Remove uses of deprecated Tag types

2025-10-08 01:28:20 +00:00 · 2021-09-29 10:11:17 -07:00 · 2021-09-29 10:11:17 -07:00 · 8b544d648d
commit 8b544d648d
parent 331161138a
35 changed files with 172 additions and 178 deletions
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -286,7 +286,7 @@ analyzer::Analyzer* Connection::FindAnalyzer(analyzer::ID id)
 	return adapter ? adapter->FindChild(id) : nullptr;
 	}
-analyzer::Analyzer* Connection::FindAnalyzer(const analyzer::Tag& tag)
+analyzer::Analyzer* Connection::FindAnalyzer(const zeek::Tag& tag)
 	{
 	return adapter ? adapter->FindChild(tag) : nullptr;
 	}
--- a/src/Conn.h
+++ b/src/Conn.h
@ -11,12 +11,12 @@
 #include "zeek/IPAddr.h"
 #include "zeek/IntrusivePtr.h"
 #include "zeek/Rule.h"
 #include "zeek/Tag.h"
 #include "zeek/Timer.h"
 #include "zeek/UID.h"
 #include "zeek/WeirdState.h"
 #include "zeek/ZeekArgs.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/Tag.h"
 #include "zeek/iosource/Packet.h"
 #include "zeek/session/Session.h"
@ -136,7 +136,7 @@ public:
 	void FlipRoles();
 	analyzer::Analyzer* FindAnalyzer(analyzer::ID id);
-	analyzer::Analyzer* FindAnalyzer(const analyzer::Tag& tag); // find first in tree.
+	analyzer::Analyzer* FindAnalyzer(const zeek::Tag& tag); // find first in tree.
 	analyzer::Analyzer* FindAnalyzer(const char* name); // find first in tree.
 	TransportProto ConnTransport() const { return proto; }
--- a/src/RuleAction.cc
+++ b/src/RuleAction.cc
@ -67,7 +67,7 @@ RuleActionAnalyzer::RuleActionAnalyzer(const char* arg_analyzer)
 			reporter->Warning("unknown analyzer '%s' specified in rule", arg.c_str());
 		}
 	else
-		child_analyzer = analyzer::Tag();
+		child_analyzer = zeek::Tag();
 	}
 void RuleActionAnalyzer::PrintDebug()
--- a/src/RuleAction.h
+++ b/src/RuleAction.h
@ -73,12 +73,12 @@ public:
 	void PrintDebug() override;
-	analyzer::Tag Analyzer() const { return analyzer; }
+	zeek::Tag Analyzer() const { return analyzer; }
-	analyzer::Tag ChildAnalyzer() const { return child_analyzer; }
+	zeek::Tag ChildAnalyzer() const { return child_analyzer; }
 private:
-	analyzer::Tag analyzer;
+	zeek::Tag analyzer;
-	analyzer::Tag child_analyzer;
+	zeek::Tag child_analyzer;
 	};
 class RuleActionEnable : public RuleActionAnalyzer
--- a/src/analyzer/Analyzer.cc
+++ b/src/analyzer/Analyzer.cc
@ -75,7 +75,7 @@ const char* Analyzer::GetAnalyzerName() const
 	return analyzer_mgr->GetComponentName(tag).c_str();
 	}
-void Analyzer::SetAnalyzerTag(const Tag& arg_tag)
+void Analyzer::SetAnalyzerTag(const zeek::Tag& arg_tag)
 	{
 	assert(! tag || tag == arg_tag);
 	tag = arg_tag;
@ -89,7 +89,7 @@ bool Analyzer::IsAnalyzer(const char* name)
 Analyzer::Analyzer(const char* name, Connection* conn)
 	{
-	Tag tag = analyzer_mgr->GetComponentTag(name);
+	zeek::Tag tag = analyzer_mgr->GetComponentTag(name);
 	if ( ! tag )
 		reporter->InternalError("unknown analyzer name %s; mismatch with tag analyzer::Component?",
@ -98,17 +98,17 @@ Analyzer::Analyzer(const char* name, Connection* conn)
 	CtorInit(tag, conn);
 	}
-Analyzer::Analyzer(const Tag& tag, Connection* conn)
+Analyzer::Analyzer(const zeek::Tag& tag, Connection* conn)
 	{
 	CtorInit(tag, conn);
 	}
 Analyzer::Analyzer(Connection* conn)
 	{
-	CtorInit(Tag(), conn);
+	CtorInit(zeek::Tag(), conn);
 	}
-void Analyzer::CtorInit(const Tag& arg_tag, Connection* arg_conn)
+void Analyzer::CtorInit(const zeek::Tag& arg_tag, Connection* arg_conn)
 	{
 	// Don't Ref conn here to avoid circular ref'ing. It can't be deleted
 	// before us.
