Deprecate various IP/packet header Val-building methods

And supply new alternatives that use IntrusivePtr
2025-10-02 14:48:21 +00:00 · 2020-05-04 23:16:24 -07:00 · 2020-05-04 23:16:24 -07:00 · 61649d5da7
commit 61649d5da7
parent 457454bb80
11 changed files with 107 additions and 55 deletions
--- a/4
+++ b/4
@ -133,6 +133,10 @@ Deprecated Functionality

 - Returning ``Val*`` from BIFs is deprecated, return ``IntrusivePtr`` instead.

+- Various methods of converting protocol structures, like IP or packet headers,
+  to associated ``Val`` type are now deprecated, the deprecation warning
+  message will advice what new method to use instead.
+
 Zeek 3.1.0
 ==========

--- a/src/Discard.cc
+++ b/src/Discard.cc
@ -39,7 +39,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)

 	if ( check_ip )
 		{
-		zeek::Args args{{AdoptRef{}, ip->BuildPktHdrVal()}};
+		zeek::Args args{ip->ToPktHdrVal()};

 		try
 			{
@ -92,7 +92,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 			int th_len = tp->th_off * 4;

 			zeek::Args args{
-				{AdoptRef{}, ip->BuildPktHdrVal()},
+				ip->ToPktHdrVal(),
 				{AdoptRef{}, BuildData(data, th_len, len, caplen)},
 			};

@ -116,7 +116,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 			int uh_len = sizeof (struct udphdr);

 			zeek::Args args{
-				{AdoptRef{}, ip->BuildPktHdrVal()},
+				ip->ToPktHdrVal(),
 				{AdoptRef{}, BuildData(data, uh_len, len, caplen)},
 			};

@ -138,7 +138,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
 			{
 			const struct icmp* ih = (const struct icmp*) data;

-			zeek::Args args{{AdoptRef{}, ip->BuildPktHdrVal()}};
+			zeek::Args args{ip->ToPktHdrVal()};

 			try
 				{
--- a/src/IP.cc
+++ b/src/IP.cc
@ -77,14 +77,14 @@ static VectorVal* BuildOptionsVal(const u_char* data, int len)
 	return vv;
 	}

-RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
+IntrusivePtr<RecordVal> IPv6_Hdr::ToVal(IntrusivePtr<VectorVal> chain) const
 	{
-	RecordVal* rv = nullptr;
+	IntrusivePtr<RecordVal> rv;

 	switch ( type ) {
 	case IPPROTO_IPV6:
 		{
-		rv = new RecordVal(hdrType(ip6_hdr_type, "ip6_hdr"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_hdr_type, "ip6_hdr"));
 		const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
 		rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
 		rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff));
@ -94,15 +94,15 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
 		rv->Assign(5, make_intrusive<AddrVal>(IPAddr(ip6->ip6_src)));
 		rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
 		if ( ! chain )
-			chain = new VectorVal(
+			chain = make_intrusive<VectorVal>(
 			    internal_type("ip6_ext_hdr_chain")->AsVectorType());
-		rv->Assign(7, chain);
+		rv->Assign(7, std::move(chain));
 		}
 		break;

 	case IPPROTO_HOPOPTS:
 		{
-		rv = new RecordVal(hdrType(ip6_hopopts_type, "ip6_hopopts"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_hopopts_type, "ip6_hopopts"));
 		const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
 		rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt));
 		rv->Assign(1, val_mgr->Count(hbh->ip6h_len));
@ -114,7 +114,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const

 	case IPPROTO_DSTOPTS:
 		{
-		rv = new RecordVal(hdrType(ip6_dstopts_type, "ip6_dstopts"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_dstopts_type, "ip6_dstopts"));
 		const struct ip6_dest* dst = (const struct ip6_dest*)data;
 		rv->Assign(0, val_mgr->Count(dst->ip6d_nxt));
 		rv->Assign(1, val_mgr->Count(dst->ip6d_len));
@ -125,7 +125,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const

 	case IPPROTO_ROUTING:
 		{
-		rv = new RecordVal(hdrType(ip6_routing_type, "ip6_routing"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_routing_type, "ip6_routing"));
 		const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
 		rv->Assign(0, val_mgr->Count(rt->ip6r_nxt));
 		rv->Assign(1, val_mgr->Count(rt->ip6r_len));
@ -138,7 +138,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const

