Remove unnecessary #includes in analyzer/packet analyzer/file analyzer source files

2025-10-02 06:38:20 +00:00 · 2025-04-08 16:07:22 -07:00 · 2025-04-08 16:07:22 -07:00 · 79301c4691
commit 79301c4691
parent 456c1fa42c
67 changed files with 6 additions and 149 deletions
--- a/src/analyzer/Analyzer.cc
+++ b/src/analyzer/Analyzer.cc
@ -5,10 +5,10 @@
 #include <binpac.h>
 #include <algorithm>

+#include "zeek/Conn.h"
 #include "zeek/Event.h"
-#include "zeek/ZeekString.h"
 #include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
+#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"

 #include "zeek/3rdparty/doctest.h"

--- a/src/analyzer/Manager.cc
+++ b/src/analyzer/Manager.cc
@ -2,17 +2,12 @@

 #include "zeek/analyzer/Manager.h"

-#include "zeek/Hash.h"
+#include "zeek/Conn.h"
 #include "zeek/IntrusivePtr.h"
 #include "zeek/RunState.h"
 #include "zeek/Val.h"
-#include "zeek/analyzer/protocol/conn-size/ConnSize.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
-#include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "zeek/analyzer/protocol/tcp/events.bif.h"
 #include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
 #include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
-#include "zeek/plugin/Manager.h"

 namespace zeek::analyzer {

--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@ -8,7 +8,6 @@
 #include "zeek/Reporter.h"
 #include "zeek/RunState.h"
 #include "zeek/analyzer/protocol/conn-size/events.bif.h"
-#include "zeek/analyzer/protocol/tcp/TCP.h"

 namespace zeek::analyzer::conn_size {

--- a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc
+++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc
@ -2,11 +2,7 @@

 #include "zeek/analyzer/protocol/dce-rpc/DCE_RPC.h"

-#include "zeek/zeek-config.h"
-
 #include <cstdlib>
-#include <map>
-#include <string>

 using namespace std;

--- a/src/analyzer/protocol/dhcp/DHCP.cc
+++ b/src/analyzer/protocol/dhcp/DHCP.cc
@ -2,9 +2,6 @@

 #include "zeek/analyzer/protocol/dhcp/DHCP.h"

-#include "zeek/analyzer/protocol/dhcp/events.bif.h"
-#include "zeek/analyzer/protocol/dhcp/types.bif.h"
-
 namespace zeek::analyzer::dhcp {

 DHCP_Analyzer::DHCP_Analyzer(Connection* conn) : Analyzer("DHCP", conn) { interp = new binpac::DHCP::DHCP_Conn(this); }
--- a/src/analyzer/protocol/dnp3/DNP3.cc
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@ -106,7 +106,6 @@
 #include "zeek/analyzer/protocol/dnp3/DNP3.h"

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/dnp3/events.bif.h"

 constexpr unsigned int PSEUDO_LENGTH_INDEX = 2;        // index of len field of DNP3 Pseudo Link Layer
 constexpr unsigned int PSEUDO_CONTROL_FIELD_INDEX = 3; // index of ctrl field of DNP3 Pseudo Link Layer
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -2,8 +2,6 @@

 #include "zeek/analyzer/protocol/dns/DNS.h"

-#include "zeek/zeek-config.h"
-
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
--- a/src/analyzer/protocol/file/File.cc
+++ b/src/analyzer/protocol/file/File.cc
@ -8,7 +8,6 @@
 #include "zeek/RuleMatcher.h"
 #include "zeek/analyzer/protocol/file/events.bif.h"
 #include "zeek/file_analysis/Manager.h"
-#include "zeek/util.h"

 namespace zeek::analyzer::file {

--- a/src/analyzer/protocol/finger/legacy/Finger.cc
+++ b/src/analyzer/protocol/finger/legacy/Finger.cc
@ -2,12 +2,8 @@

 #include "zeek/analyzer/protocol/finger/legacy/Finger.h"