@ -411,7 +411,7 @@ bool Analyzer::AddChildAnalyzer(Analyzer* analyzer, bool init)
 	return true;
 	}
-Analyzer* Analyzer::AddChildAnalyzer(const Tag& analyzer)
+Analyzer* Analyzer::AddChildAnalyzer(const zeek::Tag& analyzer)
 	{
 	if ( HasChildAnalyzer(analyzer) )
 		return nullptr;
@ -466,7 +466,7 @@ bool Analyzer::Remove()
 	return removing;
 	}
-void Analyzer::PreventChildren(Tag tag)
+void Analyzer::PreventChildren(zeek::Tag tag)
 	{
 	auto it = std::find(prevented.begin(), prevented.end(), tag);
@ -476,7 +476,7 @@ void Analyzer::PreventChildren(Tag tag)
 	prevented.emplace_back(tag);
 	}
-bool Analyzer::HasChildAnalyzer(Tag tag)
+bool Analyzer::HasChildAnalyzer(zeek::Tag tag)
 	{
 	LOOP_OVER_CHILDREN(i)
 	if ( (*i)->tag == tag )
@ -511,7 +511,7 @@ Analyzer* Analyzer::FindChild(ID arg_id)
 	return nullptr;
 	}
-Analyzer* Analyzer::FindChild(Tag arg_tag)
+Analyzer* Analyzer::FindChild(zeek::Tag arg_tag)
 	{
 	if ( tag == arg_tag )
 		return this;
@ -535,7 +535,7 @@ Analyzer* Analyzer::FindChild(Tag arg_tag)
 Analyzer* Analyzer::FindChild(const char* name)
 	{
-	Tag tag = analyzer_mgr->GetComponentTag(name);
+	zeek::Tag tag = analyzer_mgr->GetComponentTag(name);
 	return tag ? FindChild(tag) : nullptr;
 	}
@ -607,7 +607,7 @@ void Analyzer::RemoveSupportAnalyzer(SupportAnalyzer* analyzer)
 	return;
 	}
-bool Analyzer::HasSupportAnalyzer(const Tag& tag, bool orig)
+bool Analyzer::HasSupportAnalyzer(const zeek::Tag& tag, bool orig)
 	{
 	SupportAnalyzer* s = orig ? orig_supporters : resp_supporters;
 	for ( ; s; s = s->sibling )
@ -677,7 +677,7 @@ void Analyzer::FlipRoles()
 	resp_supporters = tmp;
 	}
-void Analyzer::ProtocolConfirmation(Tag arg_tag)
+void Analyzer::ProtocolConfirmation(zeek::Tag arg_tag)
 	{
 	if ( protocol_confirmed )
 		return;
--- a/src/analyzer/Analyzer.h
+++ b/src/analyzer/Analyzer.h
@ -125,7 +125,7 @@ public:
 	 *
 	 * @param conn The connection the analyzer is associated with.
 	 */
-	Analyzer(const Tag& tag, Connection* conn);
+	Analyzer(const zeek::Tag& tag, Connection* conn);
 	/**
 	 * Constructor. As this version of the constructor does not receive a
@ -357,7 +357,7 @@ public:
 	/**
 	 * Returns the tag associated with the analyzer's type.
