Fix includes of bif.h and _pac.h files to use full paths inside build directory

2025-10-02 06:38:20 +00:00 · 2020-11-03 14:03:33 -07:00 · 2020-11-03 14:03:33 -07:00 · 5589484f26
commit 5589484f26
parent 133ab55c91
135 changed files with 208 additions and 209 deletions
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -1,6 +1,5 @@
 // See the file "COPYING" in the main distribution directory for copyright.

-
 #include "zeek-config.h"
 #include "zeek/Sessions.h"

--- a/src/analyzer/protocol/ayiya/AYIYA.h
+++ b/src/analyzer/protocol/ayiya/AYIYA.h
@ -1,6 +1,6 @@
 #pragma once

-#include "ayiya_pac.h"
+#include "analyzer/protocol/ayiya/ayiya_pac.h"

 namespace binpac::AYIYA { class AYIYA_Conn; }

--- a/src/analyzer/protocol/bittorrent/BitTorrent.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc
@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/bittorrent/BitTorrent.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

-#include "events.bif.h"
+#include "analyzer/protocol/bittorrent/events.bif.h"

 namespace zeek::analyzer::bittorrent {

--- a/src/analyzer/protocol/bittorrent/BitTorrent.h
+++ b/src/analyzer/protocol/bittorrent/BitTorrent.h
@ -4,7 +4,7 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "bittorrent_pac.h"
+#include "analyzer/protocol/bittorrent/bittorrent_pac.h"

 namespace zeek::analyzer::bittorrent {

--- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
@ -8,7 +8,7 @@

 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

-#include "events.bif.h"
+#include "analyzer/protocol/bittorrent/events.bif.h"

 # define FMT_INT "%" PRId64
 # define FMT_UINT "%" PRIu64
--- a/src/analyzer/protocol/bittorrent/bittorrent.pac
+++ b/src/analyzer/protocol/bittorrent/bittorrent.pac
@ -6,7 +6,7 @@
 %extern{
 #define MSGLEN_LIMIT 0x40000

-#include "events.bif.h"
+#include "analyzer/protocol/bittorrent/events.bif.h"
 %}

 analyzer BitTorrent withcontext {
--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@ -9,7 +9,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/RunState.h"

-#include "events.bif.h"
+#include "analyzer/protocol/conn-size/events.bif.h"

 namespace zeek::analyzer::conn_size {

--- a/src/analyzer/protocol/dce-rpc/DCE_RPC.h
+++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.h
@ -6,8 +6,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/IPAddr.h"

-#include "events.bif.h"
-#include "dce_rpc_pac.h"
+#include "analyzer/protocol/dce-rpc/events.bif.h"
+#include "analyzer/protocol/dce-rpc/dce_rpc_pac.h"

 namespace zeek::analyzer::dce_rpc {

--- a/src/analyzer/protocol/dce-rpc/dce_rpc.pac
+++ b/src/analyzer/protocol/dce-rpc/dce_rpc.pac
@ -2,9 +2,9 @@
 %include zeek.pac

 %extern{
-#include "consts.bif.h"
-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/dce-rpc/consts.bif.h"
+#include "analyzer/protocol/dce-rpc/types.bif.h"
+#include "analyzer/protocol/dce-rpc/events.bif.h"
 %}

 analyzer DCE_RPC withcontext {
--- a/src/analyzer/protocol/dhcp/DHCP.cc
+++ b/src/analyzer/protocol/dhcp/DHCP.cc
@ -1,7 +1,7 @@
 #include "zeek/analyzer/protocol/dhcp/DHCP.h"

-#include "events.bif.h"
-#include "types.bif.h"
+#include "analyzer/protocol/dhcp/events.bif.h"
+#include "analyzer/protocol/dhcp/types.bif.h"

 namespace zeek::analyzer::dhcp {

--- a/src/analyzer/protocol/dhcp/DHCP.h
+++ b/src/analyzer/protocol/dhcp/DHCP.h
@ -2,7 +2,7 @@

 #include "zeek/analyzer/protocol/udp/UDP.h"

-#include "dhcp_pac.h"
+#include "analyzer/protocol/dhcp/dhcp_pac.h"

 namespace zeek::analyzer::dhcp {

--- a/src/analyzer/protocol/dhcp/dhcp.pac
+++ b/src/analyzer/protocol/dhcp/dhcp.pac
@ -2,8 +2,8 @@
 %include zeek.pac

 %extern{
-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/dhcp/types.bif.h"
+#include "analyzer/protocol/dhcp/events.bif.h"
 %}

 analyzer DHCP withcontext {
--- a/src/analyzer/protocol/dnp3/DNP3.cc
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@ -99,7 +99,7 @@
 #include "zeek/analyzer/protocol/dnp3/DNP3.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/dnp3/events.bif.h"

 constexpr unsigned int PSEUDO_LENGTH_INDEX = 2;		// index of len field of DNP3 Pseudo Link Layer
 constexpr unsigned int PSEUDO_CONTROL_FIELD_INDEX = 3;	// index of ctrl field of DNP3 Pseudo Link Layer
--- a/src/analyzer/protocol/dnp3/DNP3.h
+++ b/src/analyzer/protocol/dnp3/DNP3.h
@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/analyzer/protocol/udp/UDP.h"

