Move Conn and related types to zeek namespace

2025-10-02 06:38:20 +00:00 · 2020-07-22 15:02:48 -07:00 · 2020-07-22 15:02:48 -07:00 · 7fefdd97af
commit 7fefdd97af
parent 0355d13099
147 changed files with 328 additions and 313 deletions
--- a/auxil/bifcl
+++ b/auxil/bifcl
@ -1 +1 @@
-Subproject commit 5bf9f9b478d8927333753c77ced5af1a91b719df
+Subproject commit 43e9acbf54ef319c17b96c2fc04b82b556d49679
--- a/src/Base64.cc
+++ b/src/Base64.cc
@ -88,7 +88,7 @@ int* Base64Converter::InitBase64Table(const std::string& alphabet)
 	return base64_table;
 	}

-Base64Converter::Base64Converter(Connection* arg_conn, const std::string& arg_alphabet)
+Base64Converter::Base64Converter(zeek::Connection* arg_conn, const std::string& arg_alphabet)
 	{
 	if ( arg_alphabet.size() > 0 )
 		{
@ -230,7 +230,7 @@ void Base64Converter::IllegalEncoding(const char* msg)
 			zeek::reporter->Error("%s", msg);
 		}

-zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, Connection* conn)
+zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn)
 	{
 	if ( a && a->Len() != 0 && a->Len() != 64 )
 		{
@ -264,7 +264,7 @@ err:
 	return nullptr;
 	}

-zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connection* conn)
+zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn)
 	{
 	if ( a && a->Len() != 0 && a->Len() != 64 )
 		{
@ -283,12 +283,12 @@ zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connec

 } // namespace zeek::detail

-zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, Connection* conn)
+zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn)
 	{
 	return zeek::detail::decode_base64(s, a, conn);
 	}

-zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connection* conn)
+zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn)
 	{
 	return zeek::detail::encode_base64(s ,a ,conn);
 	}
--- a/src/Base64.h
+++ b/src/Base64.h
@ -6,7 +6,7 @@
 namespace zeek { class String; }
 using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = zeek::String;

-class Connection;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek);

 namespace zeek::detail {

@ -62,8 +62,8 @@ protected:

 };

-zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);
-zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);
+zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr);
+zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr);

 } // namespace zeek::detail

@ -71,6 +71,6 @@ using Base64Converter [[deprecated("Remove in v4.1. Use zeek::detail::Base64Conv

 // These can't be constexpr auto definitions due to the default parameters.
 [[deprecated("Remove in v4.1. Use zeek::detail::decode_base64.")]]
-zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);
+zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr);
 [[deprecated("Remove in v4.1. Use zeek::detail::encode_base64.")]]
-zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);
+zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr);
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -21,6 +21,9 @@
 #include "analyzer/Manager.h"
 #include "iosource/IOSource.h"

+namespace zeek {
+namespace detail {
+
 void ConnectionTimer::Init(Connection* arg_conn, timer_func arg_timer,
 				bool arg_do_expire)
 	{
@ -54,6 +57,8 @@ void ConnectionTimer::Dispatch(double t, bool is_expire)
 		zeek::reporter->InternalError("reference count inconsistency in ConnectionTimer::Dispatch");
 	}

+} // namespace detail
+
 uint64_t Connection::total_connections = 0;
 uint64_t Connection::current_connections = 0;

@ -551,7 +556,7 @@ void Connection::AddTimer(timer_func timer, double t, bool do_expire,
 	if ( ! key_valid )
 		return;

-	zeek::detail::Timer* conn_timer = new ConnectionTimer(this, timer, t, do_expire, type);
+	zeek::detail::Timer* conn_timer = new detail::ConnectionTimer(this, timer, t, do_expire, type);
 	zeek::detail::timer_mgr->Add(conn_timer);
 	timers.push_back(conn_timer);
 	}
@ -685,7 +690,7 @@ void Connection::IDString(zeek::ODesc* d) const
 	d->Add(ntohs(resp_port));
 	}

-void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia)
+void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, ::analyzer::pia::PIA* pia)
 	{
 	root_analyzer = analyzer;
 	primary_PIA = pia;
@ -728,3 +733,5 @@ bool Connection::PermitWeird(const char* name, uint64_t threshold, uint64_t rate
 	{
 	return zeek::detail::PermitWeird(weird_state, name, threshold, rate, duration);
 	}
+
+} // namespace zeek
--- a/src/Conn.h
+++ b/src/Conn.h
@ -21,8 +21,8 @@
 #include "analyzer/Tag.h"
 #include "analyzer/Analyzer.h"

-class Connection;
-class ConnectionTimer;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek);
+ZEEK_FORWARD_DECLARE_NAMESPACED(ConnectionTimer, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek);
 class LoginConn;
 ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek);
@ -38,14 +38,13 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
 namespace zeek {
 using ValPtr = zeek::IntrusivePtr<Val>;
 using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
-}

-typedef enum {
+enum ConnEventToFlag {
 	NUL_IN_LINE,
 	SINGULAR_CR,
 	SINGULAR_LF,
 	NUM_EVENTS_TO_FLAG,
-} ConnEventToFlag;
+};

 typedef void (Connection::*timer_func)(double t);

@ -304,9 +303,9 @@ public:
 	void DeleteTimer(double t);

 	// Sets the root of the analyzer tree as well as the primary PIA.
-	void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia);
+	void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, ::analyzer::pia::PIA* pia);
 	zeek::analyzer::TransportLayerAnalyzer* GetRootAnalyzer()	{ return root_analyzer; }
-	analyzer::pia::PIA* GetPrimaryPIA()	{ return primary_PIA; }
+	::analyzer::pia::PIA* GetPrimaryPIA()	{ return primary_PIA; }

 	// Sets the transport protocol in use.
 	void SetTransport(TransportProto arg_proto)	{ proto = arg_proto; }
@ -337,7 +336,7 @@ protected:
 	void RemoveTimer(zeek::detail::Timer* t);

 	// Allow other classes to access pointers to these:
-	friend class ConnectionTimer;
+	friend class detail::ConnectionTimer;

 	void InactivityTimer(double t);
 	void StatusUpdateTimer(double t);
@ -383,12 +382,14 @@ protected:
 	uint32_t hist_seen;

 	zeek::analyzer::TransportLayerAnalyzer* root_analyzer;
-	analyzer::pia::PIA* primary_PIA;
+	::analyzer::pia::PIA* primary_PIA;

 	zeek::UID uid;	// Globally unique connection ID.
 	zeek::detail::WeirdStateMap weird_state;
 };

+namespace detail {
+
 class ConnectionTimer final : public zeek::detail::Timer {
 public:
 	ConnectionTimer(Connection* arg_conn, timer_func arg_timer,
@ -409,5 +410,18 @@ protected:
 	bool do_expire;
 };

+} // namespace detail
+} // namespace zeek
+
+using ConnEventToFlag [[deprecated("Remove in v4.1. Use zeek::ConnEventToFlag.")]] = zeek::ConnEventToFlag;
+constexpr auto NUL_IN_LINE [[deprecated("Remove in v4.1. Use zeek::NUL_IN_LINE.")]] = zeek::NUL_IN_LINE;
+constexpr auto SINGULAR_CR [[deprecated("Remove in v4.1. Use zeek::SINGULAR_CR.")]] = zeek::SINGULAR_CR;
+constexpr auto SINGULAR_LF [[deprecated("Remove in v4.1. Use zeek::SINGULAR_LF.")]] = zeek::SINGULAR_LF;
+constexpr auto NUM_EVENTS_TO_FLAG [[deprecated("Remove in v4.1. Use zeek::NUM_EVENTS_TO_FLAG.")]] = zeek::NUM_EVENTS_TO_FLAG;
+
+using ConnID [[deprecated("Remove in v4.1. Use zeek::ConnID.")]] = zeek::ConnID;
+using Connection [[deprecated("Remove in v4.1. Use zeek::Connection.")]] = zeek::Connection;
+using ConnectionTimer [[deprecated("Remove in v4.1. Use zeek::detail::ConnectionTimer.")]] = zeek::detail::ConnectionTimer;
+
 #define ADD_TIMER(timer, t, do_expire, type) \
 	AddTimer(timer_func(timer), (t), (do_expire), (type))
--- a/src/IPAddr.h
+++ b/src/IPAddr.h
@ -13,7 +13,9 @@
 namespace zeek { class String; }
 using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = zeek::String;