-#include "zeek/zeek-config.h"
-
 #include <cctype>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/finger/legacy/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/ContentLine.h"

--- a/src/analyzer/protocol/ftp/FTP.cc
+++ b/src/analyzer/protocol/ftp/FTP.cc
@ -2,13 +2,9 @@

 #include "zeek/analyzer/protocol/ftp/FTP.h"

-#include "zeek/zeek-config.h"
-
 #include <cstdlib>

 #include "zeek/Base64.h"
-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/RuleMatcher.h"
 #include "zeek/ZeekString.h"
 #include "zeek/analyzer/Manager.h"
--- a/src/analyzer/protocol/gnutella/Gnutella.cc
+++ b/src/analyzer/protocol/gnutella/Gnutella.cc
@ -2,13 +2,9 @@

 #include "zeek/analyzer/protocol/gnutella/Gnutella.h"

-#include "zeek/zeek-config.h"
-
 #include <algorithm>
 #include <cctype>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/gnutella/events.bif.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"
--- a/src/analyzer/protocol/gssapi/GSSAPI.cc
+++ b/src/analyzer/protocol/gssapi/GSSAPI.cc
@ -3,7 +3,6 @@
 #include "zeek/analyzer/protocol/gssapi/GSSAPI.h"

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/gssapi/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::gssapi {
--- a/src/analyzer/protocol/ident/Ident.cc
+++ b/src/analyzer/protocol/ident/Ident.cc
@ -2,12 +2,8 @@

 #include "zeek/analyzer/protocol/ident/Ident.h"

-#include "zeek/zeek-config.h"
-
 #include <cctype>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/ZeekString.h"
 #include "zeek/analyzer/protocol/ident/events.bif.h"

--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@ -4,11 +4,8 @@

 #include "zeek/analyzer/protocol/irc/IRC.h"

-#include <iostream>
 #include <unordered_set>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/irc/events.bif.h"
 #include "zeek/analyzer/protocol/zip/ZIP.h"
--- a/src/analyzer/protocol/krb/KRB.cc
+++ b/src/analyzer/protocol/krb/KRB.cc
@ -4,9 +4,6 @@

 #include <unistd.h>

-#include "zeek/analyzer/protocol/krb/events.bif.h"
-#include "zeek/analyzer/protocol/krb/types.bif.h"
-
 namespace zeek::analyzer::krb {

 bool KRB_Analyzer::krb_available = false;
--- a/src/analyzer/protocol/krb/KRB_TCP.cc
+++ b/src/analyzer/protocol/krb/KRB_TCP.cc
@ -2,8 +2,6 @@

 #include "zeek/analyzer/protocol/krb/KRB_TCP.h"

-#include "zeek/analyzer/protocol/krb/events.bif.h"
-#include "zeek/analyzer/protocol/krb/types.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::krb_tcp {
--- a/src/analyzer/protocol/login/Login.cc
+++ b/src/analyzer/protocol/login/Login.cc
@ -2,13 +2,9 @@

 #include "zeek/analyzer/protocol/login/Login.h"

-#include "zeek/zeek-config.h"
-
 #include <cctype>
 #include <cstdlib>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/RE.h"
 #include "zeek/Reporter.h"
 #include "zeek/Var.h"
--- a/src/analyzer/protocol/login/NVT.cc
+++ b/src/analyzer/protocol/login/NVT.cc
@ -2,12 +2,8 @@

 #include "zeek/analyzer/protocol/login/NVT.h"

-#include "zeek/zeek-config.h"
-
 #include <cstdlib>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/Reporter.h"
 #include "zeek/ZeekString.h"
 #include "zeek/analyzer/protocol/login/events.bif.h"
--- a/src/analyzer/protocol/login/Plugin.cc
+++ b/src/analyzer/protocol/login/Plugin.cc
@ -3,7 +3,6 @@
 #include "zeek/plugin/Plugin.h"

