Mark global val_mgr as deprecated and fix uses of it to use namespaced version

src/file_analysis/File.cc

@@ -34,9 +34,9 @@ static zeek::RecordValPtr get_conn_id_val(const Connection* conn)
 	{
 	auto v = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
 	v->Assign(0, zeek::make_intrusive<zeek::AddrVal>(conn->OrigAddr()));
-	v->Assign(1, val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
+	v->Assign(1, zeek::val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
 	v->Assign(2, zeek::make_intrusive<zeek::AddrVal>(conn->RespAddr()));
-	v->Assign(3, val_mgr->Port(ntohs(conn->RespPort()), conn->ConnTransport()));
+	v->Assign(3, zeek::val_mgr->Port(ntohs(conn->RespPort()), conn->ConnTransport()));
 	return v;
 	}
 
@@ -97,7 +97,7 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
 
 	if ( conn )
 		{
-		val->Assign(is_orig_idx, val_mgr->Bool(is_orig));
+		val->Assign(is_orig_idx, zeek::val_mgr->Bool(is_orig));
 		UpdateConnectionFields(conn, is_orig);
 		}
 
@@ -153,7 +153,7 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig)
 		FileEvent(file_over_new_connection, {
 			val,
 			conn->ConnVal(),
-			val_mgr->Bool(is_orig),
+			zeek::val_mgr->Bool(is_orig),
 		});
 		}
 	}
@@ -226,13 +226,13 @@ bool File::SetExtractionLimit(zeek::RecordValPtr args, uint64_t bytes)
 void File::IncrementByteCount(uint64_t size, int field_idx)
 	{
 	uint64_t old = LookupFieldDefaultCount(field_idx);
-	val->Assign(field_idx, val_mgr->Count(old + size));
+	val->Assign(field_idx, zeek::val_mgr->Count(old + size));
 	}
 
 void File::SetTotalBytes(uint64_t size)
 	{
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size);
-	val->Assign(total_bytes_idx, val_mgr->Count(size));
+	val->Assign(total_bytes_idx, zeek::val_mgr->Count(size));
 	}
 
 bool File::IsComplete() const
@@ -308,7 +308,7 @@ bool File::SetMime(const std::string& mime_type)
 
 	auto meta = zeek::make_intrusive<zeek::RecordVal>(zeek::id::fa_metadata);
 	meta->Assign(meta_mime_type_idx, zeek::make_intrusive<zeek::StringVal>(mime_type));
-	meta->Assign(meta_inferred_idx, val_mgr->False());
+	meta->Assign(meta_inferred_idx, zeek::val_mgr->False());
 
 	FileEvent(file_sniff, {val, std::move(meta)});
 	return true;
@@ -462,8 +462,8 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
 				{
 				FileEvent(file_reassembly_overflow, {
 					val,
-					val_mgr->Count(current_offset),
-					val_mgr->Count(gap_bytes)
+					zeek::val_mgr->Count(current_offset),
+					zeek::val_mgr->Count(gap_bytes)
 				});
 				}
 			}
@@ -604,7 +604,7 @@ void File::Gap(uint64_t offset, uint64_t len)
 		}
 
 	if ( FileEventAvailable(file_gap) )
-		FileEvent(file_gap, {val, val_mgr->Count(offset), val_mgr->Count(len)});
+		FileEvent(file_gap, {val, zeek::val_mgr->Count(offset), zeek::val_mgr->Count(len)});
 
 	analyzers.DrainModifications();
 

src/file_analysis/Manager.cc

@@ -435,7 +435,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
 
 	const auto& tagval = tag.AsVal();
 
-	mgr.Enqueue(get_file_handle, tagval, c->ConnVal(), val_mgr->Bool(is_orig));
+	mgr.Enqueue(get_file_handle, tagval, c->ConnVal(), zeek::val_mgr->Bool(is_orig));
 	mgr.Drain(); // need file handle immediately so we don't have to buffer data
 	return current_file_id;
 	}
@@ -445,7 +445,7 @@ bool Manager::IsDisabled(const analyzer::Tag& tag)
 	if ( ! disabled )
 		disabled = zeek::id::find_const("Files::disable")->AsTableVal();
 