-struct ConnID;
+namespace zeek { struct ConnID; }
+using ConnID [[deprecated("Remove in v4.1. Use zeek::ConnID.")]] = zeek::ConnID;
+
 ZEEK_FORWARD_DECLARE_NAMESPACED(HashKey, zeek::detail);
 namespace analyzer { class ExpectedConn; }

--- a/src/Reporter.h
+++ b/src/Reporter.h
@ -17,7 +17,7 @@

 ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
 namespace file_analysis { class File; }
-class Connection;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(EventHandlerPtr, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -16,9 +16,11 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulatingConn, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(PacketProfiler, zeek::detail);
-class Connection;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek);
 class ConnCompressor;
-struct ConnID;
+
+namespace zeek { struct ConnID; }
+using ConnID [[deprecated("Remove in v4.1. Use zeek::ConnID.")]] = zeek::ConnID;

 ZEEK_FORWARD_DECLARE_NAMESPACED(Discarder, zeek::detail);

--- a/src/TunnelEncapsulation.h
+++ b/src/TunnelEncapsulation.h
@ -11,7 +11,7 @@
 #include "ID.h"
 #include "UID.h"

-class Connection;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek);

 namespace zeek {

--- a/src/analyzer/Analyzer.h
+++ b/src/analyzer/Analyzer.h
@ -16,7 +16,7 @@
 #include "../Timer.h"
 #include "../IntrusivePtr.h"

-class Connection;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Rule, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);

@ -632,7 +632,7 @@ public:
 protected:
 	friend class AnalyzerTimer;
 	friend class Manager;
-	friend class ::Connection;
+	friend class zeek::Connection;
 	friend class ::analyzer::tcp::TCP_ApplicationAnalyzer;

 	/**
--- a/src/analyzer/Component.h
+++ b/src/analyzer/Component.h
@ -9,8 +9,7 @@
 #include "../zeek-config.h"
 #include "../util.h"

-class Connection;
-
+ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);

 namespace zeek::analyzer {
--- a/src/analyzer/protocol/ayiya/AYIYA.cc
+++ b/src/analyzer/protocol/ayiya/AYIYA.cc
@ -4,7 +4,7 @@

 using namespace analyzer::ayiya;

-AYIYA_Analyzer::AYIYA_Analyzer(Connection* conn)
+AYIYA_Analyzer::AYIYA_Analyzer(zeek::Connection* conn)
 : Analyzer("AYIYA", conn)
 	{
 	interp = new binpac::AYIYA::AYIYA_Conn(this);
--- a/src/analyzer/protocol/ayiya/AYIYA.h
+++ b/src/analyzer/protocol/ayiya/AYIYA.h
@ -6,14 +6,14 @@ namespace analyzer { namespace ayiya {

 class AYIYA_Analyzer final : public zeek::analyzer::Analyzer {
 public:
-	explicit AYIYA_Analyzer(Connection* conn);
+	explicit AYIYA_Analyzer(zeek::Connection* conn);
 	virtual ~AYIYA_Analyzer();

 	virtual void Done();
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const zeek::IP_Hdr* ip, int caplen);

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new AYIYA_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac
+++ b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac
@ -15,7 +15,7 @@ flow AYIYA_Flow

 	function process_ayiya(pdu: PDU): bool
 		%{
-		Connection *c = connection()->bro_analyzer()->Conn();
+		zeek::Connection* c = connection()->bro_analyzer()->Conn();
 		const zeek::EncapsulationStack* e = c->GetEncapsulation();

 		if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
--- a/src/analyzer/protocol/bittorrent/BitTorrent.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc
@ -7,7 +7,7 @@

 using namespace analyzer::bittorrent;

-BitTorrent_Analyzer::BitTorrent_Analyzer(Connection* c)
+BitTorrent_Analyzer::BitTorrent_Analyzer(zeek::Connection* c)
 : tcp::TCP_ApplicationAnalyzer("BITTORRENT", c)
 	{
 	interp = new binpac::BitTorrent::BitTorrent_Conn(this);
--- a/src/analyzer/protocol/bittorrent/BitTorrent.h
+++ b/src/analyzer/protocol/bittorrent/BitTorrent.h
@ -10,7 +10,7 @@ namespace analyzer { namespace bittorrent {

 class BitTorrent_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit BitTorrent_Analyzer(Connection* conn);
+	explicit BitTorrent_Analyzer(zeek::Connection* conn);
 	~BitTorrent_Analyzer() override;

 	void Done() override;
@ -18,7 +18,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new BitTorrent_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
@ -21,7 +21,7 @@ static zeek::TableTypePtr bittorrent_peer_set;
 static zeek::RecordTypePtr bittorrent_benc_value;
 static zeek::TableTypePtr bittorrent_benc_dir;

-BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(Connection* c)
+BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(zeek::Connection* c)
 : tcp::TCP_ApplicationAnalyzer("BITTORRENTTRACKER", c)
 	{
 	if ( ! bt_tracker_headers )
--- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.h
+++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.h
@ -45,7 +45,7 @@ enum btt_benc_states {

 class BitTorrentTracker_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit BitTorrentTracker_Analyzer(Connection* conn);
+	explicit BitTorrentTracker_Analyzer(zeek::Connection* conn);
 	~BitTorrentTracker_Analyzer() override;

 	void Done() override;
@ -53,7 +53,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new BitTorrentTracker_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@ -12,7 +12,7 @@

 using namespace analyzer::conn_size;

-ConnSize_Analyzer::ConnSize_Analyzer(Connection* c)
+ConnSize_Analyzer::ConnSize_Analyzer(zeek::Connection* c)
    : Analyzer("CONNSIZE", c),
      orig_bytes(), resp_bytes(), orig_pkts(), resp_pkts(),
      orig_bytes_thresh(), resp_bytes_thresh(), orig_pkts_thresh(), resp_pkts_thresh(), duration_thresh()
--- a/src/analyzer/protocol/conn-size/ConnSize.h
+++ b/src/analyzer/protocol/conn-size/ConnSize.h
@ -10,7 +10,7 @@ namespace analyzer { namespace conn_size {

 class ConnSize_Analyzer : public zeek::analyzer::Analyzer {
 public:
-	explicit ConnSize_Analyzer(Connection* c);
+	explicit ConnSize_Analyzer(zeek::Connection* c);
 	~ConnSize_Analyzer() override;

 	void Init() override;
@ -26,7 +26,7 @@ public:
 	void SetDurationThreshold(double duration);
 	double GetDurationThreshold() { return duration_thresh; };

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new ConnSize_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/conn-size/functions.bif
+++ b/src/analyzer/protocol/conn-size/functions.bif
@ -5,7 +5,7 @@

 static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
 	{
-	Connection* c = zeek::sessions->FindConnection(cid);
+	zeek::Connection* c = zeek::sessions->FindConnection(cid);
 	if ( ! c )
 		return nullptr;

--- a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc
+++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc
@ -12,8 +12,7 @@ using namespace std;

 using namespace analyzer::dce_rpc;

-
-DCE_RPC_Analyzer::DCE_RPC_Analyzer(Connection *conn)
+DCE_RPC_Analyzer::DCE_RPC_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("DCE_RPC", conn)
 	{
 	had_gap = false;
--- a/src/analyzer/protocol/dce-rpc/DCE_RPC.h
+++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.h
@ -13,7 +13,7 @@ namespace analyzer { namespace dce_rpc {

 class DCE_RPC_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit DCE_RPC_Analyzer(Connection* conn);
+	explicit DCE_RPC_Analyzer(zeek::Connection* conn);
 	~DCE_RPC_Analyzer() override;

 	void Done() override;
@ -24,7 +24,7 @@ public:
 	bool SetFileID(uint64_t fid_in)
 		{ interp->set_file_id(fid_in); return true; }

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new DCE_RPC_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/dhcp/DHCP.cc
+++ b/src/analyzer/protocol/dhcp/DHCP.cc
@ -5,7 +5,7 @@

 using namespace analyzer::dhcp;