 #include "zeek/analyzer/Component.h"
-#include "zeek/analyzer/protocol/login/Login.h"
 #include "zeek/analyzer/protocol/login/RSH.h"
 #include "zeek/analyzer/protocol/login/Rlogin.h"
 #include "zeek/analyzer/protocol/login/Telnet.h"
--- a/src/analyzer/protocol/login/RSH.cc
+++ b/src/analyzer/protocol/login/RSH.cc
@ -2,10 +2,6 @@

 #include "zeek/analyzer/protocol/login/RSH.h"

-#include "zeek/zeek-config.h"
-
-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/login/events.bif.h"

--- a/src/analyzer/protocol/login/Rlogin.cc
+++ b/src/analyzer/protocol/login/Rlogin.cc
@ -2,10 +2,6 @@

 #include "zeek/analyzer/protocol/login/Rlogin.h"

-#include "zeek/zeek-config.h"
-
-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/login/events.bif.h"

--- a/src/analyzer/protocol/login/Telnet.cc
+++ b/src/analyzer/protocol/login/Telnet.cc
@ -2,10 +2,7 @@

 #include "zeek/analyzer/protocol/login/Telnet.h"

-#include "zeek/zeek-config.h"
-
 #include "zeek/analyzer/protocol/login/NVT.h"
-#include "zeek/analyzer/protocol/login/events.bif.h"

 namespace zeek::analyzer::login {

--- a/src/analyzer/protocol/mime/MIME.cc
+++ b/src/analyzer/protocol/mime/MIME.cc
@ -2,8 +2,6 @@

 #include "zeek/analyzer/protocol/mime/MIME.h"

-#include "zeek/zeek-config.h"
-
 #include <openssl/evp.h>

 #include "zeek/Base64.h"
--- a/src/analyzer/protocol/modbus/Modbus.cc
+++ b/src/analyzer/protocol/modbus/Modbus.cc
@ -2,7 +2,6 @@

 #include "zeek/analyzer/protocol/modbus/Modbus.h"

-#include "zeek/analyzer/protocol/modbus/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::modbus {
--- a/src/analyzer/protocol/mysql/MySQL.cc
+++ b/src/analyzer/protocol/mysql/MySQL.cc
@ -4,7 +4,6 @@

 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/mysql/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::mysql {
--- a/src/analyzer/protocol/ncp/NCP.cc
+++ b/src/analyzer/protocol/ncp/NCP.cc
@ -2,11 +2,7 @@

 #include "zeek/analyzer/protocol/ncp/NCP.h"

-#include "zeek/zeek-config.h"
-
 #include <cstdlib>
-#include <map>
-#include <string>

 #include "zeek/analyzer/protocol/ncp/consts.bif.h"
 #include "zeek/analyzer/protocol/ncp/events.bif.h"
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -2,12 +2,9 @@

 #include "zeek/analyzer/protocol/netbios/NetbiosSSN.h"

-#include "zeek/zeek-config.h"
-
 #include <cctype>

 #include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/RunState.h"
 #include "zeek/ZeekString.h"
 #include "zeek/analyzer/protocol/netbios/events.bif.h"
--- a/src/analyzer/protocol/ntlm/NTLM.cc
+++ b/src/analyzer/protocol/ntlm/NTLM.cc
@ -3,7 +3,6 @@
 #include "zeek/analyzer/protocol/ntlm/NTLM.h"

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/ntlm/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::ntlm {
--- a/src/analyzer/protocol/ntp/NTP.cc
+++ b/src/analyzer/protocol/ntp/NTP.cc
@ -3,7 +3,6 @@
 #include "zeek/analyzer/protocol/ntp/NTP.h"

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/ntp/events.bif.h"

 namespace zeek::analyzer::ntp {

--- a/src/analyzer/protocol/radius/RADIUS.cc
+++ b/src/analyzer/protocol/radius/RADIUS.cc
@ -3,7 +3,6 @@
 #include "zeek/analyzer/protocol/radius/RADIUS.h"