-#include "dnp3_pac.h"
+#include "analyzer/protocol/dnp3/dnp3_pac.h"

 namespace zeek::analyzer::dnp3 {

--- a/src/analyzer/protocol/dnp3/dnp3.pac
+++ b/src/analyzer/protocol/dnp3/dnp3.pac
@ -3,7 +3,7 @@
 %include zeek.pac

 %extern{
-#include "events.bif.h"
+#include "analyzer/protocol/dnp3/events.bif.h"
 %}

 analyzer DNP3 withcontext {
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -15,7 +15,7 @@
 #include "zeek/Event.h"
 #include "zeek/RunState.h"

-#include "events.bif.h"
+#include "analyzer/protocol/dns/events.bif.h"

 namespace zeek::analyzer::dns {

--- a/src/analyzer/protocol/file/File.cc
+++ b/src/analyzer/protocol/file/File.cc
@ -7,7 +7,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/util.h"

-#include "events.bif.h"
+#include "analyzer/protocol/file/events.bif.h"

 namespace zeek::analyzer::file {

--- a/src/analyzer/protocol/finger/Finger.cc
+++ b/src/analyzer/protocol/finger/Finger.cc
@ -9,7 +9,7 @@
 #include "zeek/Event.h"
 #include "zeek/analyzer/protocol/tcp/ContentLine.h"

-#include "events.bif.h"
+#include "analyzer/protocol/finger/events.bif.h"

 namespace zeek::analyzer::finger {

--- a/src/analyzer/protocol/gnutella/Gnutella.cc
+++ b/src/analyzer/protocol/gnutella/Gnutella.cc
@ -12,7 +12,7 @@
 #include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/analyzer/Manager.h"

-#include "events.bif.h"
+#include "analyzer/protocol/gnutella/events.bif.h"

 namespace zeek::analyzer::gnutella {

--- a/src/analyzer/protocol/gssapi/GSSAPI.cc
+++ b/src/analyzer/protocol/gssapi/GSSAPI.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/gssapi/events.bif.h"

 namespace zeek::analyzer::gssapi {

--- a/src/analyzer/protocol/gssapi/GSSAPI.h
+++ b/src/analyzer/protocol/gssapi/GSSAPI.h
@ -4,8 +4,8 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "events.bif.h"
-#include "gssapi_pac.h"
+#include "analyzer/protocol/gssapi/events.bif.h"
+#include "analyzer/protocol/gssapi/gssapi_pac.h"

 namespace zeek::analyzer::gssapi {

--- a/src/analyzer/protocol/gssapi/gssapi.pac
+++ b/src/analyzer/protocol/gssapi/gssapi.pac
@ -5,7 +5,7 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/Analyzer.h"

-#include "events.bif.h"
+#include "analyzer/protocol/gssapi/events.bif.h"
 %}

 analyzer GSSAPI withcontext {
--- a/src/analyzer/protocol/gtpv1/GTPv1.cc
+++ b/src/analyzer/protocol/gtpv1/GTPv1.cc
@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/gtpv1/GTPv1.h"
 #include "zeek/packet_analysis/protocol/iptunnel/IPTunnel.h"

-#include "events.bif.h"
+#include "analyzer/protocol/gtpv1/events.bif.h"

 namespace zeek::analyzer::gtpv1 {

--- a/src/analyzer/protocol/gtpv1/GTPv1.h
+++ b/src/analyzer/protocol/gtpv1/GTPv1.h
@ -1,6 +1,6 @@
 #pragma once

-#include "gtpv1_pac.h"
+#include "analyzer/protocol/gtpv1/gtpv1_pac.h"

 namespace binpac::GTPv1 { class GTPv1_Conn; }

--- a/src/analyzer/protocol/gtpv1/gtpv1.pac
+++ b/src/analyzer/protocol/gtpv1/gtpv1.pac
@ -6,7 +6,7 @@
 #include "zeek/TunnelEncapsulation.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/gtpv1/events.bif.h"
 %}

 analyzer GTPv1 withcontext {
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -14,7 +14,7 @@
 #include "zeek/analyzer/protocol/mime/MIME.h"
 #include "zeek/file_analysis/Manager.h"

-#include "events.bif.h"
+#include "analyzer/protocol/http/events.bif.h"

 namespace zeek::analyzer::http {

--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@ -14,7 +14,7 @@
 #include "zeek/Desc.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/icmp/events.bif.h"

 namespace zeek::analyzer::icmp {

--- a/src/analyzer/protocol/ident/Ident.cc
+++ b/src/analyzer/protocol/ident/Ident.cc
@ -9,7 +9,7 @@
 #include "zeek/NetVar.h"
 #include "zeek/Event.h"