-	auto index = val_mgr->Count(bool(tag));
+	auto index = zeek::val_mgr->Count(bool(tag));
 	auto yield = disabled->FindOrDefault(index);
 
 	if ( ! yield )
@@ -531,7 +531,7 @@ zeek::VectorValPtr file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matc
 		for ( set<string>::const_iterator it2 = it->second.begin();
 		      it2 != it->second.end(); ++it2 )
 			{
-			element->Assign(0, val_mgr->Int(it->first));
+			element->Assign(0, zeek::val_mgr->Int(it->first));
 			element->Assign(1, zeek::make_intrusive<zeek::StringVal>(*it2));
 			}
 

src/file_analysis/analyzer/data_event/DataEvent.cc

@@ -46,7 +46,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
 	mgr.Enqueue(chunk_event,
 	            GetFile()->ToVal(),
 	            zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data, len, false)),
-	            val_mgr->Count(offset)
+	            zeek::val_mgr->Count(offset)
 	);
 
 	return true;

src/file_analysis/analyzer/extract/Extract.cc

@@ -96,8 +96,8 @@ bool Extract::DeliverStream(const u_char* data, uint64_t len)
 		f->FileEvent(file_extraction_limit, {
 			f->ToVal(),
 			GetArgs(),
-			val_mgr->Count(limit),
-			val_mgr->Count(len)
+			zeek::val_mgr->Count(limit),
+			zeek::val_mgr->Count(len)
 		});
 
 		// Limit may have been modified by a BIF, re-check it.

src/file_analysis/analyzer/extract/functions.bif

@@ -14,7 +14,7 @@ function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool
 	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
 	bool result = file_mgr->SetExtractionLimit(file_id->CheckString(),
 	                                           std::move(rv), n);
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 module GLOBAL;

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -15,7 +15,7 @@ zeek::VectorValPtr process_rvas(const RVAS* rva_table)
 	auto rvas = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
 
 	for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
-		rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
+		rvas->Assign(i, zeek::val_mgr->Count((*rva_table->rvas())[i]->size()));
 
 	return rvas;
 	}
@@ -29,7 +29,7 @@ zeek::TableValPtr characteristics_to_bro(uint32_t c, uint8_t len)
 		{
 		if ( ((c >> i) & 0x1) == 1 )
 			{
-			auto ch = val_mgr->Count((1<<i)&mask);
+			auto ch = zeek::val_mgr->Count((1<<i)&mask);
 			char_set->Assign(std::move(ch), 0);
 			}
 		}
@@ -48,22 +48,22 @@ refine flow File += {
 			{
 			auto dh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::DOSHeader);
 			dh->Assign(0, zeek::make_intrusive<zeek::StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
-			dh->Assign(1, val_mgr->Count(${h.UsedBytesInTheLastPage}));
-			dh->Assign(2, val_mgr->Count(${h.FileSizeInPages}));
-			dh->Assign(3, val_mgr->Count(${h.NumberOfRelocationItems}));
-			dh->Assign(4, val_mgr->Count(${h.HeaderSizeInParagraphs}));
-			dh->Assign(5, val_mgr->Count(${h.MinimumExtraParagraphs}));
-			dh->Assign(6, val_mgr->Count(${h.MaximumExtraParagraphs}));
-			dh->Assign(7, val_mgr->Count(${h.InitialRelativeSS}));
-			dh->Assign(8, val_mgr->Count(${h.InitialSP}));
-			dh->Assign(9, val_mgr->Count(${h.Checksum}));
-			dh->Assign(10, val_mgr->Count(${h.InitialIP}));
-			dh->Assign(11, val_mgr->Count(${h.InitialRelativeCS}));
-			dh->Assign(12, val_mgr->Count(${h.AddressOfRelocationTable}));
-			dh->Assign(13, val_mgr->Count(${h.OverlayNumber}));
-			dh->Assign(14, val_mgr->Count(${h.OEMid}));
-			dh->Assign(15, val_mgr->Count(${h.OEMinfo}));
-			dh->Assign(16, val_mgr->Count(${h.AddressOfNewExeHeader}));
+			dh->Assign(1, zeek::val_mgr->Count(${h.UsedBytesInTheLastPage}));
+			dh->Assign(2, zeek::val_mgr->Count(${h.FileSizeInPages}));
+			dh->Assign(3, zeek::val_mgr->Count(${h.NumberOfRelocationItems}));
+			dh->Assign(4, zeek::val_mgr->Count(${h.HeaderSizeInParagraphs}));
+			dh->Assign(5, zeek::val_mgr->Count(${h.MinimumExtraParagraphs}));
+			dh->Assign(6, zeek::val_mgr->Count(${h.MaximumExtraParagraphs}));
+			dh->Assign(7, zeek::val_mgr->Count(${h.InitialRelativeSS}));
+			dh->Assign(8, zeek::val_mgr->Count(${h.InitialSP}));
+			dh->Assign(9, zeek::val_mgr->Count(${h.Checksum}));
+			dh->Assign(10, zeek::val_mgr->Count(${h.InitialIP}));
+			dh->Assign(11, zeek::val_mgr->Count(${h.InitialRelativeCS}));
+			dh->Assign(12, zeek::val_mgr->Count(${h.AddressOfRelocationTable}));
+			dh->Assign(13, zeek::val_mgr->Count(${h.OverlayNumber}));
+			dh->Assign(14, zeek::val_mgr->Count(${h.OEMid}));
+			dh->Assign(15, zeek::val_mgr->Count(${h.OEMinfo}));
+			dh->Assign(16, zeek::val_mgr->Count(${h.AddressOfNewExeHeader}));
 