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/radius/events.bif.h"

 namespace zeek::analyzer::radius {

--- a/src/analyzer/protocol/rdp/RDP.cc
+++ b/src/analyzer/protocol/rdp/RDP.cc
@ -5,7 +5,6 @@
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/rdp/events.bif.h"
-#include "zeek/analyzer/protocol/rdp/types.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::rdp {
--- a/src/analyzer/protocol/rdp/RDPEUDP.cc
+++ b/src/analyzer/protocol/rdp/RDPEUDP.cc
@ -3,7 +3,6 @@
 #include "zeek/analyzer/protocol/rdp/RDPEUDP.h"

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/rdp/events.bif.h"
 #include "zeek/analyzer/protocol/rdp/rdpeudp_pac.h"

 namespace zeek::analyzer::rdpeudp {
--- a/src/analyzer/protocol/rfb/RFB.cc
+++ b/src/analyzer/protocol/rfb/RFB.cc
@ -3,7 +3,6 @@
 #include "zeek/analyzer/protocol/rfb/RFB.h"

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/rfb/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::rfb {
--- a/src/analyzer/protocol/rpc/MOUNT.cc
+++ b/src/analyzer/protocol/rpc/MOUNT.cc
@ -2,13 +2,8 @@

 #include "zeek/analyzer/protocol/rpc/MOUNT.h"

-#include "zeek/zeek-config.h"
-
-#include <algorithm>
 #include <vector>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/ZeekString.h"
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/analyzer/protocol/rpc/events.bif.h"
--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -2,13 +2,9 @@

 #include "zeek/analyzer/protocol/rpc/NFS.h"

-#include "zeek/zeek-config.h"
-
 #include <utility>
 #include <vector>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/ZeekString.h"
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/analyzer/protocol/rpc/events.bif.h"
--- a/src/analyzer/protocol/rpc/Plugin.cc
+++ b/src/analyzer/protocol/rpc/Plugin.cc
@ -6,7 +6,6 @@
 #include "zeek/analyzer/protocol/rpc/MOUNT.h"
 #include "zeek/analyzer/protocol/rpc/NFS.h"
 #include "zeek/analyzer/protocol/rpc/Portmap.h"
-#include "zeek/analyzer/protocol/rpc/RPC.h"

 namespace zeek::plugin::detail::Zeek_RPC {

--- a/src/analyzer/protocol/rpc/Portmap.cc
+++ b/src/analyzer/protocol/rpc/Portmap.cc
@ -2,10 +2,6 @@

 #include "zeek/analyzer/protocol/rpc/Portmap.h"

-#include "zeek/zeek-config.h"
-
-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/analyzer/protocol/rpc/events.bif.h"

--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -2,8 +2,6 @@

 #include "zeek/analyzer/protocol/rpc/RPC.h"

-#include "zeek/zeek-config.h"
-
 #include <cstdlib>
 #include <string>

--- a/src/analyzer/protocol/rpc/XDR.cc
+++ b/src/analyzer/protocol/rpc/XDR.cc
@ -2,13 +2,11 @@

 #include "zeek/analyzer/protocol/rpc/XDR.h"

-#include "zeek/zeek-config.h"
-
+// Needed for ntohl()
+#include <arpa/inet.h>
 #include <algorithm>
 #include <cstring>

-#include "zeek/analyzer/protocol/rpc/events.bif.h"
-
 uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len) {
    if ( ! buf )
        return 0;
--- a/src/analyzer/protocol/sip/Plugin.cc
+++ b/src/analyzer/protocol/sip/Plugin.cc
@ -4,7 +4,6 @@

 #include "zeek/analyzer/Component.h"
 #include "zeek/analyzer/protocol/sip/SIP.h"
-#include "zeek/analyzer/protocol/sip/SIP_TCP.h"

 namespace zeek::plugin::detail::Zeek_SIP {

--- a/src/analyzer/protocol/sip/SIP.cc
+++ b/src/analyzer/protocol/sip/SIP.cc
@ -2,8 +2,6 @@