 	 */
-	Tag GetAnalyzerTag() const
+	zeek::Tag GetAnalyzerTag() const
 		{
 		assert(tag);
 		return tag;
@ -369,7 +369,7 @@ public:
 	 * did not receive a name or tag. The method cannot be used to change
 	 * an existing tag.
 	 */
-	void SetAnalyzerTag(const Tag& tag);
+	void SetAnalyzerTag(const zeek::Tag& tag);
 	/**
 	 * Returns a textual description of the analyzer's type. This is
@ -405,7 +405,7 @@ public:
 	 * @param tag The type of analyzer to add.
 	 * @return the new analyzer instance that was added.
 	 */
-	Analyzer* AddChildAnalyzer(const Tag& tag);
+	Analyzer* AddChildAnalyzer(const zeek::Tag& tag);
 	/**
 	 * Removes a child analyzer. It's ok for the analyzer to not to be a
@ -434,14 +434,14 @@ public:
 	 *
 	 * @param tag The type of analyzer to prevent.
 	 */
-	void PreventChildren(Tag tag);
+	void PreventChildren(zeek::Tag tag);
 	/**
 	 * Returns true if analyzer has a direct child of a given type.
 	 *
 	 * @param tag The type of analyzer to check for.
 	 */
-	bool HasChildAnalyzer(Tag tag);
+	bool HasChildAnalyzer(zeek::Tag tag);
 	/**
 	 * Recursively searches all (direct or indirect) childs of the
@ -463,7 +463,7 @@ public:
 	 * @return The first analyzer of the given type found, or null if
 	 * none.
 	 */
-	virtual Analyzer* FindChild(Tag tag);
+	virtual Analyzer* FindChild(zeek::Tag tag);
 	/**
 	 * Recursively searches all (direct or indirect) childs of the
@ -533,7 +533,7 @@ public:
 	 * If tag is given, it overrides the analyzer tag passed to the
 	 * scripting layer; the default is the one of the analyzer itself.
 	 */
-	virtual void ProtocolConfirmation(Tag tag = Tag());
+	virtual void ProtocolConfirmation(zeek::Tag tag = zeek::Tag());
 	/**
 	 * Signals Bro's protocol detection that the analyzer has found a
@ -667,7 +667,7 @@ protected:
 	 *
 	 * @param orig True if asking about the originator side.
 	 */
-	bool HasSupportAnalyzer(const Tag& tag, bool orig);
+	bool HasSupportAnalyzer(const zeek::Tag& tag, bool orig);
 	/**
 	 * Returns the first still active support analyzer for the given
@ -711,9 +711,9 @@ private:
 	analyzer_list::iterator DeleteChild(analyzer_list::iterator i);
 	// Helper for the ctors.
-	void CtorInit(const Tag& tag, Connection* conn);
+	void CtorInit(const zeek::Tag& tag, Connection* conn);
-	Tag tag;
+	zeek::Tag tag;
 	ID id;
 	Connection* conn;
@ -726,7 +726,7 @@ private:
 	SupportAnalyzer* resp_supporters;
 	analyzer_list new_children;
-	std::vector<Tag> prevented;
+	std::vector<zeek::Tag> prevented;
 	bool protocol_confirmed;
--- a/src/analyzer/Component.cc
+++ b/src/analyzer/Component.cc
@ -10,7 +10,7 @@ namespace zeek::analyzer
 	{
 Component::Component(const std::string& name, factory_callback arg_factory,
-                     Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial,
+                     zeek::Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial,
                     bool arg_adapter)
 	: plugin::Component(
 		  arg_adapter ? plugin::component::SESSION_ADAPTER : plugin::component::ANALYZER, name),
--- a/src/analyzer/Component.h
+++ b/src/analyzer/Component.h
@ -4,7 +4,7 @@
 #include "zeek/zeek-config.h"
-#include "zeek/analyzer/Tag.h"
+#include "zeek/Tag.h"
 #include "zeek/plugin/Component.h"
 #include "zeek/plugin/TaggedComponent.h"
 #include "zeek/util.h"
@ -45,8 +45,8 @@ public:
 	 *
 	 * @param subtype A subtype associated with this component that
 	 * further distinguishes it. The subtype will be integrated into
-	 * the analyzer::Tag that the manager associates with this analyzer,
+	 * the Tag that the manager associates with this analyzer,
-	 * and analyzer instances can accordingly access it via analyzer::Tag().