 			mgr.Enqueue(pe_dos_header,
 			    connection()->bro_analyzer()->GetFile()->ToVal(),
@@ -97,11 +97,11 @@ refine flow File += {
 		if ( pe_file_header )
 			{
 			auto fh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::FileHeader);
-			fh->Assign(0, val_mgr->Count(${h.Machine}));
+			fh->Assign(0, zeek::val_mgr->Count(${h.Machine}));
 			fh->Assign(1, zeek::make_intrusive<zeek::TimeVal>(static_cast<double>(${h.TimeDateStamp})));
-			fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable}));
-			fh->Assign(3, val_mgr->Count(${h.NumberOfSymbols}));
-			fh->Assign(4, val_mgr->Count(${h.SizeOfOptionalHeader}));
+			fh->Assign(2, zeek::val_mgr->Count(${h.PointerToSymbolTable}));
+			fh->Assign(3, zeek::val_mgr->Count(${h.NumberOfSymbols}));
+			fh->Assign(4, zeek::val_mgr->Count(${h.SizeOfOptionalHeader}));
 			fh->Assign(5, characteristics_to_bro(${h.Characteristics}, 16));
 
 			mgr.Enqueue(pe_file_header,
@@ -126,31 +126,31 @@ refine flow File += {
 			{
 			auto oh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::OptionalHeader);
 
-			oh->Assign(0, val_mgr->Count(${h.magic}));
-			oh->Assign(1, val_mgr->Count(${h.major_linker_version}));
-			oh->Assign(2, val_mgr->Count(${h.minor_linker_version}));
-			oh->Assign(3, val_mgr->Count(${h.size_of_code}));
-			oh->Assign(4, val_mgr->Count(${h.size_of_init_data}));
-			oh->Assign(5, val_mgr->Count(${h.size_of_uninit_data}));
-			oh->Assign(6, val_mgr->Count(${h.addr_of_entry_point}));
-			oh->Assign(7, val_mgr->Count(${h.base_of_code}));
+			oh->Assign(0, zeek::val_mgr->Count(${h.magic}));
+			oh->Assign(1, zeek::val_mgr->Count(${h.major_linker_version}));
+			oh->Assign(2, zeek::val_mgr->Count(${h.minor_linker_version}));
+			oh->Assign(3, zeek::val_mgr->Count(${h.size_of_code}));
+			oh->Assign(4, zeek::val_mgr->Count(${h.size_of_init_data}));
+			oh->Assign(5, zeek::val_mgr->Count(${h.size_of_uninit_data}));
+			oh->Assign(6, zeek::val_mgr->Count(${h.addr_of_entry_point}));
+			oh->Assign(7, zeek::val_mgr->Count(${h.base_of_code}));
 
 			if ( ${h.pe_format} != PE32_PLUS )
-				oh->Assign(8, val_mgr->Count(${h.base_of_data}));
+				oh->Assign(8, zeek::val_mgr->Count(${h.base_of_data}));
 