 #include "zeek/analyzer/protocol/sip/SIP.h"

-#include "zeek/analyzer/protocol/sip/events.bif.h"
-
 namespace zeek::analyzer::sip {

 SIP_Analyzer::SIP_Analyzer(Connection* c) : analyzer::Analyzer("SIP", c) { interp = new binpac::SIP::SIP_Conn(this); }
--- a/src/analyzer/protocol/sip/SIP_TCP.cc
+++ b/src/analyzer/protocol/sip/SIP_TCP.cc
@ -5,7 +5,6 @@

 #include "zeek/analyzer/protocol/sip/SIP_TCP.h"

-#include "zeek/analyzer/protocol/sip/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::sip_tcp {
--- a/src/analyzer/protocol/smtp/SMTP.cc
+++ b/src/analyzer/protocol/smtp/SMTP.cc
@ -2,13 +2,9 @@

 #include "zeek/analyzer/protocol/smtp/SMTP.h"

-#include "zeek/zeek-config.h"
-
 #include <cstdlib>
 #include <limits>

-#include "zeek/Event.h"
-#include "zeek/NetVar.h"
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/smtp/BDAT.h"
--- a/src/analyzer/protocol/snmp/SNMP.cc
+++ b/src/analyzer/protocol/snmp/SNMP.cc
@ -2,11 +2,6 @@

 #include "zeek/analyzer/protocol/snmp/SNMP.h"

-#include "zeek/Func.h"
-#include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/snmp/events.bif.h"
-#include "zeek/analyzer/protocol/snmp/types.bif.h"
-
 namespace zeek::analyzer::snmp {

 SNMP_Analyzer::SNMP_Analyzer(Connection* conn) : Analyzer("SNMP", conn) { interp = new binpac::SNMP::SNMP_Conn(this); }
--- a/src/analyzer/protocol/socks/SOCKS.cc
+++ b/src/analyzer/protocol/socks/SOCKS.cc
@ -2,7 +2,6 @@

 #include "zeek/analyzer/protocol/socks/SOCKS.h"

-#include "zeek/analyzer/protocol/socks/events.bif.h"
 #include "zeek/analyzer/protocol/socks/socks_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

--- a/src/analyzer/protocol/ssh/SSH.cc
+++ b/src/analyzer/protocol/ssh/SSH.cc
@ -4,7 +4,6 @@

 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/ssh/events.bif.h"
-#include "zeek/analyzer/protocol/ssh/types.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

 namespace zeek::analyzer::ssh {
--- a/src/analyzer/protocol/ssl/DTLS.cc
+++ b/src/analyzer/protocol/ssl/DTLS.cc
@ -4,7 +4,6 @@

 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/ssl/dtls_pac.h"
-#include "zeek/analyzer/protocol/ssl/events.bif.h"
 #include "zeek/analyzer/protocol/ssl/tls-handshake_pac.h"
 #include "zeek/util.h"

--- a/src/analyzer/protocol/ssl/Plugin.cc
+++ b/src/analyzer/protocol/ssl/Plugin.cc
@ -2,8 +2,6 @@

 #include "zeek/plugin/Plugin.h"

-#include "zeek/zeek-config.h"
-
 #ifndef ENABLE_SPICY_SSL
 #include "zeek/analyzer/Component.h"
 #include "zeek/analyzer/protocol/ssl/DTLS.h"
--- a/src/analyzer/protocol/ssl/SSL.cc
+++ b/src/analyzer/protocol/ssl/SSL.cc
@ -8,7 +8,6 @@
 #include <vector>

 #include "zeek/Reporter.h"
-#include "zeek/analyzer/protocol/ssl/events.bif.h"
 #include "zeek/analyzer/protocol/ssl/ssl_pac.h"
 #include "zeek/analyzer/protocol/ssl/tls-handshake_pac.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
--- a/src/analyzer/protocol/ssl/spicy/support.cc
+++ b/src/analyzer/protocol/ssl/spicy/support.cc
@ -3,7 +3,6 @@
 #include <hilti/rt/libhilti.h>
 #include <cassert>

