 %extern{
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/snmp/types.bif.h"
 #include "zeek/analyzer/protocol/snmp/events.bif.h"
 %}
--- a/src/analyzer/protocol/ssh/SSH.h
+++ b/src/analyzer/protocol/ssh/SSH.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/ssh/events.bif.h"
 #include "zeek/analyzer/protocol/ssh/ssh_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
--- a/src/analyzer/protocol/ssl/DTLS.h
+++ b/src/analyzer/protocol/ssl/DTLS.h
@ -2,7 +2,7 @@
 #pragma once
-#include "zeek/analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/Analyzer.h"
 namespace binpac {
 namespace DTLS {
--- a/src/analyzer/protocol/ssl/SSL.h
+++ b/src/analyzer/protocol/ssl/SSL.h
@ -3,7 +3,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/analyzer/protocol/ssl/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 namespace binpac {
--- a/src/analyzer/protocol/syslog/legacy/Syslog.h
+++ b/src/analyzer/protocol/syslog/legacy/Syslog.h
@ -2,7 +2,7 @@
 #pragma once
-#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/Analyzer.h"
 #include "analyzer/protocol/syslog/legacy/syslog_pac.h"
--- a/src/analyzer/protocol/tcp/TCP.h
+++ b/src/analyzer/protocol/tcp/TCP.h
@ -3,10 +3,8 @@
 #pragma once
 #include "zeek/Conn.h"
 #include "zeek/IPAddr.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Endpoint.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
 #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
 namespace zeek::analyzer::pia {
--- a/src/analyzer/protocol/zip/ZIP.h
+++ b/src/analyzer/protocol/zip/ZIP.h
@ -2,8 +2,6 @@
 #pragma once
 #include "zeek/zeek-config.h"
 #include <zlib.h>
 #include "zeek/analyzer/protocol/tcp/TCP.h"
--- a/src/file_analysis/Component.h
+++ b/src/file_analysis/Component.h
@ -2,8 +2,6 @@
 #pragma once
 #include "zeek/zeek-config.h"
 #include "zeek/Tag.h"
 #include "zeek/plugin/Component.h"
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -2,21 +2,21 @@
 #include "zeek/file_analysis/File.h"
 #include <limits>
 #include <utility>
 #include "zeek/Conn.h"
 #include "zeek/Event.h"
 #include "zeek/Reporter.h"
 #include "zeek/RuleMatcher.h"
 #include "zeek/Type.h"
 #include "zeek/Val.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/file_analysis/Analyzer.h"
 #include "zeek/file_analysis/FileReassembler.h"
 #include "zeek/file_analysis/FileTimer.h"
 #include "zeek/file_analysis/Manager.h"
 #include "zeek/file_analysis/analyzer/extract/Extract.h"
 #include "zeek/file_analysis/analyzer/extract/events.bif.h"
 namespace zeek::file_analysis {
--- a/src/file_analysis/File.h
+++ b/src/file_analysis/File.h
@ -4,12 +4,10 @@
 #include <list>
 #include <string>
 #include <utility>
 #include "zeek/Tag.h"
 #include "zeek/WeirdState.h"
 #include "zeek/ZeekArgs.h"
 #include "zeek/ZeekList.h" // for ValPList
 #include "zeek/ZeekString.h"
 #include "zeek/file_analysis/AnalyzerSet.h"
--- a/src/file_analysis/FileReassembler.h
+++ b/src/file_analysis/FileReassembler.h
@ -7,7 +7,6 @@
 namespace zeek {
 class Connection;
 class File;
 namespace file_analysis {
--- a/src/file_analysis/analyzer/data_event/DataEvent.h
+++ b/src/file_analysis/analyzer/data_event/DataEvent.h
@ -2,8 +2,6 @@
 #pragma once
 #include <string>
 #include "zeek/EventHandler.h"
 #include "zeek/Val.h"
 #include "zeek/file_analysis/Analyzer.h"
--- a/src/file_analysis/analyzer/entropy/Entropy.cc
+++ b/src/file_analysis/analyzer/entropy/Entropy.cc
@ -6,6 +6,7 @@
 #include "zeek/Event.h"
 #include "zeek/file_analysis/Manager.h"
 #include "zeek/file_analysis/analyzer/entropy/events.bif.h"
 #include "zeek/util.h"