-			oh->Assign(9, val_mgr->Count(${h.image_base}));
-			oh->Assign(10, val_mgr->Count(${h.section_alignment}));
-			oh->Assign(11, val_mgr->Count(${h.file_alignment}));
-			oh->Assign(12, val_mgr->Count(${h.os_version_major}));
-			oh->Assign(13, val_mgr->Count(${h.os_version_minor}));
-			oh->Assign(14, val_mgr->Count(${h.major_image_version}));
-			oh->Assign(15, val_mgr->Count(${h.minor_image_version}));
-			oh->Assign(16, val_mgr->Count(${h.minor_subsys_version}));
-			oh->Assign(17, val_mgr->Count(${h.minor_subsys_version}));
-			oh->Assign(18, val_mgr->Count(${h.size_of_image}));
-			oh->Assign(19, val_mgr->Count(${h.size_of_headers}));
-			oh->Assign(20, val_mgr->Count(${h.checksum}));
-			oh->Assign(21, val_mgr->Count(${h.subsystem}));
+			oh->Assign(9, zeek::val_mgr->Count(${h.image_base}));
+			oh->Assign(10, zeek::val_mgr->Count(${h.section_alignment}));
+			oh->Assign(11, zeek::val_mgr->Count(${h.file_alignment}));
+			oh->Assign(12, zeek::val_mgr->Count(${h.os_version_major}));
+			oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor}));
+			oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version}));
+			oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version}));
+			oh->Assign(16, zeek::val_mgr->Count(${h.minor_subsys_version}));
+			oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version}));
+			oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image}));
+			oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));
+			oh->Assign(20, zeek::val_mgr->Count(${h.checksum}));
+			oh->Assign(21, zeek::val_mgr->Count(${h.subsystem}));
 			oh->Assign(22, characteristics_to_bro(${h.dll_characteristics}, 16));
 
 			oh->Assign(23, process_rvas(${h.rvas}));
@@ -177,14 +177,14 @@ refine flow File += {
 				name_len = first_null - ${h.name}.data();
 			section_header->Assign(0, zeek::make_intrusive<zeek::StringVal>(name_len, (const char*) ${h.name}.data()));
 
-			section_header->Assign(1, val_mgr->Count(${h.virtual_size}));
-			section_header->Assign(2, val_mgr->Count(${h.virtual_addr}));
-			section_header->Assign(3, val_mgr->Count(${h.size_of_raw_data}));
-			section_header->Assign(4, val_mgr->Count(${h.ptr_to_raw_data}));
-			section_header->Assign(5, val_mgr->Count(${h.non_used_ptr_to_relocs}));
-			section_header->Assign(6, val_mgr->Count(${h.non_used_ptr_to_line_nums}));
-			section_header->Assign(7, val_mgr->Count(${h.non_used_num_of_relocs}));
-			section_header->Assign(8, val_mgr->Count(${h.non_used_num_of_line_nums}));
+			section_header->Assign(1, zeek::val_mgr->Count(${h.virtual_size}));
+			section_header->Assign(2, zeek::val_mgr->Count(${h.virtual_addr}));
+			section_header->Assign(3, zeek::val_mgr->Count(${h.size_of_raw_data}));
+			section_header->Assign(4, zeek::val_mgr->Count(${h.ptr_to_raw_data}));
+			section_header->Assign(5, zeek::val_mgr->Count(${h.non_used_ptr_to_relocs}));
+			section_header->Assign(6, zeek::val_mgr->Count(${h.non_used_ptr_to_line_nums}));
+			section_header->Assign(7, zeek::val_mgr->Count(${h.non_used_num_of_relocs}));
+			section_header->Assign(8, zeek::val_mgr->Count(${h.non_used_num_of_line_nums}));
 			section_header->Assign(9, characteristics_to_bro(${h.characteristics}, 32));
 
 			mgr.Enqueue(pe_section_header,

src/file_analysis/analyzer/unified2/unified2-analyzer.pac

@@ -35,7 +35,7 @@ zeek::ValPtr binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
 	case 17: proto = TRANSPORT_UDP; break;
 	}
 
-	return val_mgr->Port(n, proto);
+	return zeek::val_mgr->Port(n, proto);
 	}
 %}
 