-#include "events.bif.h"
+#include "analyzer/protocol/ident/events.bif.h"

 namespace zeek::analyzer::ident {

--- a/src/analyzer/protocol/imap/IMAP.h
+++ b/src/analyzer/protocol/imap/IMAP.h
@ -7,7 +7,7 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "imap_pac.h"
+#include "analyzer/protocol/imap/imap_pac.h"

 namespace zeek::analyzer::imap {

--- a/src/analyzer/protocol/imap/imap.pac
+++ b/src/analyzer/protocol/imap/imap.pac
@ -16,7 +16,7 @@ using IMAPAnalyzer = zeek::analyzer::imap::IMAP_Analyzer*;
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/imap/IMAP.h"

-#include "events.bif.h"
+#include "analyzer/protocol/imap/events.bif.h"

 %}

--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@ -9,7 +9,7 @@
 #include "zeek/analyzer/protocol/zip/ZIP.h"
 #include "zeek/analyzer/Manager.h"

-#include "events.bif.h"
+#include "analyzer/protocol/irc/events.bif.h"

 using namespace std;

--- a/src/analyzer/protocol/krb/KRB.cc
+++ b/src/analyzer/protocol/krb/KRB.cc
@ -4,8 +4,8 @@

 #include <unistd.h>

-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/krb/types.bif.h"
+#include "analyzer/protocol/krb/events.bif.h"

 namespace zeek::analyzer::krb {

--- a/src/analyzer/protocol/krb/KRB.h
+++ b/src/analyzer/protocol/krb/KRB.h
@ -9,7 +9,7 @@
 #include <krb5.h>
 #endif

-#include "krb_pac.h"
+#include "analyzer/protocol/krb/krb_pac.h"

 namespace zeek::analyzer::krb {

--- a/src/analyzer/protocol/krb/KRB_TCP.cc
+++ b/src/analyzer/protocol/krb/KRB_TCP.cc
@ -3,8 +3,8 @@
 #include "zeek/analyzer/protocol/krb/KRB_TCP.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/krb/types.bif.h"
+#include "analyzer/protocol/krb/events.bif.h"

 namespace zeek::analyzer::krb_tcp {

--- a/src/analyzer/protocol/krb/KRB_TCP.h
+++ b/src/analyzer/protocol/krb/KRB_TCP.h
@ -4,7 +4,7 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "krb_TCP_pac.h"
+#include "analyzer/protocol/krb/krb_TCP_pac.h"

 namespace zeek::analyzer::krb_tcp {

--- a/src/analyzer/protocol/krb/krb.pac
+++ b/src/analyzer/protocol/krb/krb.pac
@ -9,8 +9,8 @@ using KRBAnalyzer = zeek::analyzer::krb::KRB_Analyzer*;
 #include "zeek-config.h"
 #include "zeek/analyzer/protocol/krb/KRB.h"

-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/krb/types.bif.h"
+#include "analyzer/protocol/krb/events.bif.h"
 %}

 extern type KRBAnalyzer;
--- a/src/analyzer/protocol/krb/krb_TCP.pac
+++ b/src/analyzer/protocol/krb/krb_TCP.pac
@ -9,8 +9,8 @@ using KRBTCPAnalyzer = zeek::analyzer::krb_tcp::KRB_Analyzer*;
 #include "zeek-config.h"
 #include "zeek/analyzer/protocol/krb/KRB_TCP.h"

-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/krb/types.bif.h"
+#include "analyzer/protocol/krb/events.bif.h"
 %}

 extern type KRBTCPAnalyzer;
--- a/src/analyzer/protocol/login/Login.cc
+++ b/src/analyzer/protocol/login/Login.cc
@ -13,7 +13,7 @@
 #include "zeek/Event.h"
 #include "zeek/Var.h"

-#include "events.bif.h"
+#include "analyzer/protocol/login/events.bif.h"

 namespace zeek::analyzer::login {

--- a/src/analyzer/protocol/login/NVT.cc
+++ b/src/analyzer/protocol/login/NVT.cc
@ -11,7 +11,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "events.bif.h"
+#include "analyzer/protocol/login/events.bif.h"

 #define IS_3_BYTE_OPTION(c) (c >= 251 && c <= 254)

--- a/src/analyzer/protocol/login/RSH.cc
+++ b/src/analyzer/protocol/login/RSH.cc
@ -7,7 +7,7 @@
 #include "zeek/Event.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/login/events.bif.h"

 namespace zeek::analyzer::login {

--- a/src/analyzer/protocol/login/Rlogin.cc
+++ b/src/analyzer/protocol/login/Rlogin.cc
@ -7,7 +7,7 @@
 #include "zeek/Event.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/login/events.bif.h"

 namespace zeek::analyzer::login {

--- a/src/analyzer/protocol/login/Telnet.cc
+++ b/src/analyzer/protocol/login/Telnet.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/login/Telnet.h"
 #include "zeek/analyzer/protocol/login/NVT.h"

-#include "events.bif.h"
+#include "analyzer/protocol/login/events.bif.h"

 namespace zeek::analyzer::login {

--- a/src/analyzer/protocol/mime/MIME.cc
+++ b/src/analyzer/protocol/mime/MIME.cc
@ -7,7 +7,7 @@
 #include "zeek/digest.h"
 #include "zeek/file_analysis/Manager.h"

-#include "events.bif.h"
+#include "analyzer/protocol/mime/events.bif.h"

