Move EventMgr, EventHandler, and EventRegistry code to zeek namespace. Rename mgr to event_mgr.

src/file_analysis/File.cc

@@ -612,12 +612,12 @@ void File::Gap(uint64_t offset, uint64_t len)
 	IncrementByteCount(len, missing_bytes_idx);
 	}
 
-bool File::FileEventAvailable(EventHandlerPtr h)
+bool File::FileEventAvailable(zeek::EventHandlerPtr h)
 	{
 	return h && ! file_mgr->IsIgnored(id);
 	}
 
-void File::FileEvent(EventHandlerPtr h)
+void File::FileEvent(zeek::EventHandlerPtr h)
 	{
 	if ( ! FileEventAvailable(h) )
 		return;
@@ -625,27 +625,27 @@ void File::FileEvent(EventHandlerPtr h)
 	FileEvent(h, zeek::Args{val});
 	}
 
-void File::FileEvent(EventHandlerPtr h, val_list* vl)
+void File::FileEvent(zeek::EventHandlerPtr h, val_list* vl)
 	{
 	FileEvent(h, zeek::val_list_to_args(*vl));
 	delete vl;
 	}
 
-void File::FileEvent(EventHandlerPtr h, val_list vl)
+void File::FileEvent(zeek::EventHandlerPtr h, val_list vl)
 	{
 	FileEvent(h, zeek::val_list_to_args(vl));
 	}
 
-void File::FileEvent(EventHandlerPtr h, zeek::Args args)
+void File::FileEvent(zeek::EventHandlerPtr h, zeek::Args args)
 	{
-	mgr.Enqueue(h, std::move(args));
+	zeek::event_mgr.Enqueue(h, std::move(args));
 
 	if ( h == file_new || h == file_over_new_connection ||
 	     h == file_sniff ||
 	     h == file_timeout || h == file_extraction_limit )
 		{
 		// immediate feedback is required for these events.
-		mgr.Drain();
+		zeek::event_mgr.Drain();
 		analyzers.DrainModifications();
 		}
 	}

src/file_analysis/File.h

@@ -14,8 +14,8 @@
 #include "WeirdState.h"
 
 class Connection;
-class EventHandlerPtr;
 
+ZEEK_FORWARD_DECLARE_NAMESPACED(EventHandlerPtr, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
 namespace zeek {
@@ -179,14 +179,14 @@ public:
 	 * @param h pointer to an event handler.
 	 * @return true if event has a handler and the file isn't ignored.
 	 */
-	bool FileEventAvailable(EventHandlerPtr h);
+	bool FileEventAvailable(zeek::EventHandlerPtr h);
 
 	/**
 	 * Raises an event related to the file's life-cycle, the only parameter
 	 * to that event is the \c fa_file record..
 	 * @param h pointer to an event handler.
 	 */
-	void FileEvent(EventHandlerPtr h);
+	void FileEvent(zeek::EventHandlerPtr h);
 
 	/**
 	 * Raises an event related to the file's life-cycle.
@@ -194,7 +194,7 @@ public:
 	 * @param vl list of argument values to pass to event call.
 	 */
 	[[deprecated("Remove in v4.1. Use zeek::Args overload instead.")]]
-	void FileEvent(EventHandlerPtr h, val_list* vl);
+	void FileEvent(zeek::EventHandlerPtr h, val_list* vl);
 
 	/**
 	 * Raises an event related to the file's life-cycle.
@@ -202,14 +202,14 @@ public:
 	 * @param vl list of argument values to pass to event call.
 	 */
 	[[deprecated("Remove in v4.1. Use zeek::Args overload instead.")]]
-	void FileEvent(EventHandlerPtr h, val_list vl);
+	void FileEvent(zeek::EventHandlerPtr h, val_list vl);
 