@@ -72,19 +72,19 @@ refine flow Flow += {
 		if ( ::unified2_event )
 			{
 			auto ids_event = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
-			ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
-			ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
+			ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id}));
+			ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id}));
 			ids_event->Assign(2, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${ev.ts})));
-			ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
-			ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
-			ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
-			ids_event->Assign(6, val_mgr->Count(${ev.classification_id}));
-			ids_event->Assign(7, val_mgr->Count(${ev.priority_id}));
+			ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id}));
+			ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id}));
+			ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
+			ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
+			ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
 			ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
 			ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
 			ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
-			ids_event->Assign(17, val_mgr->Count(${ev.packet_action}));
+			ids_event->Assign(17, zeek::val_mgr->Count(${ev.packet_action}));
 
 			mgr.Enqueue(::unified2_event,
 					connection()->bro_analyzer()->GetFile()->ToVal(),
@@ -98,23 +98,23 @@ refine flow Flow += {
 		if ( ::unified2_event )
 			{
 			auto ids_event = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
-			ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
-			ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
+			ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id}));
+			ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id}));
 			ids_event->Assign(2, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${ev.ts})));
-			ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
-			ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
-			ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
-			ids_event->Assign(6, val_mgr->Count(${ev.classification_id}));
-			ids_event->Assign(7, val_mgr->Count(${ev.priority_id}));
+			ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id}));
+			ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id}));
+			ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
+			ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
+			ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
 			ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
 			ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
 			ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
-			ids_event->Assign(12, val_mgr->Count(${ev.impact_flag}));
-			ids_event->Assign(13, val_mgr->Count(${ev.impact}));
-			ids_event->Assign(14, val_mgr->Count(${ev.blocked}));
-			ids_event->Assign(15, val_mgr->Count(${ev.mpls_label}));
-			ids_event->Assign(16, val_mgr->Count(${ev.vlan_id}));
+			ids_event->Assign(12, zeek::val_mgr->Count(${ev.impact_flag}));
+			ids_event->Assign(13, zeek::val_mgr->Count(${ev.impact}));
+			ids_event->Assign(14, zeek::val_mgr->Count(${ev.blocked}));
+			ids_event->Assign(15, zeek::val_mgr->Count(${ev.mpls_label}));
+			ids_event->Assign(16, zeek::val_mgr->Count(${ev.vlan_id}));
 
 			mgr.Enqueue(::unified2_event,
 					connection()->bro_analyzer()->GetFile()->ToVal(),
@@ -129,11 +129,11 @@ refine flow Flow += {
 		if ( ::unified2_packet )
 			{
 			auto packet = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::Packet);
-			packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
-			packet->Assign(1, val_mgr->Count(${pkt.event_id}));
-			packet->Assign(2, val_mgr->Count(${pkt.event_second}));
+			packet->Assign(0, zeek::val_mgr->Count(${pkt.sensor_id}));
+			packet->Assign(1, zeek::val_mgr->Count(${pkt.event_id}));
+			packet->Assign(2, zeek::val_mgr->Count(${pkt.event_second}));
 			packet->Assign(3, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${pkt.packet_ts})));
-			packet->Assign(4, val_mgr->Count(${pkt.link_type}));
+			packet->Assign(4, zeek::val_mgr->Count(${pkt.link_type}));
 			packet->Assign(5, to_stringval(${pkt.packet_data}));
 
 			mgr.Enqueue(::unified2_packet,

src/file_analysis/analyzer/x509/OCSP.cc

@@ -80,10 +80,10 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi
 	if ( ! res )
 		{
 		reporter->Weird("OpenSSL failed to get OCSP_CERTID info");
-		vl->emplace_back(val_mgr->EmptyString());
-		vl->emplace_back(val_mgr->EmptyString());
-		vl->emplace_back(val_mgr->EmptyString());
-		vl->emplace_back(val_mgr->EmptyString());
+		vl->emplace_back(zeek::val_mgr->EmptyString());
+		vl->emplace_back(zeek::val_mgr->EmptyString());
+		vl->emplace_back(zeek::val_mgr->EmptyString());
+		vl->emplace_back(zeek::val_mgr->EmptyString());
 		return false;
 		}
 
@@ -219,7 +219,7 @@ static zeek::StringValPtr parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
 	der_basic_resp_len = i2d_OCSP_BASICRESP(basic_resp, &der_basic_resp_dat);
 
 	if ( der_basic_resp_len <= 0 )
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 
 	const unsigned char* const_der_basic_resp_dat = der_basic_resp_dat;
 