 namespace zeek::file_analysis::detail {
--- a/src/file_analysis/analyzer/entropy/Entropy.h
+++ b/src/file_analysis/analyzer/entropy/Entropy.h
@ -2,13 +2,10 @@
 #pragma once
 #include <string>
 #include "zeek/OpaqueVal.h"
 #include "zeek/Val.h"
 #include "zeek/file_analysis/Analyzer.h"
 #include "zeek/file_analysis/File.h"
 #include "zeek/file_analysis/analyzer/entropy/events.bif.h"
 namespace zeek::file_analysis::detail {
--- a/src/file_analysis/analyzer/extract/Extract.cc
+++ b/src/file_analysis/analyzer/extract/Extract.cc
@ -5,8 +5,8 @@
 #include <fcntl.h>
 #include <string>
 #include "zeek/Event.h"
 #include "zeek/file_analysis/Manager.h"
 #include "zeek/file_analysis/analyzer/extract/events.bif.h"
 #include "zeek/util.h"
 namespace zeek::file_analysis::detail {
--- a/src/file_analysis/analyzer/extract/Extract.h
+++ b/src/file_analysis/analyzer/extract/Extract.h
@ -8,7 +8,6 @@
 #include "zeek/Val.h"
 #include "zeek/file_analysis/Analyzer.h"
 #include "zeek/file_analysis/File.h"
 #include "zeek/file_analysis/analyzer/extract/events.bif.h"
 namespace zeek::file_analysis::detail {
--- a/src/file_analysis/analyzer/hash/Hash.h
+++ b/src/file_analysis/analyzer/hash/Hash.h
@ -2,8 +2,6 @@
 #pragma once
 #include <string>
 #include "zeek/OpaqueVal.h"
 #include "zeek/Val.h"
 #include "zeek/file_analysis/Analyzer.h"
--- a/src/file_analysis/analyzer/pe/PE.h
+++ b/src/file_analysis/analyzer/pe/PE.h
@ -2,9 +2,6 @@
 #pragma once
 #include <string>
 #include "zeek/File.h"
 #include "zeek/Val.h"
 #include "file_analysis/analyzer/pe/pe_pac.h"
--- a/src/packet_analysis/Component.h
+++ b/src/packet_analysis/Component.h
@ -2,8 +2,6 @@
 #pragma once
 #include "zeek/zeek-config.h"
 #include <functional>
 #include "zeek/Tag.h"
--- a/src/packet_analysis/Dispatcher.h
+++ b/src/packet_analysis/Dispatcher.h
@ -3,7 +3,6 @@
 #pragma once
 #include <cstdint>
 #include <map>
 #include <memory>
 #include <vector>
--- a/src/packet_analysis/Manager.h
+++ b/src/packet_analysis/Manager.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/Func.h"
 #include "zeek/PacketFilter.h"
 #include "zeek/Tag.h"
 #include "zeek/iosource/Packet.h"
--- a/src/packet_analysis/protocol/ayiya/AYIYA.h
+++ b/src/packet_analysis/protocol/ayiya/AYIYA.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::AYIYA {
--- a/src/packet_analysis/protocol/fddi/FDDI.h
+++ b/src/packet_analysis/protocol/fddi/FDDI.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::FDDI {
--- a/src/packet_analysis/protocol/geneve/Geneve.h
+++ b/src/packet_analysis/protocol/geneve/Geneve.h
@ -2,11 +2,12 @@
 #pragma once
 #include <cstdint>
 #include <functional>
 #include "zeek/Span.h"
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::Geneve {
--- a/src/packet_analysis/protocol/gre/GRE.h
+++ b/src/packet_analysis/protocol/gre/GRE.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::GRE {
--- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
+++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
@ -2,6 +2,7 @@
 #include "zeek/packet_analysis/protocol/icmp/ICMPSessionAdapter.h"
 #include "zeek/Conn.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/conn-size/ConnSize.h"
--- a/src/packet_analysis/protocol/ieee802_11/IEEE802_11.h
+++ b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::IEEE802_11 {
--- a/src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h
+++ b/src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::IEEE802_11_Radio {
--- a/src/packet_analysis/protocol/ip/IP.cc
+++ b/src/packet_analysis/protocol/ip/IP.cc
@ -8,7 +8,6 @@
 #include "zeek/Event.h"