 	/**
 	 * Raises an event related to the file's life-cycle.
 	 * @param h pointer to an event handler.
 	 * @param args list of argument values to pass to event call.
 	 */
-	void FileEvent(EventHandlerPtr h, zeek::Args args);
+	void FileEvent(zeek::EventHandlerPtr h, zeek::Args args);
 
 	/**
 	 * Sets the MIME type for a file to a specific value.

src/file_analysis/Manager.cc

@@ -61,7 +61,7 @@ void Manager::Terminate()
 	for ( const string& key : keys )
 		Timeout(key, true);
 
-	mgr.Drain();
+	zeek::event_mgr.Drain();
 	}
 
 string Manager::HashHandle(const string& handle) const
@@ -435,8 +435,8 @@ string Manager::GetFileID(const zeek::analyzer::Tag& tag, Connection* c, bool is
 
 	const auto& tagval = tag.AsVal();
 
-	mgr.Enqueue(get_file_handle, tagval, c->ConnVal(), zeek::val_mgr->Bool(is_orig));
-	mgr.Drain(); // need file handle immediately so we don't have to buffer data
+	zeek::event_mgr.Enqueue(get_file_handle, tagval, c->ConnVal(), zeek::val_mgr->Bool(is_orig));
+	zeek::event_mgr.Drain(); // need file handle immediately so we don't have to buffer data
 	return current_file_id;
 	}
 

src/file_analysis/analyzer/data_event/DataEvent.cc

@@ -12,7 +12,7 @@
 using namespace file_analysis;
 
 DataEvent::DataEvent(zeek::RecordValPtr args, File* file,
-                     EventHandlerPtr ce, EventHandlerPtr se)
+                     zeek::EventHandlerPtr ce, zeek::EventHandlerPtr se)
     : file_analysis::Analyzer(file_mgr->GetComponentTag("DATA_EVENT"),
 	                          std::move(args), file),
 	chunk_event(ce), stream_event(se)
@@ -27,14 +27,14 @@ file_analysis::Analyzer* DataEvent::Instantiate(zeek::RecordValPtr args,
 
 	if ( ! chunk_val && ! stream_val ) return nullptr;
 
-	EventHandlerPtr chunk;
-	EventHandlerPtr stream;
+	zeek::EventHandlerPtr chunk;
+	zeek::EventHandlerPtr stream;
 
 	if ( chunk_val )
-		chunk = event_registry->Lookup(chunk_val->AsFunc()->Name());
+		chunk = zeek::event_registry->Lookup(chunk_val->AsFunc()->Name());
 
 	if ( stream_val )
-		stream = event_registry->Lookup(stream_val->AsFunc()->Name());
+		stream = zeek::event_registry->Lookup(stream_val->AsFunc()->Name());
 
 	return new DataEvent(std::move(args), file, chunk, stream);
 	}
@@ -43,10 +43,10 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
 	{
 	if ( ! chunk_event ) return true;
 
-	mgr.Enqueue(chunk_event,
-	            GetFile()->ToVal(),
-	            zeek::make_intrusive<zeek::StringVal>(new zeek::String(data, len, false)),
-	            zeek::val_mgr->Count(offset)
+	zeek::event_mgr.Enqueue(chunk_event,
+	                        GetFile()->ToVal(),
+	                        zeek::make_intrusive<zeek::StringVal>(new zeek::String(data, len, false)),
+	                        zeek::val_mgr->Count(offset)
 	);
 
 	return true;
@@ -56,9 +56,9 @@ bool DataEvent::DeliverStream(const u_char* data, uint64_t len)
 	{
 	if ( ! stream_event ) return true;
 