@@ -228,13 +228,13 @@ static zeek::StringValPtr parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
 	if ( ! bseq )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 		}
 
 	if ( sk_ASN1_TYPE_num(bseq) < 3 )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 		}
 
 	auto constexpr sig_alg_idx = 1u;
@@ -243,7 +243,7 @@ static zeek::StringValPtr parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
 	if ( ASN1_TYPE_get(aseq_type) != V_ASN1_SEQUENCE )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 		}
 
 	auto aseq_str = aseq_type->value.asn1_string;
@@ -255,13 +255,13 @@ static zeek::StringValPtr parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
 	if ( ! aseq )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 		}
 
 	if ( sk_ASN1_TYPE_num(aseq) < 1 )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 		}
 
 	auto constexpr alg_obj_idx = 0u;
@@ -270,7 +270,7 @@ static zeek::StringValPtr parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
 	if ( ASN1_TYPE_get(alg_obj_type) != V_ASN1_OBJECT )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 		}
 
 	auto alg_obj = alg_obj_type->value.object;
@@ -291,7 +291,7 @@ static zeek::ValPtr parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
 	der_basic_resp_len = i2d_OCSP_BASICRESP(basic_resp, &der_basic_resp_dat);
 
 	if ( der_basic_resp_len <= 0 )
-		return val_mgr->Count(-1);
+		return zeek::val_mgr->Count(-1);
 
 	const unsigned char* const_der_basic_resp_dat = der_basic_resp_dat;
 
@@ -300,13 +300,13 @@ static zeek::ValPtr parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
 	if ( ! bseq )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->Count(-1);
+		return zeek::val_mgr->Count(-1);
 		}
 
 	if ( sk_ASN1_TYPE_num(bseq) < 3 )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->Count(-1);
+		return zeek::val_mgr->Count(-1);
 		}
 
 	auto constexpr resp_data_idx = 0u;
@@ -315,7 +315,7 @@ static zeek::ValPtr parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
 	if ( ASN1_TYPE_get(dseq_type) != V_ASN1_SEQUENCE )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->Count(-1);
+		return zeek::val_mgr->Count(-1);
 		}
 
 	auto dseq_str = dseq_type->value.asn1_string;
@@ -327,13 +327,13 @@ static zeek::ValPtr parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
 	if ( ! dseq )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->Count(-1);
+		return zeek::val_mgr->Count(-1);
 		}
 
 	if ( sk_ASN1_TYPE_num(dseq) < 1 )
 		{
 		OPENSSL_free(der_basic_resp_dat);
-		return val_mgr->Count(-1);
+		return zeek::val_mgr->Count(-1);
 		}
 
 /*-  ResponseData ::= SEQUENCE {
@@ -351,12 +351,12 @@ static zeek::ValPtr parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
 		{
 		OPENSSL_free(der_basic_resp_dat);
 		// Not present, use default value.
-		return val_mgr->Count(0);
+		return zeek::val_mgr->Count(0);
 		}
 
 	uint64_t asn1_int = ASN1_INTEGER_get(version_type->value.integer);
 	OPENSSL_free(der_basic_resp_dat);
-	return val_mgr->Count(asn1_int);
+	return zeek::val_mgr->Count(asn1_int);
 	}
 
 static uint64_t parse_request_version(OCSP_REQUEST* req)
@@ -417,7 +417,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
 	if ( ocsp_request )
 		mgr.Enqueue(ocsp_request,
 			GetFile()->ToVal(),
-			val_mgr->Count(version)
+			zeek::val_mgr->Count(version)
 		);
 
 	BIO *bio = BIO_new(BIO_s_mem());
@@ -492,7 +492,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 	vl.emplace_back(std::move(status_val));
 
 #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
-	vl.emplace_back(val_mgr->Count((uint64_t)ASN1_INTEGER_get(resp_data->version)));
+	vl.emplace_back(zeek::val_mgr->Count((uint64_t)ASN1_INTEGER_get(resp_data->version)));
 #else
 	vl.emplace_back(parse_basic_resp_data_version(basic_resp));
 #endif
@@ -507,7 +507,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 	else
 		{
 		reporter->Weird("OpenSSL failed to get OCSP responder id");
-		vl.emplace_back(val_mgr->EmptyString());
+		vl.emplace_back(zeek::val_mgr->EmptyString());
 		}
 