-#include "zeek/Conn.h"
 #include "zeek/Desc.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/file_analysis/Manager.h"
--- a/src/analyzer/protocol/tcp/ContentLine.cc
+++ b/src/analyzer/protocol/tcp/ContentLine.cc
@ -4,7 +4,6 @@

 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "zeek/analyzer/protocol/tcp/events.bif.h"

 namespace zeek::analyzer::tcp {

--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@ -2,19 +2,14 @@

 #include "zeek/analyzer/protocol/tcp/TCP.h"

-#include <vector>
-
 #include "zeek/DebugLogger.h"
 #include "zeek/Event.h"
 #include "zeek/File.h"
 #include "zeek/IP.h"
-#include "zeek/NetVar.h"
 #include "zeek/Reporter.h"
 #include "zeek/RunState.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/analyzer/protocol/tcp/events.bif.h"
-#include "zeek/analyzer/protocol/tcp/types.bif.h"
 #include "zeek/session/Manager.h"

 namespace zeek::analyzer::tcp {
--- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc
+++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc
@ -4,16 +4,13 @@

 #include <cerrno>

-#include "zeek/Event.h"
 #include "zeek/File.h"
 #include "zeek/NetVar.h"
 #include "zeek/Reporter.h"
-#include "zeek/RunState.h"
 #include "zeek/Val.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/analyzer/protocol/tcp/events.bif.h"
-#include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/protocol/tcp/TCP.h"
 #include "zeek/session/Manager.h"

--- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc
+++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
@ -2,8 +2,6 @@

 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"

-#include <algorithm>
-
 #include "zeek/File.h"
 #include "zeek/Reporter.h"
 #include "zeek/RuleMatcher.h"
--- a/src/analyzer/protocol/zip/Plugin.cc
+++ b/src/analyzer/protocol/zip/Plugin.cc
@ -3,7 +3,6 @@
 #include "zeek/plugin/Plugin.h"

 #include "zeek/analyzer/Component.h"
-#include "zeek/analyzer/protocol/zip/ZIP.h"

 namespace zeek::plugin::detail::Zeek_ZIP {

--- a/src/file_analysis/AnalyzerSet.cc
+++ b/src/file_analysis/AnalyzerSet.cc
@ -7,7 +7,6 @@
 #include "zeek/file_analysis/Analyzer.h"
 #include "zeek/file_analysis/File.h"
 #include "zeek/file_analysis/Manager.h"
-#include "zeek/file_analysis/file_analysis.bif.h"

 namespace zeek::file_analysis::detail {

--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -8,11 +8,9 @@
 #include "zeek/Event.h"
 #include "zeek/UID.h"
 #include "zeek/analyzer/Manager.h"
-#include "zeek/digest.h"
 #include "zeek/file_analysis/Analyzer.h"
 #include "zeek/file_analysis/File.h"
 #include "zeek/file_analysis/file_analysis.bif.h"
-#include "zeek/plugin/Manager.h"

 using namespace std;

--- a/src/file_analysis/analyzer/hash/Hash.cc
+++ b/src/file_analysis/analyzer/hash/Hash.cc
@ -2,8 +2,6 @@

 #include "zeek/file_analysis/analyzer/hash/Hash.h"

-#include <string>
-
 #include "zeek/Event.h"
 #include "zeek/file_analysis/Manager.h"
 #include "zeek/util.h"
--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -15,7 +15,6 @@
 #include "zeek/file_analysis/Manager.h"
 #include "zeek/file_analysis/analyzer/x509/X509.h"
 #include "zeek/file_analysis/analyzer/x509/ocsp_events.bif.h"
-#include "zeek/file_analysis/analyzer/x509/types.bif.h"

