move tls content types from heartbleed to consts.bro. Seems better to put them there...

scripts/base/protocols/ssl/consts.bro

@@ -15,6 +15,17 @@ export {
 		[TLSv12] = "TLSv12",
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 
+	## TLS content types:
+	const	CHANGE_CIPHER_SPEC = 20;
+	const	ALERT = 21;
+	const	HANDSHAKE = 22;
+	const	APPLICATION_DATA = 23;
+	const	HEARTBEAT = 24;
+	const	V2_ERROR = 300;
+	const	V2_CLIENT_HELLO = 301;
+	const	V2_CLIENT_MASTER_KEY = 302;
+	const	V2_SERVER_HELLO = 304;
+
 	## Mapping between numeric codes and human readable strings for alert
 	## levels.
 	const alert_levels: table[count] of string = {

scripts/policy/protocols/ssl/heartbleed.bro

@@ -37,17 +37,6 @@ redef record SSL::Info += {
 	enc_appdata_bytes: count &default=0;
 };
 
-# TLS content types:
-const	CHANGE_CIPHER_SPEC = 20;
-const	ALERT = 21;
-const	HANDSHAKE = 22;
-const	APPLICATION_DATA = 23;
-const	HEARTBEAT = 24;
-const	V2_ERROR = 300;
-const	V2_CLIENT_HELLO = 301;
-const	V2_CLIENT_MASTER_KEY = 302;
-const	V2_SERVER_HELLO = 304;
-
 type min_length: record {
 	cipher: pattern;
 	min_length: count;
@@ -236,9 +225,9 @@ event ssl_encrypted_heartbeat(c: connection, is_orig: bool, length: count)
 
 event ssl_encrypted_data(c: connection, is_orig: bool, content_type: count, length: count)
 	{
-	if ( content_type == HEARTBEAT )
+	if ( content_type == SSL::HEARTBEAT )
 		event ssl_encrypted_heartbeat(c, is_orig, length);
-	else if ( (content_type == APPLICATION_DATA) && (length > 0) )
+	else if ( (content_type == SSL::APPLICATION_DATA) && (length > 0) )
 		{
 		++c$ssl$enc_appdata_packages;
 		c$ssl$enc_appdata_bytes += length;