 // Here are a few things to do:
 //
--- a/src/analyzer/protocol/modbus/Modbus.cc
+++ b/src/analyzer/protocol/modbus/Modbus.cc
@ -1,7 +1,7 @@
 #include "zeek/analyzer/protocol/modbus/Modbus.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

-#include "events.bif.h"
+#include "analyzer/protocol/modbus/events.bif.h"

 namespace zeek::analyzer::modbus {

--- a/src/analyzer/protocol/modbus/Modbus.h
+++ b/src/analyzer/protocol/modbus/Modbus.h
@ -2,7 +2,7 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "modbus_pac.h"
+#include "analyzer/protocol/modbus/modbus_pac.h"

 namespace zeek::analyzer::modbus {

--- a/src/analyzer/protocol/modbus/modbus.pac
+++ b/src/analyzer/protocol/modbus/modbus.pac
@ -10,7 +10,7 @@
 %include zeek.pac

 %extern{
-#include "events.bif.h"
+#include "analyzer/protocol/modbus/events.bif.h"
 %}

 analyzer ModbusTCP withcontext {
--- a/src/analyzer/protocol/mqtt/MQTT.cc
+++ b/src/analyzer/protocol/mqtt/MQTT.cc
@ -4,7 +4,7 @@

 #include "zeek/Reporter.h"

-#include "mqtt_pac.h"
+#include "analyzer/protocol/mqtt/mqtt_pac.h"

 namespace zeek::analyzer::mqtt {

--- a/src/analyzer/protocol/mqtt/mqtt.pac
+++ b/src/analyzer/protocol/mqtt/mqtt.pac
@ -5,8 +5,8 @@

 %extern{
 	#include "zeek/analyzer/protocol/mqtt/MQTT.h"
-	#include "events.bif.h"
-	#include "types.bif.h"
+	#include "analyzer/protocol/mqtt/events.bif.h"
+	#include "analyzer/protocol/mqtt/types.bif.h"
 %}

 analyzer MQTT withcontext {
--- a/src/analyzer/protocol/mysql/MySQL.cc
+++ b/src/analyzer/protocol/mysql/MySQL.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/mysql/events.bif.h"

 namespace zeek::analyzer::mysql {

--- a/src/analyzer/protocol/mysql/MySQL.h
+++ b/src/analyzer/protocol/mysql/MySQL.h
@ -4,8 +4,8 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "events.bif.h"
-#include "mysql_pac.h"
+#include "analyzer/protocol/mysql/events.bif.h"
+#include "analyzer/protocol/mysql/mysql_pac.h"

 namespace zeek::analyzer::mysql {

--- a/src/analyzer/protocol/mysql/mysql.pac
+++ b/src/analyzer/protocol/mysql/mysql.pac
@ -8,7 +8,7 @@
 %include zeek.pac

 %extern{
-	#include "events.bif.h"
+	#include "analyzer/protocol/mysql/events.bif.h"
 %}

 analyzer MySQL withcontext {
--- a/src/analyzer/protocol/ncp/NCP.cc
+++ b/src/analyzer/protocol/ncp/NCP.cc
@ -9,8 +9,8 @@

 #include "zeek/Sessions.h"

-#include "events.bif.h"
-#include "consts.bif.h"
+#include "analyzer/protocol/ncp/events.bif.h"
+#include "analyzer/protocol/ncp/consts.bif.h"

 using namespace std;

--- a/src/analyzer/protocol/ncp/NCP.h
+++ b/src/analyzer/protocol/ncp/NCP.h
@ -20,7 +20,7 @@
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "ncp_pac.h"
+#include "analyzer/protocol/ncp/ncp_pac.h"

 namespace zeek::analyzer::ncp {
 namespace detail {
--- a/src/analyzer/protocol/ncp/ncp.pac
+++ b/src/analyzer/protocol/ncp/ncp.pac
@ -3,7 +3,7 @@
 %include zeek.pac

 %extern{
-#include "events.bif.h"
+#include "analyzer/protocol/ncp/events.bif.h"
 %}

 analyzer NCP withcontext {};
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -11,7 +11,7 @@
 #include "zeek/Event.h"
 #include "zeek/RunState.h"

-#include "events.bif.h"
+#include "analyzer/protocol/netbios/events.bif.h"

 constexpr double netbios_ssn_session_timeout = 15.0;

--- a/src/analyzer/protocol/ntlm/NTLM.cc
+++ b/src/analyzer/protocol/ntlm/NTLM.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/ntlm/events.bif.h"

 namespace zeek::analyzer::ntlm {

--- a/src/analyzer/protocol/ntlm/NTLM.h
+++ b/src/analyzer/protocol/ntlm/NTLM.h
@ -4,8 +4,8 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "events.bif.h"
-#include "ntlm_pac.h"
+#include "analyzer/protocol/ntlm/events.bif.h"
+#include "analyzer/protocol/ntlm/ntlm_pac.h"

 namespace zeek::analyzer::ntlm {

--- a/src/analyzer/protocol/ntlm/ntlm.pac
+++ b/src/analyzer/protocol/ntlm/ntlm.pac
@ -5,8 +5,8 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/Analyzer.h"