 	// producedAt

src/file_analysis/analyzer/x509/X509.cc

@@ -123,7 +123,7 @@ zeek::RecordValPtr file_analysis::X509::ParseCertificate(X509Val* cert_val, File
 	auto pX509Cert = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::X509::Certificate);
 	BIO *bio = BIO_new(BIO_s_mem());
 
-	pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
+	pX509Cert->Assign(0, zeek::val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
 	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
 	int len = BIO_read(bio, buf, sizeof(buf));
 	pX509Cert->Assign(1, zeek::make_intrusive<zeek::StringVal>(len, buf));
@@ -231,7 +231,7 @@ zeek::RecordValPtr file_analysis::X509::ParseCertificate(X509Val* cert_val, File
 
 		unsigned int length = KeyLength(pkey);
 		if ( length > 0 )
-			pX509Cert->Assign(10, val_mgr->Count(length));
+			pX509Cert->Assign(10, zeek::val_mgr->Count(length));
 
 		EVP_PKEY_free(pkey);
 		}
@@ -291,10 +291,10 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 		if ( x509_ext_basic_constraints )
 			{
 			auto pBasicConstraint = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::X509::BasicConstraints);
-			pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca));
+			pBasicConstraint->Assign(0, zeek::val_mgr->Bool(constr->ca));
 
 			if ( constr->pathlen )
-				pBasicConstraint->Assign(1, val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen)));
+				pBasicConstraint->Assign(1, zeek::val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen)));
 
 			mgr.Enqueue(x509_ext_basic_constraints,
 				GetFile()->ToVal(),
@@ -435,7 +435,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 		if ( ips != nullptr )
 			sanExt->Assign(3, ips);
 
-		sanExt->Assign(4, val_mgr->Bool(otherfields));
+		sanExt->Assign(4, zeek::val_mgr->Bool(otherfields));
 
 		mgr.Enqueue(x509_ext_subject_alternative_name,
 		            GetFile()->ToVal(),

src/file_analysis/analyzer/x509/X509Common.cc

@@ -277,7 +277,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
 		pX509Ext->Assign(1, zeek::make_intrusive<zeek::StringVal>(short_name));
 
 	pX509Ext->Assign(2, zeek::make_intrusive<zeek::StringVal>(oid));
-	pX509Ext->Assign(3, val_mgr->Bool(critical));
+	pX509Ext->Assign(3, zeek::val_mgr->Bool(critical));
 	pX509Ext->Assign(4, ext_val);
 
 	// send off generic extension event
@@ -290,7 +290,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
 	if ( h == ocsp_extension )
 		mgr.Enqueue(h, GetFile()->ToVal(),
 					std::move(pX509Ext),
-					val_mgr->Bool(global));
+					zeek::val_mgr->Bool(global));
 	else
 		mgr.Enqueue(h, GetFile()->ToVal(), std::move(pX509Ext));
 
@@ -316,7 +316,7 @@ zeek::StringValPtr file_analysis::X509Common::GetExtensionFromBIO(BIO* bio, File
 	if ( length == 0 )
 		{
 		BIO_free_all(bio);
-		return val_mgr->EmptyString();
+		return zeek::val_mgr->EmptyString();
 		}
 
 	char* buffer = (char*) malloc(length);

src/file_analysis/analyzer/x509/functions.bif

@@ -15,7 +15,7 @@ static zeek::RecordValPtr x509_result_record(uint64_t num, const char* reason, z
 	{
 	auto rrecord = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::X509::Result);
 
-	rrecord->Assign(0, val_mgr->Int(num));
+	rrecord->Assign(0, zeek::val_mgr->Int(num));
 	rrecord->Assign(1, zeek::make_intrusive<zeek::StringVal>(reason));
 	if ( chainVector )
 		rrecord->Assign(2, std::move(chainVector));
@@ -193,7 +193,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
 	auto ext_val = file_analysis::X509::GetExtensionFromBIO(bio);
 
 	if ( ! ext_val )
-		ext_val = val_mgr->EmptyString();
+		ext_val = zeek::val_mgr->EmptyString();
 
 	return ext_val;
 	%}
@@ -624,7 +624,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 	if ( precert && issuer_key_hash->Len() != 32)
 		{
 		reporter->Error("Invalid issuer_key_hash length");
-		return val_mgr->False();
+		return zeek::val_mgr->False();
 		}
 
 	std::string data;
@@ -648,7 +648,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 		if ( pos < 0 )
 			{
 			reporter->Error("NID_ct_precert_scts not found");
-			return val_mgr->False();
+			return zeek::val_mgr->False();
 			}
 #else
 		int num_ext = X509_get_ext_count(x);
@@ -743,7 +743,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 	EVP_MD_CTX_destroy(mdctx);
 	EVP_PKEY_free(key);
 