-DHCP_Analyzer::DHCP_Analyzer(Connection* conn)
+DHCP_Analyzer::DHCP_Analyzer(zeek::Connection* conn)
 : Analyzer("DHCP", conn)
 	{
 	interp = new binpac::DHCP::DHCP_Conn(this);
--- a/src/analyzer/protocol/dhcp/DHCP.h
+++ b/src/analyzer/protocol/dhcp/DHCP.h
@ -8,14 +8,14 @@ namespace analyzer { namespace dhcp {

 class DHCP_Analyzer final : public zeek::analyzer::Analyzer {
 public:
-	explicit DHCP_Analyzer(Connection* conn);
+	explicit DHCP_Analyzer(zeek::Connection* conn);
 	~DHCP_Analyzer() override;

 	void Done() override;
 	void DeliverPacket(int len, const u_char* data, bool orig,
 	                   uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new DHCP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/dnp3/DNP3.cc
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@ -385,7 +385,7 @@ unsigned int DNP3_Base::CalcCRC(int len, const u_char* data)
 	return ~crc & 0xFFFF;
 	}

-DNP3_TCP_Analyzer::DNP3_TCP_Analyzer(Connection* c)
+DNP3_TCP_Analyzer::DNP3_TCP_Analyzer(zeek::Connection* c)
 	: DNP3_Base(this), TCP_ApplicationAnalyzer("DNP3_TCP", c)
 	{
 	}
@ -431,7 +431,7 @@ void DNP3_TCP_Analyzer::EndpointEOF(bool is_orig)
 	Interpreter()->FlowEOF(is_orig);
 	}

-DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(Connection* c)
+DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(zeek::Connection* c)
 	: DNP3_Base(this), Analyzer("DNP3_UDP", c)
 	{
 	}
--- a/src/analyzer/protocol/dnp3/DNP3.h
+++ b/src/analyzer/protocol/dnp3/DNP3.h
@ -63,7 +63,7 @@ protected:

 class DNP3_TCP_Analyzer : public DNP3_Base, public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit DNP3_TCP_Analyzer(Connection* conn);
+	explicit DNP3_TCP_Analyzer(zeek::Connection* conn);
 	~DNP3_TCP_Analyzer() override;

 	void Done() override;
@ -71,19 +71,19 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;

-	static Analyzer* Instantiate(Connection* conn)
+	static Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new DNP3_TCP_Analyzer(conn); }
 };

 class DNP3_UDP_Analyzer : public DNP3_Base, public zeek::analyzer::Analyzer {
 public:
-	explicit DNP3_UDP_Analyzer(Connection* conn);
+	explicit DNP3_UDP_Analyzer(zeek::Connection* conn);
 	~DNP3_UDP_Analyzer() override;

 	void DeliverPacket(int len, const u_char* data, bool orig,
                    uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new DNP3_UDP_Analyzer(conn); }
 };

--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -1697,7 +1697,7 @@ zeek::RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
 	return r;
 	}

-Contents_DNS::Contents_DNS(Connection* conn, bool orig,
+Contents_DNS::Contents_DNS(zeek::Connection* conn, bool orig,
 				DNS_Interpreter* arg_interp)
 : tcp::TCP_SupportAnalyzer("CONTENTS_DNS", conn, orig)
 	{
@ -1791,7 +1791,7 @@ void Contents_DNS::ProcessChunk(int& len, const u_char*& data, bool orig)
 	state = DNS_LEN_HI;
 	}

-DNS_Analyzer::DNS_Analyzer(Connection* conn)
+DNS_Analyzer::DNS_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("DNS", conn)
 	{
 	interp = new DNS_Interpreter(this);
--- a/src/analyzer/protocol/dns/DNS.h
+++ b/src/analyzer/protocol/dns/DNS.h
@ -358,7 +358,7 @@ typedef enum {
 // ### This should be merged with TCP_Contents_RPC.
 class Contents_DNS final : public tcp::TCP_SupportAnalyzer {
 public:
-	Contents_DNS(Connection* c, bool orig, DNS_Interpreter* interp);
+	Contents_DNS(zeek::Connection* c, bool orig, DNS_Interpreter* interp);
 	~Contents_DNS() override;

 	void Flush();		///< process any partially-received data
@ -381,7 +381,7 @@ protected:
 // Works for both TCP and UDP.
 class DNS_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit DNS_Analyzer(Connection* conn);
+	explicit DNS_Analyzer(zeek::Connection* conn);
 	~DNS_Analyzer() override;

 	void DeliverPacket(int len, const u_char* data, bool orig,
@ -393,7 +393,7 @@ public:
 					tcp::TCP_Endpoint* peer, bool gen_event) override;
 	void ExpireTimer(double t);

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new DNS_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/file/File.cc
+++ b/src/analyzer/protocol/file/File.cc
@ -11,7 +11,7 @@

 using namespace analyzer::file;

-File_Analyzer::File_Analyzer(const char* name, Connection* conn)
+File_Analyzer::File_Analyzer(const char* name, zeek::Connection* conn)
 	: TCP_ApplicationAnalyzer(name, conn)
 	{
 	buffer_len = 0;
--- a/src/analyzer/protocol/file/File.h
+++ b/src/analyzer/protocol/file/File.h
@ -10,7 +10,7 @@ namespace analyzer { namespace file {

 class File_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	File_Analyzer(const char* name, Connection* conn);
+	File_Analyzer(const char* name, zeek::Connection* conn);

 	void Done() override;

@ -18,7 +18,7 @@ public:

 	void Undelivered(uint64_t seq, int len, bool orig) override;

-//	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+//	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 //		{ return new File_Analyzer(conn); }

 protected:
@ -33,21 +33,21 @@ protected:

 class IRC_Data : public File_Analyzer {
 public:
-	explicit IRC_Data(Connection* conn)
+	explicit IRC_Data(zeek::Connection* conn)
 		: File_Analyzer("IRC_Data", conn)
 		{ }

-	static Analyzer* Instantiate(Connection* conn)
+	static Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new IRC_Data(conn); }
 };

 class FTP_Data : public File_Analyzer {
 public:
-	explicit FTP_Data(Connection* conn)
+	explicit FTP_Data(zeek::Connection* conn)
 		: File_Analyzer("FTP_Data", conn)
 		{ }

-	static Analyzer* Instantiate(Connection* conn)
+	static Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new FTP_Data(conn); }
 };

--- a/src/analyzer/protocol/finger/Finger.cc
+++ b/src/analyzer/protocol/finger/Finger.cc
@ -13,7 +13,7 @@

 using namespace analyzer::finger;

-Finger_Analyzer::Finger_Analyzer(Connection* conn)
+Finger_Analyzer::Finger_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("FINGER", conn)
 	{
 	did_deliver = 0;
--- a/src/analyzer/protocol/finger/Finger.h
+++ b/src/analyzer/protocol/finger/Finger.h
@ -9,14 +9,14 @@ namespace analyzer { namespace finger {

 class Finger_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit Finger_Analyzer(Connection* conn);
+	explicit Finger_Analyzer(zeek::Connection* conn);
 	~Finger_Analyzer() override {}

 	void Done() override;
 	// Line-based input.
 	void DeliverStream(int len, const u_char* data, bool orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new Finger_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/ftp/FTP.cc
+++ b/src/analyzer/protocol/ftp/FTP.cc
@ -17,7 +17,7 @@

 using namespace analyzer::ftp;

-FTP_Analyzer::FTP_Analyzer(Connection* conn)
+FTP_Analyzer::FTP_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("FTP", conn)
 	{
 	pending_reply = 0;
--- a/src/analyzer/protocol/ftp/FTP.h
+++ b/src/analyzer/protocol/ftp/FTP.h
@ -10,12 +10,12 @@ namespace analyzer { namespace ftp {

 class FTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit FTP_Analyzer(Connection* conn);
+	explicit FTP_Analyzer(zeek::Connection* conn);

 	void Done() override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{
 		return new FTP_Analyzer(conn);
 		}
@ -36,7 +36,7 @@ protected:
 */
 class FTP_ADAT_Analyzer final : public zeek::analyzer::SupportAnalyzer {
 public:
-	FTP_ADAT_Analyzer(Connection* conn, bool arg_orig)
+	FTP_ADAT_Analyzer(zeek::Connection* conn, bool arg_orig)
 	    : SupportAnalyzer("FTP_ADAT", conn, arg_orig),
 	      first_token(true) { }

--- a/src/analyzer/protocol/gnutella/Gnutella.cc
+++ b/src/analyzer/protocol/gnutella/Gnutella.cc
@ -33,7 +33,7 @@ GnutellaMsgState::GnutellaMsgState()
 	}