-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/ntlm/types.bif.h"
+#include "analyzer/protocol/ntlm/events.bif.h"
 %}

 analyzer NTLM withcontext {
--- a/src/analyzer/protocol/ntp/NTP.cc
+++ b/src/analyzer/protocol/ntp/NTP.cc
@ -2,7 +2,7 @@

 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/ntp/events.bif.h"

 namespace zeek::analyzer::ntp {

--- a/src/analyzer/protocol/ntp/NTP.h
+++ b/src/analyzer/protocol/ntp/NTP.h
@ -2,9 +2,9 @@

 #include "zeek/analyzer/protocol/udp/UDP.h"

-#include "events.bif.h"
-#include "types.bif.h"
-#include "ntp_pac.h"
+#include "analyzer/protocol/ntp/events.bif.h"
+#include "analyzer/protocol/ntp/types.bif.h"
+#include "analyzer/protocol/ntp/ntp_pac.h"

 namespace zeek::analyzer::ntp {

--- a/src/analyzer/protocol/ntp/ntp.pac
+++ b/src/analyzer/protocol/ntp/ntp.pac
@ -3,8 +3,8 @@
 %include zeek.pac

 %extern{
-	#include "types.bif.h"
-	#include "events.bif.h"
+	#include "analyzer/protocol/ntp/types.bif.h"
+	#include "analyzer/protocol/ntp/events.bif.h"
 %}

 analyzer NTP withcontext {
--- a/src/analyzer/protocol/pop3/POP3.cc
+++ b/src/analyzer/protocol/pop3/POP3.cc
@ -12,7 +12,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"

-#include "events.bif.h"
+#include "analyzer/protocol/pop3/events.bif.h"

 namespace zeek::analyzer::pop3 {

--- a/src/analyzer/protocol/radius/RADIUS.cc
+++ b/src/analyzer/protocol/radius/RADIUS.cc
@ -2,7 +2,7 @@

 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/radius/events.bif.h"

 namespace zeek::analyzer::radius {

--- a/src/analyzer/protocol/radius/RADIUS.h
+++ b/src/analyzer/protocol/radius/RADIUS.h
@ -2,8 +2,8 @@

 #include "zeek/analyzer/protocol/udp/UDP.h"

-#include "events.bif.h"
-#include "radius_pac.h"
+#include "analyzer/protocol/radius/events.bif.h"
+#include "analyzer/protocol/radius/radius_pac.h"

 namespace zeek::analyzer::radius {

--- a/src/analyzer/protocol/radius/radius.pac
+++ b/src/analyzer/protocol/radius/radius.pac
@ -6,7 +6,7 @@
 %include zeek.pac

 %extern{
-	#include "events.bif.h"
+	#include "analyzer/protocol/radius/events.bif.h"
 %}

 analyzer RADIUS withcontext {
--- a/src/analyzer/protocol/rdp/RDP.cc
+++ b/src/analyzer/protocol/rdp/RDP.cc
@ -2,8 +2,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
-#include "types.bif.h"
+#include "analyzer/protocol/rdp/events.bif.h"
+#include "analyzer/protocol/rdp/types.bif.h"

 namespace zeek::analyzer::rdp {

--- a/src/analyzer/protocol/rdp/RDP.h
+++ b/src/analyzer/protocol/rdp/RDP.h
@ -3,8 +3,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"

-#include "events.bif.h"
-#include "rdp_pac.h"
+#include "analyzer/protocol/rdp/events.bif.h"
+#include "analyzer/protocol/rdp/rdp_pac.h"

 namespace zeek::analyzer::rdp {

--- a/src/analyzer/protocol/rdp/RDPEUDP.cc
+++ b/src/analyzer/protocol/rdp/RDPEUDP.cc
@ -2,8 +2,8 @@

 #include "zeek/Reporter.h"

-#include "events.bif.h"
-#include "rdpeudp_pac.h"
+#include "analyzer/protocol/rdp/events.bif.h"
+#include "analyzer/protocol/rdp/rdpeudp_pac.h"

 namespace zeek::analyzer::rdpeudp {

--- a/src/analyzer/protocol/rdp/RDPEUDP.h
+++ b/src/analyzer/protocol/rdp/RDPEUDP.h
@ -2,8 +2,8 @@

 #include "zeek/analyzer/protocol/udp/UDP.h"

-#include "events.bif.h"
-#include "rdpeudp_pac.h"
+#include "analyzer/protocol/rdp/events.bif.h"
+#include "analyzer/protocol/rdp/rdpeudp_pac.h"

 namespace zeek::analyzer::rdpeudp {

--- a/src/analyzer/protocol/rdp/rdp-analyzer.pac
+++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac
@ -2,7 +2,7 @@
 #include "zeek/Desc.h"
 #include "zeek/file_analysis/Manager.h"

-#include "types.bif.h"
+#include "analyzer/protocol/rdp/types.bif.h"
 %}

 refine flow RDP_Flow += {
--- a/src/analyzer/protocol/rdp/rdp.pac
+++ b/src/analyzer/protocol/rdp/rdp.pac
@ -2,7 +2,7 @@
 %include zeek.pac