 	case IPPROTO_FRAGMENT:
 		{
-		rv = new RecordVal(hdrType(ip6_fragment_type, "ip6_fragment"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_fragment_type, "ip6_fragment"));
 		const struct ip6_frag* frag = (const struct ip6_frag*)data;
 		rv->Assign(0, val_mgr->Count(frag->ip6f_nxt));
 		rv->Assign(1, val_mgr->Count(frag->ip6f_reserved));
@ -151,7 +151,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const

 	case IPPROTO_AH:
 		{
-		rv = new RecordVal(hdrType(ip6_ah_type, "ip6_ah"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_ah_type, "ip6_ah"));
 		rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt));
 		rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len));
 		rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1])));
@ -170,7 +170,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const

 	case IPPROTO_ESP:
 		{
-		rv = new RecordVal(hdrType(ip6_esp_type, "ip6_esp"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_esp_type, "ip6_esp"));
 		const uint32_t* esp = (const uint32_t*)data;
 		rv->Assign(0, val_mgr->Count(ntohl(esp[0])));
 		rv->Assign(1, val_mgr->Count(ntohl(esp[1])));
@ -180,7 +180,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
 #ifdef ENABLE_MOBILE_IPV6
 	case IPPROTO_MOBILITY:
 		{
-		rv = new RecordVal(hdrType(ip6_mob_type, "ip6_mobility_hdr"));
+		rv = make_intrusive<RecordVal>(hdrType(ip6_mob_type, "ip6_mobility_hdr"));
 		const struct ip6_mobility* mob = (const struct ip6_mobility*) data;
 		rv->Assign(0, val_mgr->Count(mob->ip6mob_payload));
 		rv->Assign(1, val_mgr->Count(mob->ip6mob_len));
@ -296,7 +296,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
 			break;
 		}

-		rv->Assign(5, msg);
+		rv->Assign(5, std::move(msg));
 		}
 		break;
 #endif //ENABLE_MOBILE_IPV6
@ -308,6 +308,11 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
 	return rv;
 	}

+RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
+	{
+	return ToVal({AdoptRef{}, chain}).release();
+	}
+
 IPAddr IP_Hdr::IPHeaderSrcAddr() const
 	{
 	return ip4 ? IPAddr(ip4->ip_src) : IPAddr(ip6->ip6_src);
@ -328,13 +333,13 @@ IPAddr IP_Hdr::DstAddr() const
 	return ip4 ? IPAddr(ip4->ip_dst) : ip6_hdrs->DstAddr();
 	}

-RecordVal* IP_Hdr::BuildIPHdrVal() const
+IntrusivePtr<RecordVal> IP_Hdr::ToIPHdrVal() const
 	{
-	RecordVal* rval = nullptr;
+	IntrusivePtr<RecordVal> rval;

 	if ( ip4 )
 		{
-		rval = new RecordVal(hdrType(ip4_hdr_type, "ip4_hdr"));
+		rval = make_intrusive<RecordVal>(hdrType(ip4_hdr_type, "ip4_hdr"));
 		rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4));
 		rval->Assign(1, val_mgr->Count(ip4->ip_tos));
 		rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len)));
@ -346,24 +351,33 @@ RecordVal* IP_Hdr::BuildIPHdrVal() const
 		}
 	else
 		{
-		rval = ((*ip6_hdrs)[0])->BuildRecordVal(ip6_hdrs->BuildVal());
+		rval = ((*ip6_hdrs)[0])->ToVal(ip6_hdrs->ToVal());
 		}

 	return rval;
 	}

-RecordVal* IP_Hdr::BuildPktHdrVal() const
+RecordVal* IP_Hdr::BuildIPHdrVal() const
+	{
+	return ToIPHdrVal().release();
+	}
+
+IntrusivePtr<RecordVal> IP_Hdr::ToPktHdrVal() const
 	{
 	static RecordType* pkt_hdr_type = nullptr;

 	if ( ! pkt_hdr_type )
 		pkt_hdr_type = internal_type("pkt_hdr")->AsRecordType();

-	RecordVal* pkt_hdr = new RecordVal(pkt_hdr_type);
-	return BuildPktHdrVal(pkt_hdr, 0);
+	return ToPktHdrVal(make_intrusive<RecordVal>(pkt_hdr_type), 0);
 	}

-RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
+RecordVal* IP_Hdr::BuildPktHdrVal() const
+	{
+	return ToPktHdrVal().release();
+	}
+
+IntrusivePtr<RecordVal> IP_Hdr::ToPktHdrVal(IntrusivePtr<RecordVal> pkt_hdr, int sindex) const
 	{
 	static RecordType* tcp_hdr_type = nullptr;
 	static RecordType* udp_hdr_type = nullptr;
@ -377,9 +391,9 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
 		}

 	if ( ip4 )
-		pkt_hdr->Assign(sindex + 0, BuildIPHdrVal());
+		pkt_hdr->Assign(sindex + 0, ToIPHdrVal());
 	else
-		pkt_hdr->Assign(sindex + 1, BuildIPHdrVal());
+		pkt_hdr->Assign(sindex + 1, ToIPHdrVal());

 	// L4 header.
 	const u_char* data = Payload();
@ -453,6 +467,11 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
 	return pkt_hdr;
 	}

+RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
+	{
+	return ToPktHdrVal({AdoptRef{}, pkt_hdr}, sindex).release();
+	}
+
 static inline bool isIPv6ExtHeader(uint8_t type)
 	{
 	switch (type) {
@ -674,7 +693,7 @@ void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len)
 	}
 #endif

-VectorVal* IPv6_Hdr_Chain::BuildVal() const
+IntrusivePtr<VectorVal> IPv6_Hdr_Chain::ToVal() const
 	{
 	if ( ! ip6_ext_hdr_type )
 		{
@ -688,38 +707,38 @@ VectorVal* IPv6_Hdr_Chain::BuildVal() const
 		ip6_mob_type = internal_type("ip6_mobility_hdr")->AsRecordType();
 		}

-	VectorVal* rval = new VectorVal(
+	auto rval = make_intrusive<VectorVal>(
 	    internal_type("ip6_ext_hdr_chain")->AsVectorType());

 	for ( size_t i = 1; i < chain.size(); ++i )
 		{
-		RecordVal* v = chain[i]->BuildRecordVal();
+		auto v = chain[i]->ToVal();
 		RecordVal* ext_hdr = new RecordVal(ip6_ext_hdr_type);
 		uint8_t type = chain[i]->Type();
 		ext_hdr->Assign(0, val_mgr->Count(type));

 		switch (type) {
 		case IPPROTO_HOPOPTS:
-			ext_hdr->Assign(1, v);
+			ext_hdr->Assign(1, std::move(v));
 			break;
 		case IPPROTO_DSTOPTS:
-			ext_hdr->Assign(2, v);
+			ext_hdr->Assign(2, std::move(v));
 			break;
 		case IPPROTO_ROUTING:
-			ext_hdr->Assign(3, v);
+			ext_hdr->Assign(3, std::move(v));
 			break;
 		case IPPROTO_FRAGMENT:
-			ext_hdr->Assign(4, v);
+			ext_hdr->Assign(4, std::move(v));
 			break;
 		case IPPROTO_AH:
-			ext_hdr->Assign(5, v);
+			ext_hdr->Assign(5, std::move(v));
 			break;
 		case IPPROTO_ESP:
-			ext_hdr->Assign(6, v);
+			ext_hdr->Assign(6, std::move(v));
 			break;
 #ifdef ENABLE_MOBILE_IPV6
 		case IPPROTO_MOBILITY:
-			ext_hdr->Assign(7, v);
+			ext_hdr->Assign(7, std::move(v));
 			break;
 #endif
 		default:
@ -734,6 +753,11 @@ VectorVal* IPv6_Hdr_Chain::BuildVal() const
 	return rval;
 	}

+VectorVal* IPv6_Hdr_Chain::BuildVal() const
+	{
+	return ToVal().release();
+	}
+
 IP_Hdr* IP_Hdr::Copy() const
 	{
 	char* new_hdr = new char[HdrLen()];
--- a/src/IP.h
+++ b/src/IP.h
@ -14,6 +14,8 @@