-Gnutella_Analyzer::Gnutella_Analyzer(Connection* conn)
+Gnutella_Analyzer::Gnutella_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("GNUTELLA", conn)
 	{
 	state = 0;
--- a/src/analyzer/protocol/gnutella/Gnutella.h
+++ b/src/analyzer/protocol/gnutella/Gnutella.h
@ -35,13 +35,13 @@ public:

 class Gnutella_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit Gnutella_Analyzer(Connection* conn);
+	explicit Gnutella_Analyzer(zeek::Connection* conn);
 	~Gnutella_Analyzer() override;

 	void Done () override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new Gnutella_Analyzer(conn); }

 private:
--- a/src/analyzer/protocol/gssapi/GSSAPI.cc
+++ b/src/analyzer/protocol/gssapi/GSSAPI.cc
@ -7,7 +7,7 @@

 using namespace analyzer::gssapi;

-GSSAPI_Analyzer::GSSAPI_Analyzer(Connection* c)
+GSSAPI_Analyzer::GSSAPI_Analyzer(zeek::Connection* c)
 	: tcp::TCP_ApplicationAnalyzer("GSSAPI", c)
 	{
 	interp = new binpac::GSSAPI::GSSAPI_Conn(this);
--- a/src/analyzer/protocol/gssapi/GSSAPI.h
+++ b/src/analyzer/protocol/gssapi/GSSAPI.h
@ -12,7 +12,7 @@ namespace analyzer { namespace gssapi {
 class GSSAPI_Analyzer final : public tcp::TCP_ApplicationAnalyzer {

 public:
-	explicit GSSAPI_Analyzer(Connection* conn);
+	explicit GSSAPI_Analyzer(zeek::Connection* conn);
 	~GSSAPI_Analyzer() override;

 	// Overriden from Analyzer.
@ -24,7 +24,7 @@ public:
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new GSSAPI_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/gtpv1/GTPv1.cc
+++ b/src/analyzer/protocol/gtpv1/GTPv1.cc
@ -6,7 +6,7 @@

 using namespace analyzer::gtpv1;

-GTPv1_Analyzer::GTPv1_Analyzer(Connection* conn)
+GTPv1_Analyzer::GTPv1_Analyzer(zeek::Connection* conn)
 : Analyzer("GTPV1", conn)
 	{
 	interp = new binpac::GTPv1::GTPv1_Conn(this);
--- a/src/analyzer/protocol/gtpv1/GTPv1.h
+++ b/src/analyzer/protocol/gtpv1/GTPv1.h
@ -6,14 +6,14 @@ namespace analyzer { namespace gtpv1 {

 class GTPv1_Analyzer final : public zeek::analyzer::Analyzer {
 public:
-	explicit GTPv1_Analyzer(Connection* conn);
+	explicit GTPv1_Analyzer(zeek::Connection* conn);
 	virtual ~GTPv1_Analyzer();

 	virtual void Done();
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const zeek::IP_Hdr* ip, int caplen);

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new GTPv1_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
+++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
@ -647,7 +647,7 @@ flow GTPv1_Flow(is_orig: bool)
 	function process_gtpv1(pdu: GTPv1_Header): bool
 		%{
 		BroAnalyzer a = connection()->bro_analyzer();
-		Connection *c = a->Conn();
+		zeek::Connection* c = a->Conn();
 		const zeek::EncapsulationStack* e = c->GetEncapsulation();

 		connection()->set_valid(is_orig(), false);
@ -712,7 +712,7 @@ flow GTPv1_Flow(is_orig: bool)
 	function process_g_pdu(pdu: GTPv1_Header): bool
 		%{
 		BroAnalyzer a = connection()->bro_analyzer();
-		Connection *c = a->Conn();
+		zeek::Connection* c = a->Conn();
 		const zeek::EncapsulationStack* e = c->GetEncapsulation();

 		if ( ${pdu.packet}.length() < (int)sizeof(struct ip) )
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -825,7 +825,7 @@ void HTTP_Message::Weird(const char* msg)
 	analyzer->Weird(msg);
 	}

-HTTP_Analyzer::HTTP_Analyzer(Connection* conn)
+HTTP_Analyzer::HTTP_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("HTTP", conn)
 	{
 	num_requests = num_replies = 0;
--- a/src/analyzer/protocol/http/HTTP.h
+++ b/src/analyzer/protocol/http/HTTP.h
@ -150,7 +150,7 @@ protected:

 class HTTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	HTTP_Analyzer(Connection* conn);
+	HTTP_Analyzer(zeek::Connection* conn);

 	void HTTP_Header(bool is_orig, mime::MIME_Header* h);
 	void HTTP_EntityData(bool is_orig, zeek::String* entity_data);
@ -195,7 +195,7 @@ public:
 	int GetRequestOngoing() { return request_ongoing; };
 	int GetReplyOngoing() { return reply_ongoing; };

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new HTTP_Analyzer(conn); }

 	static bool Available()
--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@ -20,7 +20,7 @@

 using namespace analyzer::icmp;

-ICMP_Analyzer::ICMP_Analyzer(Connection* c)
+ICMP_Analyzer::ICMP_Analyzer(zeek::Connection* c)
 	: TransportLayerAnalyzer("ICMP", c),
 	icmp_conn_val(), type(), code(), request_len(-1), reply_len(-1)
 	{
@ -506,7 +506,7 @@ void ICMP_Analyzer::UpdateEndpointVal(const zeek::ValPtr& endp_arg, bool is_orig
 unsigned int ICMP_Analyzer::MemoryAllocation() const
 	{
 	return Analyzer::MemoryAllocation()
-		+ padded_sizeof(*this) - padded_sizeof(Connection)
+		+ padded_sizeof(*this) - padded_sizeof(zeek::Connection)
 		+ (icmp_conn_val ? icmp_conn_val->MemoryAllocation() : 0);
 	}

--- a/src/analyzer/protocol/icmp/ICMP.h
+++ b/src/analyzer/protocol/icmp/ICMP.h
@ -22,11 +22,11 @@ typedef enum {
 // RuleMatcherState to perform our own matching.
 class ICMP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer {
 public:
-	explicit ICMP_Analyzer(Connection* conn);
+	explicit ICMP_Analyzer(zeek::Connection* conn);

 	void UpdateConnVal(zeek::RecordVal *conn_val) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new ICMP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/ident/Ident.cc
+++ b/src/analyzer/protocol/ident/Ident.cc
@ -13,7 +13,7 @@

 using namespace analyzer::ident;

-Ident_Analyzer::Ident_Analyzer(Connection* conn)
+Ident_Analyzer::Ident_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("IDENT", conn)
 	{
 	did_bad_reply = did_deliver = false;
--- a/src/analyzer/protocol/ident/Ident.h
+++ b/src/analyzer/protocol/ident/Ident.h
@ -9,12 +9,12 @@ namespace analyzer { namespace ident {

 class Ident_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit Ident_Analyzer(Connection* conn);
+	explicit Ident_Analyzer(zeek::Connection* conn);
 	void Done() override;

 	void DeliverStream(int length, const u_char* data, bool is_orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new Ident_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/imap/IMAP.cc
+++ b/src/analyzer/protocol/imap/IMAP.cc
@ -6,7 +6,7 @@

 using namespace analyzer::imap;

-IMAP_Analyzer::IMAP_Analyzer(Connection* conn)
+IMAP_Analyzer::IMAP_Analyzer(zeek::Connection* conn)
 	: tcp::TCP_ApplicationAnalyzer("IMAP", conn)
 	{
 	interp = new binpac::IMAP::IMAP_Conn(this);
--- a/src/analyzer/protocol/imap/IMAP.h
+++ b/src/analyzer/protocol/imap/IMAP.h
@ -12,7 +12,7 @@ namespace analyzer { namespace imap {

 class IMAP_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit IMAP_Analyzer(Connection* conn);
+	explicit IMAP_Analyzer(zeek::Connection* conn);
 	~IMAP_Analyzer() override;

 	void Done() override;
@ -24,7 +24,7 @@ public:

 	void StartTLS();

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new IMAP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@ -12,7 +12,7 @@
 using namespace analyzer::irc;
 using namespace std;