 %extern{
-	#include "events.bif.h"
+	#include "analyzer/protocol/rdp/events.bif.h"
 %}

 analyzer RDP withcontext {
--- a/src/analyzer/protocol/rdp/rdpeudp.pac
+++ b/src/analyzer/protocol/rdp/rdpeudp.pac
@ -2,7 +2,7 @@
 %include zeek.pac

 %extern{
-	#include "events.bif.h"
+	#include "analyzer/protocol/rdp/events.bif.h"
 %}

 analyzer RDPEUDP withcontext {
--- a/src/analyzer/protocol/rfb/RFB.cc
+++ b/src/analyzer/protocol/rfb/RFB.cc
@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/rfb/events.bif.h"

 namespace zeek::analyzer::rfb {

--- a/src/analyzer/protocol/rfb/RFB.h
+++ b/src/analyzer/protocol/rfb/RFB.h
@ -2,8 +2,8 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "events.bif.h"
-#include "rfb_pac.h"
+#include "analyzer/protocol/rfb/events.bif.h"
+#include "analyzer/protocol/rfb/rfb_pac.h"

 namespace zeek::analyzer::rfb {

--- a/src/analyzer/protocol/rfb/rfb.pac
+++ b/src/analyzer/protocol/rfb/rfb.pac
@ -6,7 +6,7 @@
 %include zeek.pac

 %extern{
-	#include "events.bif.h"
+	#include "analyzer/protocol/rfb/events.bif.h"
 %}

 analyzer RFB withcontext {
--- a/src/analyzer/protocol/rpc/MOUNT.cc
+++ b/src/analyzer/protocol/rpc/MOUNT.cc
@ -11,7 +11,7 @@
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/Event.h"

-#include "events.bif.h"
+#include "analyzer/protocol/rpc/events.bif.h"

 namespace zeek::analyzer::rpc {
 namespace detail {
--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -11,7 +11,7 @@
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/Event.h"

-#include "events.bif.h"
+#include "analyzer/protocol/rpc/events.bif.h"

 namespace zeek::analyzer::rpc {
 namespace detail {
--- a/src/analyzer/protocol/rpc/Portmap.cc
+++ b/src/analyzer/protocol/rpc/Portmap.cc
@ -7,7 +7,7 @@
 #include "zeek/Event.h"
 #include "zeek/analyzer/protocol/rpc/XDR.h"

-#include "events.bif.h"
+#include "analyzer/protocol/rpc/events.bif.h"

 #define PMAPPROC_NULL 0
 #define PMAPPROC_SET 1
--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -12,7 +12,7 @@
 #include "zeek/Sessions.h"
 #include "zeek/RunState.h"

-#include "events.bif.h"
+#include "analyzer/protocol/rpc/events.bif.h"

 namespace { // local namespace
 	const bool DEBUG_rpc_resync = false;
--- a/src/analyzer/protocol/rpc/XDR.cc
+++ b/src/analyzer/protocol/rpc/XDR.cc
@ -6,7 +6,7 @@
 #include <string.h>
 #include <algorithm>

-#include "events.bif.h"
+#include "analyzer/protocol/rpc/events.bif.h"

 uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len)
 	{
--- a/src/analyzer/protocol/sip/SIP.cc
+++ b/src/analyzer/protocol/sip/SIP.cc
@ -1,6 +1,6 @@
 #include "zeek/analyzer/protocol/sip/SIP.h"

-#include "events.bif.h"
+#include "analyzer/protocol/sip/events.bif.h"

 namespace zeek::analyzer::sip {

--- a/src/analyzer/protocol/sip/SIP.h
+++ b/src/analyzer/protocol/sip/SIP.h
@ -2,8 +2,8 @@

 #include "zeek/analyzer/protocol/udp/UDP.h"

-#include "events.bif.h"
-#include "sip_pac.h"
+#include "analyzer/protocol/sip/events.bif.h"
+#include "analyzer/protocol/sip/sip_pac.h"

 namespace zeek::analyzer::sip{

--- a/src/analyzer/protocol/sip/SIP_TCP.cc
+++ b/src/analyzer/protocol/sip/SIP_TCP.cc
@ -6,7 +6,7 @@
 #include "zeek/analyzer/protocol/sip/SIP_TCP.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

-#include "events.bif.h"
+#include "analyzer/protocol/sip/events.bif.h"

 namespace zeek::analyzer::sip_tcp {

--- a/src/analyzer/protocol/sip/SIP_TCP.h
+++ b/src/analyzer/protocol/sip/SIP_TCP.h
@ -7,7 +7,7 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "sip_TCP_pac.h"
+#include "analyzer/protocol/sip/sip_TCP_pac.h"

 namespace zeek::analyzer::sip_tcp {

--- a/src/analyzer/protocol/sip/sip.pac
+++ b/src/analyzer/protocol/sip/sip.pac
@ -5,7 +5,7 @@
 %include zeek.pac

 %extern{
-#include "events.bif.h"
+#include "analyzer/protocol/sip/events.bif.h"
 %}

 analyzer SIP withcontext {
--- a/src/analyzer/protocol/sip/sip_TCP.pac
+++ b/src/analyzer/protocol/sip/sip_TCP.pac
@ -8,7 +8,7 @@
 %include zeek.pac