-	mgr.Enqueue(stream_event,
-	            GetFile()->ToVal(),
-	            zeek::make_intrusive<zeek::StringVal>(new zeek::String(data, len, false))
+	zeek::event_mgr.Enqueue(stream_event,
+	                        GetFile()->ToVal(),
+	                        zeek::make_intrusive<zeek::StringVal>(new zeek::String(data, len, false))
 	);
 
 	return true;

src/file_analysis/analyzer/data_event/DataEvent.h

@@ -58,11 +58,11 @@ protected:
 	 *        sequential file data.
 	 */
 	DataEvent(zeek::RecordValPtr args, File* file,
-	          EventHandlerPtr ce, EventHandlerPtr se);
+	          zeek::EventHandlerPtr ce, zeek::EventHandlerPtr se);
 
 private:
-	EventHandlerPtr chunk_event;
-	EventHandlerPtr stream_event;
+	zeek::EventHandlerPtr chunk_event;
+	zeek::EventHandlerPtr stream_event;
 };
 
 } // namespace file_analysis

src/file_analysis/analyzer/entropy/Entropy.cc

@@ -70,8 +70,8 @@ void Entropy::Finalize()
 	ent_result->Assign<zeek::DoubleVal>(3, montepi);
 	ent_result->Assign<zeek::DoubleVal>(4, scc);
 
-	mgr.Enqueue(file_entropy,
-		GetFile()->ToVal(),
-		std::move(ent_result)
+	zeek::event_mgr.Enqueue(file_entropy,
+	                        GetFile()->ToVal(),
+	                        std::move(ent_result)
 	);
 	}

src/file_analysis/analyzer/hash/Hash.cc

@@ -53,9 +53,9 @@ void Hash::Finalize()
 	if ( ! file_hash )
 		return;
 
-	mgr.Enqueue(file_hash,
-	            GetFile()->ToVal(),
-	            zeek::make_intrusive<zeek::StringVal>(kind),
-	            hash->Get()
+	zeek::event_mgr.Enqueue(file_hash,
+	                        GetFile()->ToVal(),
+	                        zeek::make_intrusive<zeek::StringVal>(kind),
+	                        hash->Get()
 	);
 	}

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -65,7 +65,7 @@ refine flow File += {
 			dh->Assign(15, zeek::val_mgr->Count(${h.OEMinfo}));
 			dh->Assign(16, zeek::val_mgr->Count(${h.AddressOfNewExeHeader}));
 
-			mgr.Enqueue(pe_dos_header,
+			zeek::event_mgr.Enqueue(pe_dos_header,
 			    connection()->bro_analyzer()->GetFile()->ToVal(),
 			    std::move(dh));
 			}
@@ -75,7 +75,7 @@ refine flow File += {
 	function proc_dos_code(code: bytestring): bool
 		%{
 		if ( pe_dos_code )
-			mgr.Enqueue(pe_dos_code,
+			zeek::event_mgr.Enqueue(pe_dos_code,
 			    connection()->bro_analyzer()->GetFile()->ToVal(),
 			    zeek::make_intrusive<zeek::StringVal>(code.length(), (const char*) code.data())
 			    );
@@ -104,7 +104,7 @@ refine flow File += {
 			fh->Assign(4, zeek::val_mgr->Count(${h.SizeOfOptionalHeader}));
 			fh->Assign(5, characteristics_to_bro(${h.Characteristics}, 16));
 
-			mgr.Enqueue(pe_file_header,
+			zeek::event_mgr.Enqueue(pe_file_header,
 			    connection()->bro_analyzer()->GetFile()->ToVal(),
 			    std::move(fh));
 			}
@@ -155,7 +155,7 @@ refine flow File += {
 
 			oh->Assign(23, process_rvas(${h.rvas}));
 
-			mgr.Enqueue(pe_optional_header,
+			zeek::event_mgr.Enqueue(pe_optional_header,
 			    connection()->bro_analyzer()->GetFile()->ToVal(),
 			    std::move(oh));
 			}
@@ -187,7 +187,7 @@ refine flow File += {
 			section_header->Assign(8, zeek::val_mgr->Count(${h.non_used_num_of_line_nums}));
 			section_header->Assign(9, characteristics_to_bro(${h.characteristics}, 32));
 