-IRC_Analyzer::IRC_Analyzer(Connection* conn)
+IRC_Analyzer::IRC_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("IRC", conn)
 	{
 	invalid_msg_count = 0;
--- a/src/analyzer/protocol/irc/IRC.h
+++ b/src/analyzer/protocol/irc/IRC.h
@ -16,7 +16,7 @@ public:
 	/**
 	* \brief Constructor, builds a new analyzer object.
 	*/
-	explicit IRC_Analyzer(Connection* conn);
+	explicit IRC_Analyzer(zeek::Connection* conn);

 	/**
 	* \brief Called when connection is closed.
@ -32,7 +32,7 @@ public:
 	*/
 	void DeliverStream(int len, const u_char* data, bool orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{
 		return new IRC_Analyzer(conn);
 		}
--- a/src/analyzer/protocol/krb/KRB.cc
+++ b/src/analyzer/protocol/krb/KRB.cc
@ -16,7 +16,7 @@ krb5_keytab KRB_Analyzer::krb_keytab = nullptr;
 std::once_flag KRB_Analyzer::krb_initialized;
 #endif

-KRB_Analyzer::KRB_Analyzer(Connection* conn)
+KRB_Analyzer::KRB_Analyzer(zeek::Connection* conn)
 	: Analyzer("KRB", conn)
 	{
 	interp = new binpac::KRB::KRB_Conn(this);
--- a/src/analyzer/protocol/krb/KRB.h
+++ b/src/analyzer/protocol/krb/KRB.h
@ -15,14 +15,14 @@ namespace analyzer { namespace krb {
 class KRB_Analyzer final : public zeek::analyzer::Analyzer {

 public:
-	explicit KRB_Analyzer(Connection* conn);
+	explicit KRB_Analyzer(zeek::Connection* conn);
 	virtual ~KRB_Analyzer();

 	virtual void Done();
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
 							   uint64_t seq, const zeek::IP_Hdr* ip, int caplen);

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new KRB_Analyzer(conn); }

 	zeek::StringValPtr GetAuthenticationInfo(const zeek::String* principal,
--- a/src/analyzer/protocol/krb/KRB_TCP.cc
+++ b/src/analyzer/protocol/krb/KRB_TCP.cc
@ -7,7 +7,7 @@

 using namespace analyzer::krb_tcp;

-KRB_Analyzer::KRB_Analyzer(Connection* conn)
+KRB_Analyzer::KRB_Analyzer(zeek::Connection* conn)
 	: tcp::TCP_ApplicationAnalyzer("KRB_TCP", conn)
 	{
 	interp = new binpac::KRB_TCP::KRB_Conn(this);
--- a/src/analyzer/protocol/krb/KRB_TCP.h
+++ b/src/analyzer/protocol/krb/KRB_TCP.h
@ -11,7 +11,7 @@ namespace analyzer { namespace krb_tcp {
 class KRB_Analyzer final : public tcp::TCP_ApplicationAnalyzer {

 public:
-	explicit KRB_Analyzer(Connection* conn);
+	explicit KRB_Analyzer(zeek::Connection* conn);
 	~KRB_Analyzer() override;

 	void Done() override;
@ -26,7 +26,7 @@ public:
 	                                         const bro_uint_t enctype)
 		{ return zeek::val_mgr->EmptyString(); }

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new KRB_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/login/Login.cc
+++ b/src/analyzer/protocol/login/Login.cc
@ -27,7 +27,7 @@ static zeek::RE_Matcher* re_login_timeouts;

 static zeek::RE_Matcher* init_RE(zeek::ListVal* l);

-Login_Analyzer::Login_Analyzer(const char* name, Connection* conn)
+Login_Analyzer::Login_Analyzer(const char* name, zeek::Connection* conn)
    : tcp::TCP_ApplicationAnalyzer(name, conn), user_text()
 	{
 	state = LOGIN_STATE_AUTHENTICATE;
@ -91,7 +91,7 @@ void Login_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			str[j++] = line[i];
 		else
 			{
-			if ( Conn()->FlagEvent(NUL_IN_LINE) )
+			if ( Conn()->FlagEvent(zeek::NUL_IN_LINE) )
 				Weird("NUL_in_line");
 			}

--- a/src/analyzer/protocol/login/Login.h
+++ b/src/analyzer/protocol/login/Login.h
@ -22,7 +22,7 @@ typedef enum {

 class Login_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	Login_Analyzer(const char* name, Connection* conn);
+	Login_Analyzer(const char* name, zeek::Connection* conn);
 	~Login_Analyzer() override;

 	void DeliverStream(int len, const u_char* data, bool orig) override;
--- a/src/analyzer/protocol/login/NVT.cc
+++ b/src/analyzer/protocol/login/NVT.cc
@ -380,7 +380,7 @@ void TelnetBinaryOption::InconsistentOption(unsigned int /* type */)
 	}


-NVT_Analyzer::NVT_Analyzer(Connection* conn, bool orig)
+NVT_Analyzer::NVT_Analyzer(zeek::Connection* conn, bool orig)
 	: tcp::ContentLine_Analyzer("NVT", conn, orig), options()
 	{
 	}
@ -536,7 +536,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data)

 			else
 				{
-				if ( Conn()->FlagEvent(SINGULAR_LF) )
+				if ( Conn()->FlagEvent(zeek::SINGULAR_LF) )
 					Conn()->Weird("line_terminated_with_single_LF");
 				buf[offset++] = c;
 				}
@ -574,7 +574,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data)
 		if ( ! (CRLFAsEOL() & CR_as_EOL) &&
 		     last_char == '\r' && c != '\n' && c != '\0' )
 			{
-			if ( Conn()->FlagEvent(SINGULAR_CR) )
+			if ( Conn()->FlagEvent(zeek::SINGULAR_CR) )
 				Weird("line_terminated_with_single_CR");
 			}

--- a/src/analyzer/protocol/login/NVT.h
+++ b/src/analyzer/protocol/login/NVT.h
@ -124,7 +124,7 @@ protected:

 class NVT_Analyzer final : public tcp::ContentLine_Analyzer {
 public:
-	NVT_Analyzer(Connection* conn, bool orig);
+	NVT_Analyzer(zeek::Connection* conn, bool orig);
 	~NVT_Analyzer() override;

 	TelnetOption* FindOption(unsigned int code);
--- a/src/analyzer/protocol/login/RSH.cc
+++ b/src/analyzer/protocol/login/RSH.cc
@ -13,8 +13,8 @@ using namespace analyzer::login;

 // FIXME: this code should probably be merged with Rlogin.cc.

-Contents_Rsh_Analyzer::Contents_Rsh_Analyzer(Connection* conn, bool orig,
-						Rsh_Analyzer* arg_analyzer)
+Contents_Rsh_Analyzer::Contents_Rsh_Analyzer(zeek::Connection* conn, bool orig,
+                                             Rsh_Analyzer* arg_analyzer)
 : tcp::ContentLine_Analyzer("CONTENTS_RSH", conn, orig)
 	{
 	num_bytes_to_scan = 0;
@ -144,7 +144,7 @@ void Contents_Rsh_Analyzer::BadProlog()
 	state = RSH_UNKNOWN;
 	}

-Rsh_Analyzer::Rsh_Analyzer(Connection* conn)
+Rsh_Analyzer::Rsh_Analyzer(zeek::Connection* conn)
 : Login_Analyzer("RSH", conn)
 	{
 	contents_orig = new Contents_Rsh_Analyzer(conn, true, this);
--- a/src/analyzer/protocol/login/RSH.h
+++ b/src/analyzer/protocol/login/RSH.h
@ -24,7 +24,7 @@ class Rsh_Analyzer;

 class Contents_Rsh_Analyzer final : public tcp::ContentLine_Analyzer {
 public:
-	Contents_Rsh_Analyzer(Connection* conn, bool orig, Rsh_Analyzer* analyzer);
+	Contents_Rsh_Analyzer(zeek::Connection* conn, bool orig, Rsh_Analyzer* analyzer);
 	~Contents_Rsh_Analyzer() override;

 	rsh_state RshSaveState() const	{ return save_state; }
@ -41,14 +41,14 @@ protected:

 class Rsh_Analyzer final : public Login_Analyzer {
 public:
-	explicit Rsh_Analyzer(Connection* conn);
+	explicit Rsh_Analyzer(zeek::Connection* conn);

 	void DeliverStream(int len, const u_char* data, bool orig) override;

 	void ClientUserName(const char* s);
 	void ServerUserName(const char* s);