 %extern{
-#include "events.bif.h"
+#include "analyzer/protocol/sip/events.bif.h"
 %}

 analyzer SIP_TCP withcontext {
--- a/src/analyzer/protocol/smb/SMB.h
+++ b/src/analyzer/protocol/smb/SMB.h
@ -1,7 +1,7 @@
 #pragma once

 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "smb_pac.h"
+#include "analyzer/protocol/smb/smb_pac.h"

 namespace zeek::analyzer::smb {

--- a/src/analyzer/protocol/smb/smb.pac
+++ b/src/analyzer/protocol/smb/smb.pac
@ -5,42 +5,42 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/Analyzer.h"

-#include "smb1_events.bif.h"
-#include "smb2_events.bif.h"
+#include "analyzer/protocol/smb/smb1_events.bif.h"
+#include "analyzer/protocol/smb/smb2_events.bif.h"

-#include "types.bif.h"
-#include "events.bif.h"
-#include "consts.bif.h"
+#include "analyzer/protocol/smb/types.bif.h"
+#include "analyzer/protocol/smb/events.bif.h"
+#include "analyzer/protocol/smb/consts.bif.h"

-#include "smb1_com_check_directory.bif.h"
-#include "smb1_com_close.bif.h"
-#include "smb1_com_create_directory.bif.h"
-#include "smb1_com_echo.bif.h"
-#include "smb1_com_logoff_andx.bif.h"
-#include "smb1_com_negotiate.bif.h"
-#include "smb1_com_nt_cancel.bif.h"
-#include "smb1_com_nt_create_andx.bif.h"
-#include "smb1_com_query_information.bif.h"
-#include "smb1_com_read_andx.bif.h"
-#include "smb1_com_session_setup_andx.bif.h"
-#include "smb1_com_transaction.bif.h"
-#include "smb1_com_transaction_secondary.bif.h"
-#include "smb1_com_transaction2.bif.h"
-#include "smb1_com_transaction2_secondary.bif.h"
-#include "smb1_com_tree_connect_andx.bif.h"
-#include "smb1_com_tree_disconnect.bif.h"
-#include "smb1_com_write_andx.bif.h"
+#include "analyzer/protocol/smb/smb1_com_check_directory.bif.h"
+#include "analyzer/protocol/smb/smb1_com_close.bif.h"
+#include "analyzer/protocol/smb/smb1_com_create_directory.bif.h"
+#include "analyzer/protocol/smb/smb1_com_echo.bif.h"
+#include "analyzer/protocol/smb/smb1_com_logoff_andx.bif.h"
+#include "analyzer/protocol/smb/smb1_com_negotiate.bif.h"
+#include "analyzer/protocol/smb/smb1_com_nt_cancel.bif.h"
+#include "analyzer/protocol/smb/smb1_com_nt_create_andx.bif.h"
+#include "analyzer/protocol/smb/smb1_com_query_information.bif.h"
+#include "analyzer/protocol/smb/smb1_com_read_andx.bif.h"
+#include "analyzer/protocol/smb/smb1_com_session_setup_andx.bif.h"
+#include "analyzer/protocol/smb/smb1_com_transaction.bif.h"
+#include "analyzer/protocol/smb/smb1_com_transaction_secondary.bif.h"
+#include "analyzer/protocol/smb/smb1_com_transaction2.bif.h"
+#include "analyzer/protocol/smb/smb1_com_transaction2_secondary.bif.h"
+#include "analyzer/protocol/smb/smb1_com_tree_connect_andx.bif.h"
+#include "analyzer/protocol/smb/smb1_com_tree_disconnect.bif.h"
+#include "analyzer/protocol/smb/smb1_com_write_andx.bif.h"

-#include "smb2_com_close.bif.h"
-#include "smb2_com_create.bif.h"
-#include "smb2_com_negotiate.bif.h"
-#include "smb2_com_read.bif.h"
-#include "smb2_com_session_setup.bif.h"
-#include "smb2_com_set_info.bif.h"
-#include "smb2_com_tree_connect.bif.h"
-#include "smb2_com_tree_disconnect.bif.h"
-#include "smb2_com_write.bif.h"
-#include "smb2_com_transform_header.bif.h"
+#include "analyzer/protocol/smb/smb2_com_close.bif.h"
+#include "analyzer/protocol/smb/smb2_com_create.bif.h"
+#include "analyzer/protocol/smb/smb2_com_negotiate.bif.h"
+#include "analyzer/protocol/smb/smb2_com_read.bif.h"
+#include "analyzer/protocol/smb/smb2_com_session_setup.bif.h"
+#include "analyzer/protocol/smb/smb2_com_set_info.bif.h"
+#include "analyzer/protocol/smb/smb2_com_tree_connect.bif.h"
+#include "analyzer/protocol/smb/smb2_com_tree_disconnect.bif.h"
+#include "analyzer/protocol/smb/smb2_com_write.bif.h"
+#include "analyzer/protocol/smb/smb2_com_transform_header.bif.h"
 %}

 analyzer SMB withcontext {
--- a/src/analyzer/protocol/smtp/SMTP.cc
+++ b/src/analyzer/protocol/smtp/SMTP.cc
@ -10,7 +10,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"