 #include <vector>

+#include "IntrusivePtr.h"
+
 class IPAddr;
 class RecordVal;
 class VectorVal;
@ -134,6 +136,9 @@ public:
 	/**
 	 * Returns the script-layer record representation of the header.
 	 */
+	IntrusivePtr<RecordVal> ToVal(IntrusivePtr<VectorVal> chain = nullptr) const;
+
+	[[deprecated("Remove in v4.1.  Use ToVal() instead.")]]
 	RecordVal* BuildRecordVal(VectorVal* chain = nullptr) const;

 protected:
@ -223,6 +228,9 @@ public:
 	 * Returns a vector of ip6_ext_hdr RecordVals that includes script-layer
 	 * representation of all extension headers in the chain.
 	 */
+	IntrusivePtr<VectorVal> ToVal() const;
+
+	[[deprecated("Remove in v4.1.  Use ToVal() instead.")]]
 	VectorVal* BuildVal() const;

 protected:
@ -517,18 +525,27 @@ public:
 	/**
 	 * Returns an ip_hdr or ip6_hdr_chain RecordVal.
 	 */
+	IntrusivePtr<RecordVal> ToIPHdrVal() const;
+
+	[[deprecated("Remove in v4.1.  Use ToIPHdrVal() instead.")]]
 	RecordVal* BuildIPHdrVal() const;

 	/**
 	 * Returns a pkt_hdr RecordVal, which includes not only the IP header, but
 	 * also upper-layer (tcp/udp/icmp) headers.
 	 */
+	IntrusivePtr<RecordVal> ToPktHdrVal() const;
+
+	[[deprecated("Remove in v4.1.  Use ToPktHdrVal() instead.")]]
 	RecordVal* BuildPktHdrVal() const;

 	/**
 	 * Same as above, but simply add our values into the record at the
 	 * specified starting index.
 	 */
+	IntrusivePtr<RecordVal> ToPktHdrVal(IntrusivePtr<RecordVal> pkt_hdr, int sindex) const;
+
+	[[deprecated("Remove in v4.1.  Use ToPktHdrVal() instead.")]]
 	RecordVal* BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const;

 private:
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -123,7 +123,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
 	SegmentProfiler prof(segment_logger, "dispatching-packet");

 	if ( raw_packet )
-		mgr.Enqueue(raw_packet, IntrusivePtr{AdoptRef{}, pkt->BuildPktHdrVal()});
+		mgr.Enqueue(raw_packet, pkt->ToRawPktHdrVal());

 	if ( pkt_profiler )
 		pkt_profiler->ProfilePkt(t, pkt->cap_len);
@ -310,7 +310,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 		{
 		dump_this_packet = true;
 		if ( esp_packet )
-			mgr.Enqueue(esp_packet, IntrusivePtr{AdoptRef{}, ip_hdr->BuildPktHdrVal()});
+			mgr.Enqueue(esp_packet, ip_hdr->ToPktHdrVal());

 		// Can't do more since upper-layer payloads are going to be encrypted.
 		return;
@ -330,8 +330,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 			}

 		if ( mobile_ipv6_message )
-			mgr.Enqueue(mobile_ipv6_message,
-			            IntrusivePtr{AdoptRef{}, ip_hdr->BuildPktHdrVal()});
+			mgr.Enqueue(mobile_ipv6_message, ip_hdr->ToPktHdrVal());

 		if ( ip_hdr->NextProto() != IPPROTO_NONE )
 			Weird("mobility_piggyback", pkt, encapsulation);
@ -686,19 +685,18 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr

 	conn->CheckFlowLabel(is_orig, ip_hdr->FlowLabel());

-	Val* pkt_hdr_val = nullptr;
+	IntrusivePtr<Val> pkt_hdr_val;

 	if ( ipv6_ext_headers && ip_hdr->NumHeaders() > 1 )
 		{
-		pkt_hdr_val = ip_hdr->BuildPktHdrVal();
+		pkt_hdr_val = ip_hdr->ToPktHdrVal();
 		conn->EnqueueEvent(ipv6_ext_headers, nullptr, conn->ConnVal(),
-		                   IntrusivePtr{AdoptRef{}, pkt_hdr_val});
+		                   pkt_hdr_val);
 		}

 	if ( new_packet )
 		conn->EnqueueEvent(new_packet, nullptr, conn->ConnVal(), pkt_hdr_val ?
-		                   IntrusivePtr{NewRef{}, pkt_hdr_val} :
-		                   IntrusivePtr{AdoptRef{}, ip_hdr->BuildPktHdrVal()});
+		                   std::move(pkt_hdr_val) : ip_hdr->ToPktHdrVal());

 	conn->NextPacket(t, is_orig, ip_hdr, len, caplen, data,
 				record_packet, record_content, pkt);
--- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
+++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
@ -760,7 +760,7 @@ flow GTPv1_Flow(is_orig: bool)

 		if ( ::gtpv1_g_pdu_packet )
 			BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu),
-			                                     {AdoptRef{}, inner->BuildPktHdrVal()});
+			                                     inner->ToPktHdrVal());