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new Rsh_Analyzer(conn); }

 	Contents_Rsh_Analyzer* contents_orig;
--- a/src/analyzer/protocol/login/Rlogin.cc
+++ b/src/analyzer/protocol/login/Rlogin.cc
@ -11,7 +11,7 @@

 using namespace analyzer::login;

-Contents_Rlogin_Analyzer::Contents_Rlogin_Analyzer(Connection* conn, bool orig, Rlogin_Analyzer* arg_analyzer)
+Contents_Rlogin_Analyzer::Contents_Rlogin_Analyzer(zeek::Connection* conn, bool orig, Rlogin_Analyzer* arg_analyzer)
 : tcp::ContentLine_Analyzer("CONTENTLINE", conn, orig)
 	{
 	num_bytes_to_scan = 0;
@ -208,7 +208,7 @@ void Contents_Rlogin_Analyzer::BadProlog()
 	}


-Rlogin_Analyzer::Rlogin_Analyzer(Connection* conn)
+Rlogin_Analyzer::Rlogin_Analyzer(zeek::Connection* conn)
 : Login_Analyzer("RLOGIN", conn)
 	{
 	Contents_Rlogin_Analyzer* orig =
--- a/src/analyzer/protocol/login/Rlogin.h
+++ b/src/analyzer/protocol/login/Rlogin.h
@ -32,8 +32,8 @@ class Rlogin_Analyzer;

 class Contents_Rlogin_Analyzer final : public tcp::ContentLine_Analyzer {
 public:
-	Contents_Rlogin_Analyzer(Connection* conn, bool orig,
-					Rlogin_Analyzer* analyzer);
+	Contents_Rlogin_Analyzer(zeek::Connection* conn, bool orig,
+	                         Rlogin_Analyzer* analyzer);
 	~Contents_Rlogin_Analyzer() override;

 	void SetPeer(Contents_Rlogin_Analyzer* arg_peer)
@ -55,13 +55,13 @@ protected:

 class Rlogin_Analyzer final : public Login_Analyzer {
 public:
-	explicit Rlogin_Analyzer(Connection* conn);
+	explicit Rlogin_Analyzer(zeek::Connection* conn);

 	void ClientUserName(const char* s);
 	void ServerUserName(const char* s);
 	void TerminalType(const char* s);

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new Rlogin_Analyzer(conn); }
 };

--- a/src/analyzer/protocol/login/Telnet.cc
+++ b/src/analyzer/protocol/login/Telnet.cc
@ -9,7 +9,7 @@

 using namespace analyzer::login;

-Telnet_Analyzer::Telnet_Analyzer(Connection* conn)
+Telnet_Analyzer::Telnet_Analyzer(zeek::Connection* conn)
 : Login_Analyzer("TELNET", conn)
 	{
 	NVT_Analyzer* nvt_orig = new NVT_Analyzer(conn, true);
@ -21,4 +21,3 @@ Telnet_Analyzer::Telnet_Analyzer(Connection* conn)
 	AddSupportAnalyzer(nvt_orig);
 	AddSupportAnalyzer(nvt_resp);
 	}
-
--- a/src/analyzer/protocol/login/Telnet.h
+++ b/src/analyzer/protocol/login/Telnet.h
@ -8,10 +8,10 @@ namespace analyzer { namespace login {

 class Telnet_Analyzer : public Login_Analyzer {
 public:
-	explicit Telnet_Analyzer(Connection* conn);
+	explicit Telnet_Analyzer(zeek::Connection* conn);
 	~Telnet_Analyzer() override {}

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new Telnet_Analyzer(conn); }
 };

--- a/src/analyzer/protocol/login/functions.bif
+++ b/src/analyzer/protocol/login/functions.bif
@ -26,7 +26,7 @@
 ## .. zeek:see:: set_login_state
 function get_login_state%(cid: conn_id%): count
 	%{
-	Connection* c = sessions->FindConnection(cid);
+	zeek::Connection* c = sessions->FindConnection(cid);
 	if ( ! c )
 		return zeek::val_mgr->False();

@ -50,7 +50,7 @@ function get_login_state%(cid: conn_id%): count
 ## .. zeek:see:: get_login_state
 function set_login_state%(cid: conn_id, new_state: count%): bool
 	%{
-	Connection* c = sessions->FindConnection(cid);
+	zeek::Connection* c = sessions->FindConnection(cid);
 	if ( ! c )
 		return zeek::val_mgr->False();

--- a/src/analyzer/protocol/modbus/Modbus.cc
+++ b/src/analyzer/protocol/modbus/Modbus.cc
@ -6,7 +6,7 @@

 using namespace analyzer::modbus;

-ModbusTCP_Analyzer::ModbusTCP_Analyzer(Connection* c)
+ModbusTCP_Analyzer::ModbusTCP_Analyzer(zeek::Connection* c)
 	: TCP_ApplicationAnalyzer("MODBUS", c)
 	{
 	interp = new binpac::ModbusTCP::ModbusTCP_Conn(this);
@ -42,4 +42,3 @@ void ModbusTCP_Analyzer::EndpointEOF(bool is_orig)
 	TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
 	interp->FlowEOF(is_orig);
 	}
-
--- a/src/analyzer/protocol/modbus/Modbus.h
+++ b/src/analyzer/protocol/modbus/Modbus.h
@ -7,7 +7,7 @@ namespace analyzer { namespace modbus {

 class ModbusTCP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit ModbusTCP_Analyzer(Connection* conn);
+	explicit ModbusTCP_Analyzer(zeek::Connection* conn);
 	~ModbusTCP_Analyzer() override;

 	void Done() override;
@ -16,7 +16,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new ModbusTCP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/mqtt/MQTT.cc
+++ b/src/analyzer/protocol/mqtt/MQTT.cc
@ -9,7 +9,7 @@

 using namespace analyzer::MQTT;

-MQTT_Analyzer::MQTT_Analyzer(Connection* c)
+MQTT_Analyzer::MQTT_Analyzer(zeek::Connection* c)
 	: tcp::TCP_ApplicationAnalyzer("MQTT", c)
 	{
 	interp = new binpac::MQTT::MQTT_Conn(this);
--- a/src/analyzer/protocol/mqtt/MQTT.h
+++ b/src/analyzer/protocol/mqtt/MQTT.h
@ -12,7 +12,7 @@ namespace analyzer { namespace MQTT {
 class MQTT_Analyzer final : public tcp::TCP_ApplicationAnalyzer {

 public:
-	MQTT_Analyzer(Connection* conn);
+	MQTT_Analyzer(zeek::Connection* conn);
 	~MQTT_Analyzer() override;

 	void Done() override;
@ -20,7 +20,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
+	static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn)
 		{ return new MQTT_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/mysql/MySQL.cc
+++ b/src/analyzer/protocol/mysql/MySQL.cc
@ -7,7 +7,7 @@

 using namespace analyzer::MySQL;

-MySQL_Analyzer::MySQL_Analyzer(Connection* c)
+MySQL_Analyzer::MySQL_Analyzer(zeek::Connection* c)
 	: tcp::TCP_ApplicationAnalyzer("MySQL", c)
 	{
 	interp = new binpac::MySQL::MySQL_Conn(this);
--- a/src/analyzer/protocol/mysql/MySQL.h
+++ b/src/analyzer/protocol/mysql/MySQL.h
@ -12,7 +12,7 @@ namespace analyzer { namespace MySQL {
 class MySQL_Analyzer final : public tcp::TCP_ApplicationAnalyzer {

 public:
-	explicit MySQL_Analyzer(Connection* conn);
+	explicit MySQL_Analyzer(zeek::Connection* conn);
 	~MySQL_Analyzer() override;

 	// Overriden from Analyzer.
@ -24,7 +24,7 @@ public:
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new MySQL_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/ncp/NCP.cc
+++ b/src/analyzer/protocol/ncp/NCP.cc
@ -163,7 +163,7 @@ void NCP_FrameBuffer::compute_msg_length()
 		msg_len = (msg_len << 8) | data[4+i];
 	}

-Contents_NCP_Analyzer::Contents_NCP_Analyzer(Connection* conn, bool orig, NCP_Session* arg_session)
+Contents_NCP_Analyzer::Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, NCP_Session* arg_session)
 : tcp::TCP_SupportAnalyzer("CONTENTS_NCP", conn, orig)
 	{
 	session = arg_session;
@ -244,7 +244,7 @@ void Contents_NCP_Analyzer::Undelivered(uint64_t seq, int len, bool orig)
 	resync = true;
 	}