+	 * and analyzer instances can accordingly access it via Tag().
 	 * If not used, leave at zero.
 	 *
 	 * @param enabled If false the analyzer starts out as disabled and
@ -62,7 +62,7 @@ public:
 	 * @param adapter If true, this analyzer is a session adapter from
 	 * the packet analyzer framework.
 	 */
-	Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0,
+	Component(const std::string& name, factory_callback factory, zeek::Tag::subtype_t subtype = 0,
 	          bool enabled = true, bool partial = false, bool adapter = false);
 	/**
--- a/src/analyzer/Manager.cc
+++ b/src/analyzer/Manager.cc
@ -123,7 +123,7 @@ void Manager::DumpDebug()
 void Manager::Done() { }
-bool Manager::EnableAnalyzer(const Tag& tag)
+bool Manager::EnableAnalyzer(const zeek::Tag& tag)
 	{
 	Component* p = Lookup(tag);
@ -149,7 +149,7 @@ bool Manager::EnableAnalyzer(EnumVal* val)
 	return true;
 	}
-bool Manager::DisableAnalyzer(const Tag& tag)
+bool Manager::DisableAnalyzer(const zeek::Tag& tag)
 	{
 	Component* p = Lookup(tag);
@ -185,12 +185,12 @@ void Manager::DisableAllAnalyzers()
 		(*i)->SetEnabled(false);
 	}
-analyzer::Tag Manager::GetAnalyzerTag(const char* name)
+zeek::Tag Manager::GetAnalyzerTag(const char* name)
 	{
 	return GetComponentTag(name);
 	}
-bool Manager::IsEnabled(const Tag& tag)
+bool Manager::IsEnabled(const zeek::Tag& tag)
 	{
 	if ( ! tag )
 		return false;
@ -233,7 +233,7 @@ bool Manager::UnregisterAnalyzerForPort(EnumVal* val, PortVal* port)
 	return UnregisterAnalyzerForPort(p->Tag(), port->PortType(), port->Port());
 	}
-bool Manager::RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port)
+bool Manager::RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port)
 	{
 	if ( initialized )
 		return RegisterAnalyzerForPort(std::make_tuple(tag, proto, port));
@ -247,7 +247,7 @@ bool Manager::RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint
 		}
 	}
-bool Manager::RegisterAnalyzerForPort(const std::tuple<Tag, TransportProto, uint32_t>& p)
+bool Manager::RegisterAnalyzerForPort(const std::tuple<zeek::Tag, TransportProto, uint32_t>& p)
 	{
 	const auto& [tag, proto, port] = p;
@ -267,7 +267,7 @@ bool Manager::RegisterAnalyzerForPort(const std::tuple<Tag, TransportProto, uint
 	return ipba->RegisterAnalyzerForPort(tag, port);
 	}
-bool Manager::UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port)
+bool Manager::UnregisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port)
 	{
 	if ( auto i = pending_analyzers_for_ports.find(std::make_tuple(tag, proto, port));
 	     i != pending_analyzers_for_ports.end() )
@ -289,7 +289,7 @@ bool Manager::UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, ui
 	return ipba->UnregisterAnalyzerForPort(tag, port);
 	}
-Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, Connection* conn)
+Analyzer* Manager::InstantiateAnalyzer(const zeek::Tag& tag, Connection* conn)
 	{
 	Component* c = Lookup(tag);
@ -324,7 +324,7 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, Connection* conn)
 Analyzer* Manager::InstantiateAnalyzer(const char* name, Connection* conn)
 	{
-	Tag tag = GetComponentTag(name);
+	zeek::Tag tag = GetComponentTag(name);
 	return tag ? InstantiateAnalyzer(tag, conn) : nullptr;
 	}
@ -367,7 +367,7 @@ void Manager::ExpireScheduledAnalyzers()
 	}
 void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
-                               TransportProto proto, const Tag& analyzer, double timeout)
+                               TransportProto proto, const zeek::Tag& analyzer, double timeout)