-			mgr.Enqueue(pe_section_header,
+			zeek::event_mgr.Enqueue(pe_section_header,
 			    connection()->bro_analyzer()->GetFile()->ToVal(),
 			    std::move(section_header)
 			    );

src/file_analysis/analyzer/unified2/unified2-analyzer.pac

@@ -86,7 +86,7 @@ refine flow Flow += {
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
 			ids_event->Assign(17, zeek::val_mgr->Count(${ev.packet_action}));
 
-			mgr.Enqueue(::unified2_event,
+			zeek::event_mgr.Enqueue(::unified2_event,
 					connection()->bro_analyzer()->GetFile()->ToVal(),
 					std::move(ids_event));
 			}
@@ -116,7 +116,7 @@ refine flow Flow += {
 			ids_event->Assign(15, zeek::val_mgr->Count(${ev.mpls_label}));
 			ids_event->Assign(16, zeek::val_mgr->Count(${ev.vlan_id}));
 
-			mgr.Enqueue(::unified2_event,
+			zeek::event_mgr.Enqueue(::unified2_event,
 					connection()->bro_analyzer()->GetFile()->ToVal(),
 					std::move(ids_event));
 			}
@@ -136,7 +136,7 @@ refine flow Flow += {
 			packet->Assign(4, zeek::val_mgr->Count(${pkt.link_type}));
 			packet->Assign(5, to_stringval(${pkt.packet_data}));
 
-			mgr.Enqueue(::unified2_packet,
+			zeek::event_mgr.Enqueue(::unified2_packet,
 					connection()->bro_analyzer()->GetFile()->ToVal(),
 					std::move(packet));
 			}

src/file_analysis/analyzer/x509/OCSP.cc

@@ -415,9 +415,9 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
 #endif
 
 	if ( ocsp_request )
-		mgr.Enqueue(ocsp_request,
-			GetFile()->ToVal(),
-			zeek::val_mgr->Count(version)
+		zeek::event_mgr.Enqueue(ocsp_request,
+		                        GetFile()->ToVal(),
+		                        zeek::val_mgr->Count(version)
 		);
 
 	BIO *bio = BIO_new(BIO_s_mem());
@@ -435,7 +435,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
 		ocsp_add_cert_id(cert_id, &rvl, bio);
 
 		if ( ocsp_request_certificate )
-			mgr.Enqueue(ocsp_request_certificate, std::move(rvl));
+			zeek::event_mgr.Enqueue(ocsp_request_certificate, std::move(rvl));
 		}
 
 	BIO_free(bio);
@@ -461,7 +461,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 	auto status_val = zeek::make_intrusive<zeek::StringVal>(strlen(status_str), status_str);
 
 	if ( ocsp_response_status )
-		mgr.Enqueue(ocsp_response_status, GetFile()->ToVal(), status_val);
+		zeek::event_mgr.Enqueue(ocsp_response_status, GetFile()->ToVal(), status_val);
 
 	//if (!resp_bytes)
 	//	{
@@ -592,7 +592,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(0.0));
 
 		if ( ocsp_response_certificate )
-			mgr.Enqueue(ocsp_response_certificate, std::move(rvl));
+			zeek::event_mgr.Enqueue(ocsp_response_certificate, std::move(rvl));
 
 		num_ext = OCSP_SINGLERESP_get_ext_count(single_resp);
 		for ( int k = 0; k < num_ext; ++k )
@@ -643,7 +643,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 	  }
 
 	if ( ocsp_response_bytes )
-		mgr.Enqueue(ocsp_response_bytes, std::move(vl));
+		zeek::event_mgr.Enqueue(ocsp_response_bytes, std::move(vl));
 
 	// ok, now that we are done with the actual certificate - let's parse extensions :)
 	num_ext = OCSP_BASICRESP_get_ext_count(basic_resp);

src/file_analysis/analyzer/x509/X509.cc

@@ -86,10 +86,10 @@ bool file_analysis::X509::EndOfFile()
 
 	// and send the record on to scriptland
 	if ( x509_certificate )
-		mgr.Enqueue(x509_certificate,
-		            GetFile()->ToVal(),
-		            zeek::IntrusivePtr{zeek::NewRef{}, cert_val},
-		            cert_record);
+		zeek::event_mgr.Enqueue(x509_certificate,
+		                        GetFile()->ToVal(),
+		                        zeek::IntrusivePtr{zeek::NewRef{}, cert_val},
+		                        cert_record);
 
 	// after parsing the certificate - parse the extensions...
 