 // helper function of sk_X509_value to avoid namespace problem
 // sk_X509_value(X,Y) = > SKM_sk_value(X509,X,Y)
--- a/src/file_analysis/analyzer/x509/X509Common.cc
+++ b/src/file_analysis/analyzer/x509/X509Common.cc
@ -9,7 +9,6 @@
 #include <openssl/x509v3.h>

 #include "zeek/Reporter.h"
-#include "zeek/file_analysis/analyzer/x509/events.bif.h"
 #include "zeek/file_analysis/analyzer/x509/ocsp_events.bif.h"
 #include "zeek/file_analysis/analyzer/x509/types.bif.h"
 #include "zeek/file_analysis/analyzer/x509/x509-extension_pac.h"
--- a/src/packet_analysis/Manager.cc
+++ b/src/packet_analysis/Manager.cc
@ -2,6 +2,7 @@

 #include "zeek/packet_analysis/Manager.h"

+#include "zeek/Event.h"
 #include "zeek/RunState.h"
 #include "zeek/Stats.h"
 #include "zeek/iosource/Manager.h"
@ -9,7 +10,6 @@
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Dispatcher.h"
 #include "zeek/plugin/Manager.h"
-#include "zeek/zeek-bif.h"

 using namespace zeek::packet_analysis;

--- a/src/packet_analysis/protocol/gre/GRE.cc
+++ b/src/packet_analysis/protocol/gre/GRE.cc
@ -4,7 +4,6 @@

 #include <pcap.h> // For DLT_ constants

-#include "zeek/IP.h"
 #include "zeek/Reporter.h"
 #include "zeek/RunState.h"
 #include "zeek/session/Manager.h"
--- a/src/packet_analysis/protocol/icmp/ICMP.cc
+++ b/src/packet_analysis/protocol/icmp/ICMP.cc
@ -11,7 +11,6 @@
 #include "zeek/Val.h"
 #include "zeek/ZeekString.h"
 #include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/conn-size/ConnSize.h"
 #include "zeek/packet_analysis/protocol/icmp/ICMPSessionAdapter.h"
 #include "zeek/packet_analysis/protocol/icmp/events.bif.h"
 #include "zeek/session/Manager.h"
--- a/src/packet_analysis/protocol/icmp/Plugin.cc
+++ b/src/packet_analysis/protocol/icmp/Plugin.cc
@ -5,7 +5,6 @@
 #include "zeek/analyzer/Component.h"
 #include "zeek/packet_analysis/Component.h"
 #include "zeek/packet_analysis/protocol/icmp/ICMP.h"
-#include "zeek/packet_analysis/protocol/icmp/ICMPSessionAdapter.h"

 namespace zeek::plugin::Zeek_ICMP {

--- a/src/packet_analysis/protocol/tcp/Stats.cc
+++ b/src/packet_analysis/protocol/tcp/Stats.cc
@ -3,7 +3,6 @@
 #include "zeek/packet_analysis/protocol/tcp/Stats.h"

 #include "zeek/File.h"
-#include "zeek/analyzer/protocol/tcp/events.bif.h"

 namespace zeek::packet_analysis::TCP {

--- a/src/packet_analysis/protocol/tcp/TCP.cc
+++ b/src/packet_analysis/protocol/tcp/TCP.cc
@ -4,8 +4,6 @@

 #include "zeek/RunState.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"
-#include "zeek/analyzer/protocol/tcp/events.bif.h"
-#include "zeek/analyzer/protocol/tcp/types.bif.h"
 #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"

 using namespace zeek;
--- a/src/packet_analysis/protocol/udp/Plugin.cc
+++ b/src/packet_analysis/protocol/udp/Plugin.cc
@ -5,7 +5,6 @@
 #include "zeek/analyzer/Component.h"
 #include "zeek/packet_analysis/Component.h"
 #include "zeek/packet_analysis/protocol/udp/UDP.h"
-#include "zeek/packet_analysis/protocol/udp/UDPSessionAdapter.h"

 namespace zeek::plugin::Zeek_UDP {