 #include "zeek/Frag.h"
 #include "zeek/IP.h"
 #include "zeek/IPAddr.h"
 #include "zeek/NetVar.h"
 #include "zeek/PacketFilter.h"
 #include "zeek/RunState.h"
--- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
+++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
@ -5,7 +5,6 @@
 #include <map>
 #include <set>
 #include "zeek/ID.h"
 #include "zeek/Tag.h"
 #include "zeek/packet_analysis/Analyzer.h"
--- a/src/packet_analysis/protocol/linux_sll2/LinuxSLL2.h
+++ b/src/packet_analysis/protocol/linux_sll2/LinuxSLL2.h
@ -2,8 +2,10 @@
 #pragma once
 #include <cstdint>
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::LinuxSLL2 {
--- a/src/packet_analysis/protocol/llc/LLC.h
+++ b/src/packet_analysis/protocol/llc/LLC.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::LLC {
--- a/src/packet_analysis/protocol/mpls/MPLS.h
+++ b/src/packet_analysis/protocol/mpls/MPLS.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::MPLS {
--- a/src/packet_analysis/protocol/nflog/NFLog.h
+++ b/src/packet_analysis/protocol/nflog/NFLog.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::NFLog {
--- a/src/packet_analysis/protocol/novell_802_3/Novell_802_3.h
+++ b/src/packet_analysis/protocol/novell_802_3/Novell_802_3.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::Novell_802_3 {
--- a/src/packet_analysis/protocol/ppp/PPP.h
+++ b/src/packet_analysis/protocol/ppp/PPP.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::PPP {
--- a/src/packet_analysis/protocol/ppp_serial/PPPSerial.h
+++ b/src/packet_analysis/protocol/ppp_serial/PPPSerial.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::PPPSerial {
--- a/src/packet_analysis/protocol/pppoe/PPPoE.h
+++ b/src/packet_analysis/protocol/pppoe/PPPoE.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::PPPoE {
--- a/src/packet_analysis/protocol/tcp/TCP.h
+++ b/src/packet_analysis/protocol/tcp/TCP.h
@ -2,7 +2,6 @@
 #pragma once
 #include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 #include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
--- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
+++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
@ -5,8 +5,6 @@
 #include "zeek/Tag.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Endpoint.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 #include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
 #include "zeek/session/Manager.h"
--- a/src/packet_analysis/protocol/teredo/Teredo.h
+++ b/src/packet_analysis/protocol/teredo/Teredo.h
@ -5,7 +5,6 @@
 #include <map>
 #include "zeek/Conn.h"
 #include "zeek/NetVar.h"
 #include "zeek/RE.h"
 #include "zeek/Reporter.h"
 #include "zeek/packet_analysis/Analyzer.h"
--- a/src/packet_analysis/protocol/vntag/VNTag.h
+++ b/src/packet_analysis/protocol/vntag/VNTag.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::VNTag {
--- a/src/packet_analysis/protocol/vxlan/VXLAN.h
+++ b/src/packet_analysis/protocol/vxlan/VXLAN.h
@ -2,8 +2,8 @@
 #pragma once
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"
 namespace zeek::packet_analysis::VXLAN {
--- a/src/spicy/manager.cc
+++ b/src/spicy/manager.cc
@ -24,6 +24,7 @@
 #include <hilti/autogen/config.h>
 #include "zeek/Event.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/file_analysis/Manager.h"
 #include "zeek/packet_analysis/Manager.h"
--- a/testing/btest/plugins/protocol-plugin/src/Foo.cc
+++ b/testing/btest/plugins/protocol-plugin/src/Foo.cc
@ -2,6 +2,7 @@
 #include "Foo.h"
 #include "zeek/EventRegistry.h"
 #include "zeek/Func.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "events.bif.h"