@@ -296,9 +296,9 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 			if ( constr->pathlen )
 				pBasicConstraint->Assign(1, zeek::val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen)));
 
-			mgr.Enqueue(x509_ext_basic_constraints,
-				GetFile()->ToVal(),
-				std::move(pBasicConstraint)
+			zeek::event_mgr.Enqueue(x509_ext_basic_constraints,
+			                        GetFile()->ToVal(),
+			                        std::move(pBasicConstraint)
 			);
 			}
 
@@ -437,9 +437,9 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 
 		sanExt->Assign(4, zeek::val_mgr->Bool(otherfields));
 
-		mgr.Enqueue(x509_ext_subject_alternative_name,
-		            GetFile()->ToVal(),
-		            std::move(sanExt));
+		zeek::event_mgr.Enqueue(x509_ext_subject_alternative_name,
+		                        GetFile()->ToVal(),
+		                        std::move(sanExt));
 	GENERAL_NAMES_free(altname);
 	}
 

src/file_analysis/analyzer/x509/X509Common.cc

@@ -231,7 +231,7 @@ void file_analysis::X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION*
 	delete conn;
 	}
 
-void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global)
+void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const zeek::EventHandlerPtr& h, bool global)
 	{
 	char name[256];
 	char oid[256];
@@ -288,11 +288,11 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
 	// but I am not sure if there is a better way to do it...
 
 	if ( h == ocsp_extension )
-		mgr.Enqueue(h, GetFile()->ToVal(),
-					std::move(pX509Ext),
-					zeek::val_mgr->Bool(global));
+		zeek::event_mgr.Enqueue(h, GetFile()->ToVal(),
+		                        std::move(pX509Ext),
+		                        zeek::val_mgr->Bool(global));
 	else
-		mgr.Enqueue(h, GetFile()->ToVal(), std::move(pX509Ext));
+		zeek::event_mgr.Enqueue(h, GetFile()->ToVal(), std::move(pX509Ext));
 
 	// let individual analyzers parse more.
 	ParseExtensionsSpecific(ex, global, ext_asn, oid);

src/file_analysis/analyzer/x509/X509Common.h

@@ -10,8 +10,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 
-class EventHandlerPtr;
-
+ZEEK_FORWARD_DECLARE_NAMESPACED(EventHandlerPtr, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Reporter, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
 
@@ -48,7 +47,7 @@ protected:
 	X509Common(const file_analysis::Tag& arg_tag,
 	           zeek::RecordValPtr arg_args, File* arg_file);
 
-	void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global);
+	void ParseExtension(X509_EXTENSION* ex, const zeek::EventHandlerPtr& h, bool global);
 	void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);
 	virtual void ParseExtensionsSpecific(X509_EXTENSION* ex, bool, ASN1_OBJECT*, const char*) = 0;
 };

src/file_analysis/analyzer/x509/x509-extension.pac

@@ -38,7 +38,7 @@ refine connection MockConnection += {
 		if ( ! x509_ocsp_ext_signed_certificate_timestamp )
 			return true;
 
-		mgr.Enqueue(x509_ocsp_ext_signed_certificate_timestamp,
+		zeek::event_mgr.Enqueue(x509_ocsp_ext_signed_certificate_timestamp,
 			bro_analyzer()->GetFile()->ToVal(),
 			zeek::val_mgr->Count(version),
 			zeek::make_intrusive<zeek::StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())),