-NCP_Analyzer::NCP_Analyzer(Connection* conn)
+NCP_Analyzer::NCP_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("NCP", conn)
 	{
 	session = new NCP_Session(this);
--- a/src/analyzer/protocol/ncp/NCP.h
+++ b/src/analyzer/protocol/ncp/NCP.h
@ -84,7 +84,7 @@ protected:

 class Contents_NCP_Analyzer : public tcp::TCP_SupportAnalyzer {
 public:
-	Contents_NCP_Analyzer(Connection* conn, bool orig, NCP_Session* session);
+	Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, NCP_Session* session);
 	~Contents_NCP_Analyzer() override;

 protected:
@ -101,10 +101,10 @@ protected:

 class NCP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit NCP_Analyzer(Connection* conn);
+	explicit NCP_Analyzer(zeek::Connection* conn);
 	~NCP_Analyzer() override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new NCP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -332,8 +332,8 @@ void NetbiosSSN_Interpreter::Event(zeek::EventHandlerPtr event, const u_char* da
 	}


-Contents_NetbiosSSN::Contents_NetbiosSSN(Connection* conn, bool orig,
-					NetbiosSSN_Interpreter* arg_interp)
+Contents_NetbiosSSN::Contents_NetbiosSSN(zeek::Connection* conn, bool orig,
+                                         NetbiosSSN_Interpreter* arg_interp)
 : tcp::TCP_SupportAnalyzer("CONTENTS_NETBIOSSSN", conn, orig)
 	{
 	interp = arg_interp;
@ -453,7 +453,7 @@ void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig)
 	state = NETBIOS_SSN_TYPE;
 	}

-NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(Connection* conn)
+NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("NETBIOSSSN", conn)
 	{
 	//smb_session = new SMB_Session(this);
--- a/src/analyzer/protocol/netbios/NetbiosSSN.h
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.h
@ -114,7 +114,7 @@ typedef enum {
 // ### This should be merged with TCP_Contents_RPC, TCP_Contents_DNS.
 class Contents_NetbiosSSN final : public tcp::TCP_SupportAnalyzer {
 public:
-	Contents_NetbiosSSN(Connection* conn, bool orig,
+	Contents_NetbiosSSN(zeek::Connection* conn, bool orig,
 				NetbiosSSN_Interpreter* interp);
 	~Contents_NetbiosSSN() override;

@ -141,14 +141,14 @@ protected:

 class NetbiosSSN_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit NetbiosSSN_Analyzer(Connection* conn);
+	explicit NetbiosSSN_Analyzer(zeek::Connection* conn);
 	~NetbiosSSN_Analyzer() override;

 	void Done() override;
 	void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new NetbiosSSN_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/ntlm/NTLM.cc
+++ b/src/analyzer/protocol/ntlm/NTLM.cc
@ -7,7 +7,7 @@

 using namespace analyzer::ntlm;

-NTLM_Analyzer::NTLM_Analyzer(Connection* c)
+NTLM_Analyzer::NTLM_Analyzer(zeek::Connection* c)
 	: tcp::TCP_ApplicationAnalyzer("NTLM", c)
 	{
 	interp = new binpac::NTLM::NTLM_Conn(this);
--- a/src/analyzer/protocol/ntlm/NTLM.h
+++ b/src/analyzer/protocol/ntlm/NTLM.h
@ -12,7 +12,7 @@ namespace analyzer { namespace ntlm {
 class NTLM_Analyzer final : public tcp::TCP_ApplicationAnalyzer {

 public:
-	explicit NTLM_Analyzer(Connection* conn);
+	explicit NTLM_Analyzer(zeek::Connection* conn);
 	~NTLM_Analyzer() override;

 	// Overriden from Analyzer.
@ -24,7 +24,7 @@ public:
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new NTLM_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/ntp/NTP.cc
+++ b/src/analyzer/protocol/ntp/NTP.cc
@ -6,7 +6,7 @@

 using namespace analyzer::NTP;

-NTP_Analyzer::NTP_Analyzer(Connection* c)
+NTP_Analyzer::NTP_Analyzer(zeek::Connection* c)
 	: zeek::analyzer::Analyzer("NTP", c)
 	{
 	interp = new binpac::NTP::NTP_Conn(this);
--- a/src/analyzer/protocol/ntp/NTP.h
+++ b/src/analyzer/protocol/ntp/NTP.h
@ -11,7 +11,7 @@ namespace analyzer { namespace NTP {

 class NTP_Analyzer final : public zeek::analyzer::Analyzer {
 public:
-	explicit NTP_Analyzer(Connection* conn);
+	explicit NTP_Analyzer(zeek::Connection* conn);
 	~NTP_Analyzer() override;

 	// Overriden from Analyzer.
@ -19,7 +19,7 @@ public:
 	void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new NTP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/pia/PIA.h
+++ b/src/analyzer/protocol/pia/PIA.h
@ -77,25 +77,25 @@ protected:
 	void DoMatch(const u_char* data, int len, bool is_orig, bool bol,
 	             bool eol, bool clear_state, const zeek::IP_Hdr* ip = nullptr);

-	void SetConn(Connection* c)	{ conn = c; }
+	void SetConn(zeek::Connection* c)	{ conn = c; }

 	Buffer pkt_buffer;

 private:
 	zeek::analyzer::Analyzer* as_analyzer;
-	Connection* conn;
+	zeek::Connection* conn;
 	DataBlock current_packet;
 };

 // PIA for UDP.
 class PIA_UDP : public PIA, public zeek::analyzer::Analyzer {
 public:
-	explicit PIA_UDP(Connection* conn)
+	explicit PIA_UDP(zeek::Connection* conn)
 	: PIA(this), Analyzer("PIA_UDP", conn)
 		{ SetConn(conn); }
 	~PIA_UDP() override { }

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new PIA_UDP(conn); }

 protected:
@ -120,7 +120,7 @@ protected:
 // packets before passing payload on to children).
 class PIA_TCP : public PIA, public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit PIA_TCP(Connection* conn)
+	explicit PIA_TCP(zeek::Connection* conn)
 		: PIA(this), tcp::TCP_ApplicationAnalyzer("PIA_TCP", conn)
 		{ stream_mode = false; SetConn(conn); }

@ -140,7 +140,7 @@ public:

 	void ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer);

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new PIA_TCP(conn); }

 protected:
--- a/src/analyzer/protocol/pop3/POP3.cc
+++ b/src/analyzer/protocol/pop3/POP3.cc
@ -26,7 +26,7 @@ static const char* pop3_cmd_word[] = {
 #define POP3_CMD_WORD(code) ((code >= 0) ? pop3_cmd_word[code] : "(UNKNOWN)")


-POP3_Analyzer::POP3_Analyzer(Connection* conn)
+POP3_Analyzer::POP3_Analyzer(zeek::Connection* conn)
 : tcp::TCP_ApplicationAnalyzer("POP3", conn)
 	{
 	masterState = POP3_START;
--- a/src/analyzer/protocol/pop3/POP3.h
+++ b/src/analyzer/protocol/pop3/POP3.h
@ -63,13 +63,13 @@ typedef enum {

 class POP3_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
 public:
-	explicit POP3_Analyzer(Connection* conn);
+	explicit POP3_Analyzer(zeek::Connection* conn);
 	~POP3_Analyzer() override;

 	void Done() override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{
 		return new POP3_Analyzer(conn);
 		}
--- a/src/analyzer/protocol/radius/RADIUS.cc
+++ b/src/analyzer/protocol/radius/RADIUS.cc
@ -8,7 +8,7 @@

 using namespace analyzer::RADIUS;

-RADIUS_Analyzer::RADIUS_Analyzer(Connection* c)
+RADIUS_Analyzer::RADIUS_Analyzer(zeek::Connection* c)
 	: zeek::analyzer::Analyzer("RADIUS", c)
 	{
 	interp = new binpac::RADIUS::RADIUS_Conn(this);
--- a/src/analyzer/protocol/radius/RADIUS.h
+++ b/src/analyzer/protocol/radius/RADIUS.h
@ -13,7 +13,7 @@ namespace analyzer { namespace RADIUS {

 class RADIUS_Analyzer final : public zeek::analyzer::Analyzer {
 public:
-	explicit RADIUS_Analyzer(Connection* conn);
+	explicit RADIUS_Analyzer(zeek::Connection* conn);
 	~RADIUS_Analyzer() override;