 		EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1);

--- a/src/analyzer/protocol/teredo/Teredo.cc
+++ b/src/analyzer/protocol/teredo/Teredo.cc
@ -137,7 +137,7 @@ IntrusivePtr<RecordVal> TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
 		teredo_hdr->Assign(1, teredo_origin);
 		}

-	teredo_hdr->Assign(2, inner->BuildPktHdrVal());
+	teredo_hdr->Assign(2, inner->ToPktHdrVal());
 	return teredo_hdr;
 	}

--- a/src/analyzer/protocol/vxlan/VXLAN.cc
+++ b/src/analyzer/protocol/vxlan/VXLAN.cc
@ -102,8 +102,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,

 	if ( vxlan_packet )
 		Conn()->EnqueueEvent(vxlan_packet, nullptr, ConnVal(),
-		                     IntrusivePtr{AdoptRef{}, inner->BuildPktHdrVal()},
-		                     val_mgr->Count(vni));
+		                     inner->ToPktHdrVal(), val_mgr->Count(vni));

 	EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN);
 	sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec);
--- a/src/iosource/Packet.cc
+++ b/src/iosource/Packet.cc
@ -2,6 +2,7 @@
 #include "Sessions.h"
 #include "Desc.h"
 #include "IP.h"
+#include "IntrusivePtr.h"
 #include "iosource/Manager.h"

 extern "C" {
@ -590,9 +591,9 @@ void Packet::ProcessLayer2()
 	hdr_size = (pdata - data);
 }

-RecordVal* Packet::BuildPktHdrVal() const
+IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
 	{
-	RecordVal* pkt_hdr = new RecordVal(raw_pkt_hdr_type);
+	auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
 	RecordVal* l2_hdr = new RecordVal(l2_hdr_type);

 	bool is_ethernet = link_type == DLT_EN10MB;
@ -652,19 +653,24 @@ RecordVal* Packet::BuildPktHdrVal() const
 	if ( l3_proto == L3_IPV4 )
 		{
 		IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false);
-		return ip_hdr.BuildPktHdrVal(pkt_hdr, 1);
+		return ip_hdr.ToPktHdrVal(std::move(pkt_hdr), 1);
 		}

 	else if ( l3_proto == L3_IPV6 )
 		{
 		IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len);
-		return ip6_hdr.BuildPktHdrVal(pkt_hdr, 1);
+		return ip6_hdr.ToPktHdrVal(std::move(pkt_hdr), 1);
 		}

 	else
 		return pkt_hdr;
 	}

+RecordVal* Packet::BuildPktHdrVal() const
+	{
+	return ToRawPktHdrVal().release();
+	}
+
 Val *Packet::FmtEUI48(const u_char *mac) const
 	{
 	char buf[20];
--- a/src/iosource/Packet.h
+++ b/src/iosource/Packet.h
@ -16,6 +16,7 @@ class Val;
 class ODesc;
 class IP_Hdr;
 class RecordVal;
+template <class T> class IntrusivePtr;

 /**
 * The Layer 3 type of a packet, as determined by the parsing code in Packet.
@ -127,6 +128,9 @@ public:
 	 * Returns a \c raw_pkt_hdr RecordVal, which includes layer 2 and
 	 * also everything in IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP).
 	 */
+	IntrusivePtr<RecordVal> ToRawPktHdrVal() const;
+
+	[[deprecated("Remove in v4.1.  Use ToRawPktHdrval() instead.")]]
 	RecordVal* BuildPktHdrVal() const;

 	/**
--- a/src/zeek.bif
+++ b/src/zeek.bif
@ -3427,7 +3427,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr
 	if ( current_pktsrc &&
 	     current_pktsrc->GetCurrentPacket(&p) )
 		{
-		return IntrusivePtr{AdoptRef{}, p->BuildPktHdrVal()};
+		return p->ToRawPktHdrVal();
 		}

 	auto hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);