-#include "events.bif.h"
+#include "analyzer/protocol/smtp/events.bif.h"

 #undef SMTP_CMD_DEF
 #define SMTP_CMD_DEF(cmd)	#cmd,
--- a/src/analyzer/protocol/snmp/SNMP.cc
+++ b/src/analyzer/protocol/snmp/SNMP.cc
@ -4,8 +4,8 @@
 #include "zeek/Func.h"
 #include "zeek/Reporter.h"

-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/snmp/types.bif.h"
+#include "analyzer/protocol/snmp/events.bif.h"

 namespace zeek::analyzer::snmp {

--- a/src/analyzer/protocol/snmp/SNMP.h
+++ b/src/analyzer/protocol/snmp/SNMP.h
@ -2,7 +2,7 @@

 #pragma once

-#include "snmp_pac.h"
+#include "analyzer/protocol/snmp/snmp_pac.h"

 namespace zeek::analyzer::snmp {

--- a/src/analyzer/protocol/snmp/snmp.pac
+++ b/src/analyzer/protocol/snmp/snmp.pac
@ -3,8 +3,8 @@

 %extern{
 #include "zeek/Reporter.h"
-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/snmp/types.bif.h"
+#include "analyzer/protocol/snmp/events.bif.h"
 %}

 analyzer SNMP withcontext {
--- a/src/analyzer/protocol/socks/SOCKS.cc
+++ b/src/analyzer/protocol/socks/SOCKS.cc
@ -2,8 +2,8 @@

 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

-#include "socks_pac.h"
-#include "events.bif.h"
+#include "analyzer/protocol/socks/socks_pac.h"
+#include "analyzer/protocol/socks/events.bif.h"

 namespace zeek::analyzer::socks {

--- a/src/analyzer/protocol/socks/socks.pac
+++ b/src/analyzer/protocol/socks/socks.pac
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/socks/SOCKS.h"
 #include "zeek/Reporter.h"

-#include "events.bif.h"
+#include "analyzer/protocol/socks/events.bif.h"
 %}

 analyzer SOCKS withcontext {
--- a/src/analyzer/protocol/ssh/SSH.cc
+++ b/src/analyzer/protocol/ssh/SSH.cc
@ -5,8 +5,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"

-#include "types.bif.h"
-#include "events.bif.h"
+#include "analyzer/protocol/ssh/types.bif.h"
+#include "analyzer/protocol/ssh/events.bif.h"

 namespace zeek::analyzer::ssh {

--- a/src/analyzer/protocol/ssh/SSH.h
+++ b/src/analyzer/protocol/ssh/SSH.h
@ -4,8 +4,8 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include "events.bif.h"
-#include "ssh_pac.h"
+#include "analyzer/protocol/ssh/events.bif.h"
+#include "analyzer/protocol/ssh/ssh_pac.h"

 namespace zeek::analyzer::ssh {

--- a/src/analyzer/protocol/ssh/ssh.pac
+++ b/src/analyzer/protocol/ssh/ssh.pac
@ -8,8 +8,8 @@
 %include zeek.pac

 %extern{
-	#include "types.bif.h"
-	#include "events.bif.h"
+	#include "analyzer/protocol/ssh/types.bif.h"
+	#include "analyzer/protocol/ssh/events.bif.h"
 %}

 analyzer SSH withcontext {
--- a/src/analyzer/protocol/ssl/dtls.pac
+++ b/src/analyzer/protocol/ssl/dtls.pac
@ -10,8 +10,8 @@ using DTLSAnalyzer = zeek::analyzer::dtls::DTLS_Analyzer*;

 #include "zeek/analyzer/protocol/ssl/DTLS.h"

-#include "events.bif.h"
-#include "consts.bif.h"
+#include "analyzer/protocol/ssl/events.bif.h"
+#include "analyzer/protocol/ssl/consts.bif.h"
 %}

 extern type DTLSAnalyzer;
--- a/src/analyzer/protocol/ssl/ssl-defs.pac
+++ b/src/analyzer/protocol/ssl/ssl-defs.pac
@ -87,9 +87,9 @@ function version_ok(vers : uint16) : bool

 %extern{
 #include <string>
-using std::string;
+#include "analyzer/protocol/ssl/events.bif.h"

-#include "events.bif.h"
+using std::string;
 %}

 # a maximum of 100k for one record seems safe
--- a/src/analyzer/protocol/ssl/ssl.pac
+++ b/src/analyzer/protocol/ssl/ssl.pac
@ -16,7 +16,7 @@ using SSLAnalyzer = zeek::analyzer::ssl::SSL_Analyzer*;
 #include "zeek/Desc.h"
 #include "zeek/analyzer/protocol/ssl/SSL.h"

-#include "events.bif.h"
+#include "analyzer/protocol/ssl/events.bif.h"
 %}

 extern type SSLAnalyzer;
--- a/Show more
+++ b/Show more