-	return val_mgr->Bool(success);
+	return zeek::val_mgr->Bool(success);
 
 sct_verify_err:
 	if (mdctx)
@@ -752,7 +752,7 @@ sct_verify_err:
 		EVP_PKEY_free(key);
 
 	reporter->Error("%s", errstr.c_str());
-	return val_mgr->False();
+	return zeek::val_mgr->False();
 	%}
 
 
@@ -903,7 +903,7 @@ function x509_set_certificate_cache%(tbl: string_any_table%) : bool
 	%{
 	file_analysis::X509::SetCertificateCache({zeek::NewRef{}, tbl->AsTableVal()});
 
-	return val_mgr->True();
+	return zeek::val_mgr->True();
 	%}
 
 ## This function sets up the callback that is called when an entry is matched against the table set
@@ -921,5 +921,5 @@ function x509_set_certificate_cache_hit_callback%(f: string_any_file_hook%) : bo
 	%{
 	file_analysis::X509::SetCertificateCacheHitCallback({zeek::NewRef{}, f->AsFunc()});
 
-	return val_mgr->True();
+	return zeek::val_mgr->True();
 	%}

src/file_analysis/analyzer/x509/x509-extension.pac

@@ -40,11 +40,11 @@ refine connection MockConnection += {
 
 		mgr.Enqueue(x509_ocsp_ext_signed_certificate_timestamp,
 			bro_analyzer()->GetFile()->ToVal(),
-			val_mgr->Count(version),
+			zeek::val_mgr->Count(version),
 			zeek::make_intrusive<zeek::StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())),
-			val_mgr->Count(timestamp),
-			val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()),
-			val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()),
+			zeek::val_mgr->Count(timestamp),
+			zeek::val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()),
+			zeek::val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()),
 			zeek::make_intrusive<zeek::StringVal>(digitally_signed_signature.length(), reinterpret_cast<const char*>(digitally_signed_signature.begin()))
 			);
 

src/file_analysis/file_analysis.bif

@@ -14,28 +14,28 @@ type AnalyzerArgs: record;
 function Files::__set_timeout_interval%(file_id: string, t: interval%): bool
 	%{
 	bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t);
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 ## :zeek:see:`Files::enable_reassembly`.
 function Files::__enable_reassembly%(file_id: string%): bool
 	%{
 	bool result = file_mgr->EnableReassembly(file_id->CheckString());
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 ## :zeek:see:`Files::disable_reassembly`.
 function Files::__disable_reassembly%(file_id: string%): bool
 	%{
 	bool result = file_mgr->DisableReassembly(file_id->CheckString());
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 ## :zeek:see:`Files::set_reassembly_buffer_size`.
 function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
 	%{
 	bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max);
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 ## :zeek:see:`Files::add_analyzer`.
@@ -46,7 +46,7 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b
 	bool result = file_mgr->AddAnalyzer(file_id->CheckString(),
 	                                    file_mgr->GetComponentTag(tag),
 	                                    std::move(rv));
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 ## :zeek:see:`Files::remove_analyzer`.
@@ -57,14 +57,14 @@ function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%)
 	bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(),
 	                                       file_mgr->GetComponentTag(tag),
 	                                       std::move(rv));
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 ## :zeek:see:`Files::stop`.
 function Files::__stop%(file_id: string%): bool
 	%{
 	bool result = file_mgr->IgnoreFile(file_id->CheckString());
-	return val_mgr->Bool(result);
+	return zeek::val_mgr->Bool(result);
 	%}
 
 ## :zeek:see:`Files::analyzer_name`.
@@ -78,9 +78,9 @@ function Files::__analyzer_name%(tag: Files::Tag%) : string
 function Files::__file_exists%(fuid: string%): bool
 	%{
 	if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr )
-		return val_mgr->True();
+		return zeek::val_mgr->True();
 	else
-		return val_mgr->False();
+		return zeek::val_mgr->False();
 	%}
 
 ## :zeek:see:`Files::lookup_file`.