 	// Overriden from Analyzer.
@ -21,7 +21,7 @@ public:
 	void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new RADIUS_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/rdp/RDP.cc
+++ b/src/analyzer/protocol/rdp/RDP.cc
@ -6,7 +6,7 @@

 using namespace analyzer::rdp;

-RDP_Analyzer::RDP_Analyzer(Connection* c)
+RDP_Analyzer::RDP_Analyzer(zeek::Connection* c)
 	: tcp::TCP_ApplicationAnalyzer("RDP", c)
 	{
 	interp = new binpac::RDP::RDP_Conn(this);
--- a/src/analyzer/protocol/rdp/RDP.h
+++ b/src/analyzer/protocol/rdp/RDP.h
@ -10,7 +10,7 @@ namespace analyzer { namespace rdp {
 class RDP_Analyzer final : public tcp::TCP_ApplicationAnalyzer {

 public:
-	explicit RDP_Analyzer(Connection* conn);
+	explicit RDP_Analyzer(zeek::Connection* conn);
 	~RDP_Analyzer() override;

 	// Overriden from Analyzer.
@ -19,7 +19,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
+	static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn)
 		{ return new RDP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/rdp/RDPEUDP.cc
+++ b/src/analyzer/protocol/rdp/RDPEUDP.cc
@ -5,7 +5,7 @@

 using namespace analyzer::rdpeudp;

-RDP_Analyzer::RDP_Analyzer(Connection* c)
+RDP_Analyzer::RDP_Analyzer(zeek::Connection* c)
 	: zeek::analyzer::Analyzer("RDPEUDP", c)
 	{
 	interp = new binpac::RDPEUDP::RDPEUDP_Conn(this);
--- a/src/analyzer/protocol/rdp/RDPEUDP.h
+++ b/src/analyzer/protocol/rdp/RDPEUDP.h
@ -8,13 +8,13 @@ namespace analyzer { namespace rdpeudp {
 class RDP_Analyzer final : public zeek::analyzer::Analyzer {

 public:
-	explicit RDP_Analyzer(Connection* conn);
+	explicit RDP_Analyzer(zeek::Connection* conn);
 	~RDP_Analyzer() override;

 	void Done() override;
 	void DeliverPacket(int len, const u_char* data, bool orig,
 	                   uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
-	static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
+	static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn)
 		{ return new RDP_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/rfb/RFB.cc
+++ b/src/analyzer/protocol/rfb/RFB.cc
@ -8,7 +8,7 @@

 using namespace analyzer::rfb;

-RFB_Analyzer::RFB_Analyzer(Connection* c)
+RFB_Analyzer::RFB_Analyzer(zeek::Connection* c)

 : tcp::TCP_ApplicationAnalyzer("RFB", c)

--- a/src/analyzer/protocol/rfb/RFB.h
+++ b/src/analyzer/protocol/rfb/RFB.h
@ -12,7 +12,7 @@ namespace analyzer { namespace rfb {
 class RFB_Analyzer final : public tcp::TCP_ApplicationAnalyzer {

 public:
-	explicit RFB_Analyzer(Connection* conn);
+	explicit RFB_Analyzer(zeek::Connection* conn);
 	~RFB_Analyzer() override;

 	// Overriden from Analyzer.
@ -24,7 +24,7 @@ public:
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;

-	static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
+	static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn)
 		{ return new RFB_Analyzer(conn); }

 protected:
--- a/src/analyzer/protocol/rpc/MOUNT.cc
+++ b/src/analyzer/protocol/rpc/MOUNT.cc
@ -280,7 +280,7 @@ zeek::RecordValPtr MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n,
 	return rep;
 	}

-MOUNT_Analyzer::MOUNT_Analyzer(Connection* conn)
+MOUNT_Analyzer::MOUNT_Analyzer(zeek::Connection* conn)
 	: RPC_Analyzer("MOUNT", conn, new MOUNT_Interp(this))
 	{
 	orig_rpc = resp_rpc = nullptr;
--- a/src/analyzer/protocol/rpc/MOUNT.h
+++ b/src/analyzer/protocol/rpc/MOUNT.h
@ -39,10 +39,10 @@ protected:

 class MOUNT_Analyzer : public RPC_Analyzer {
 public:
-	explicit MOUNT_Analyzer(Connection* conn);
+	explicit MOUNT_Analyzer(zeek::Connection* conn);
 	void Init() override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new MOUNT_Analyzer(conn); }
 };

--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -817,7 +817,7 @@ zeek::ValPtr NFS_Interp::ExtractBool(const u_char*& buf, int& n)
 	}


-NFS_Analyzer::NFS_Analyzer(Connection* conn)
+NFS_Analyzer::NFS_Analyzer(zeek::Connection* conn)
 	: RPC_Analyzer("NFS", conn, new NFS_Interp(this))
 	{
 	orig_rpc = resp_rpc = nullptr;
--- a/src/analyzer/protocol/rpc/NFS.h
+++ b/src/analyzer/protocol/rpc/NFS.h
@ -81,10 +81,10 @@ protected:

 class NFS_Analyzer : public RPC_Analyzer {
 public:
-	explicit NFS_Analyzer(Connection* conn);
+	explicit NFS_Analyzer(zeek::Connection* conn);
 	void Init() override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new NFS_Analyzer(conn); }
 };

--- a/src/analyzer/protocol/rpc/Portmap.cc
+++ b/src/analyzer/protocol/rpc/Portmap.cc
@ -289,7 +289,7 @@ void PortmapperInterp::Event(zeek::EventHandlerPtr f, zeek::ValPtr request, BifE
 	analyzer->EnqueueConnEvent(f, std::move(vl));
 	}

-Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn)
+Portmapper_Analyzer::Portmapper_Analyzer(zeek::Connection* conn)
 : RPC_Analyzer("PORTMAPPER", conn, new PortmapperInterp(this))
 	{
 	orig_rpc = resp_rpc = nullptr;
--- a/src/analyzer/protocol/rpc/Portmap.h
+++ b/src/analyzer/protocol/rpc/Portmap.h
@ -26,11 +26,11 @@ protected:

 class Portmapper_Analyzer : public RPC_Analyzer {
 public:
-	explicit Portmapper_Analyzer(Connection* conn);
+	explicit Portmapper_Analyzer(zeek::Connection* conn);
 	~Portmapper_Analyzer() override;
 	void Init() override;

-	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn)
 		{ return new Portmapper_Analyzer(conn); }
 };

--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -412,8 +412,8 @@ bool RPC_Reasm_Buffer::ConsumeChunk(const u_char*& data, int& len)
 	return (expected == processed);
 	}

-Contents_RPC::Contents_RPC(Connection* conn, bool orig,
-				RPC_Interpreter* arg_interp)
+Contents_RPC::Contents_RPC(zeek::Connection* conn, bool orig,
+                           RPC_Interpreter* arg_interp)
 	: tcp::TCP_SupportAnalyzer("CONTENTS_RPC", conn, orig)
 	{
 	interp = arg_interp;
@ -720,8 +720,8 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig)
 		} // end while
 	}

-RPC_Analyzer::RPC_Analyzer(const char* name, Connection* conn,
-				RPC_Interpreter* arg_interp)
+RPC_Analyzer::RPC_Analyzer(const char* name, zeek::Connection* conn,
+                           RPC_Interpreter* arg_interp)
 	: tcp::TCP_ApplicationAnalyzer(name, conn),
 	  interp(arg_interp), orig_rpc(), resp_rpc()
 	{
--- a/src/analyzer/protocol/rpc/RPC.h
+++ b/src/analyzer/protocol/rpc/RPC.h
@ -186,7 +186,7 @@ protected:
 /* Support Analyzer for reassembling RPC-over-TCP messages */
 class Contents_RPC final : public tcp::TCP_SupportAnalyzer {
 public:
-	Contents_RPC(Connection* conn, bool orig, RPC_Interpreter* interp);
+	Contents_RPC(zeek::Connection* conn, bool orig, RPC_Interpreter* interp);
 	~Contents_RPC() override;

 protected:
@ -232,7 +232,7 @@ protected:

 class RPC_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
-	RPC_Analyzer(const char* name, Connection* conn,
+	RPC_Analyzer(const char* name, zeek::Connection* conn,
 			RPC_Interpreter* arg_interp);
 	~RPC_Analyzer() override;

--- a/Show more
+++ b/Show more