 	{
 	if ( ! run_state::network_time )
 		{
@ -392,9 +392,9 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t
 void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
                               TransportProto proto, const char* analyzer, double timeout)
 	{
-	Tag tag = GetComponentTag(analyzer);
+	zeek::Tag tag = GetComponentTag(analyzer);
-	if ( tag != Tag() )
+	if ( tag != zeek::Tag() )
 		ScheduleAnalyzer(orig, resp, resp_p, proto, tag, timeout);
 	}
@ -402,8 +402,8 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, PortVal*
                               Val* analyzer, double timeout)
 	{
 	EnumValPtr ev{NewRef{}, analyzer->AsEnumVal()};
-	return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(), Tag(std::move(ev)),
+	return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(),
-	                        timeout);
+	                        zeek::Tag(std::move(ev)), timeout);
 	}
 Manager::tag_set Manager::GetScheduled(const Connection* conn)
--- a/src/analyzer/Manager.h
+++ b/src/analyzer/Manager.h
@ -25,9 +25,9 @@
 #include "zeek/Dict.h"
 #include "zeek/IP.h"
 #include "zeek/Tag.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/Component.h"
 #include "zeek/analyzer/Tag.h"
 #include "zeek/analyzer/analyzer.bif.h"
 #include "zeek/net_util.h"
 #include "zeek/plugin/ComponentManager.h"
@ -50,7 +50,7 @@ namespace analyzer
 * Class maintaining and scheduling available protocol analyzers.
 *
 * The manager maintains a registry of all available protocol analyzers,
- * including a mapping between their textual names and analyzer::Tag. It
+ * including a mapping between their textual names and Tag. It
 * instantantiates new analyzers on demand. For new connections, the manager
 * sets up their initial analyzer tree, including adding the right \c PIA,
 * respecting well-known ports, and tracking any analyzers specifically
@ -95,14 +95,14 @@ public:
 	 *
 	 * @return True if successful.
 	 */
-	bool EnableAnalyzer(const Tag& tag);
+	bool EnableAnalyzer(const zeek::Tag& tag);
 	/**
 	 * Enables an analyzer type. Only enabled analyzers will be
 	 * instantiated for new connections.
 	 *
 	 * @param tag The analyzer's tag as an enum of script type \c
-	 * Analyzer::Tag.
+	 * Tag.
 	 *
 	 * @return True if successful.
 	 */
@ -116,14 +116,14 @@ public:
 	 *
 	 * @return True if successful.
 	 */
-	bool DisableAnalyzer(const Tag& tag);
+	bool DisableAnalyzer(const zeek::Tag& tag);
 	/**
 	 * Disables an analyzer type. Disabled analyzers will not be
 	 * instantiated for new connections.
 	 *
 	 * @param tag The analyzer's tag as an enum of script type \c
-	 * Analyzer::Tag.
+	 * Tag.
 	 *
 	 * @return True if successful.
 	 */
@ -140,20 +140,20 @@ public:
 	 *
 	 * @param name The canonical analyzer name to check.
 	 */
-	Tag GetAnalyzerTag(const char* name);
+	zeek::Tag GetAnalyzerTag(const char* name);
 	/**
 	 * Returns true if an analyzer is enabled.
 	 *
 	 * @param tag The analyzer's tag.
 	 */
-	bool IsEnabled(const Tag& tag);
+	bool IsEnabled(const zeek::Tag& tag);
 	/**
 	 * Returns true if an analyzer is enabled.
 	 *
 	 * @param tag The analyzer's tag as an enum of script type \c
-	 * Analyzer::Tag.
+	 * Tag.
 	 */
 	bool IsEnabled(EnumVal* tag);
@ -163,7 +163,7 @@ public:
 	 * assigned.
 	 *
 	 * @param tag The analyzer's tag as an enum of script type \c
-	 * Analyzer::Tag.
+	 * Tag.
 	 *
 	 * @param port The well-known port.
 	 *
@ -184,13 +184,13 @@ public:
 	 *
 	 * @return True if successful.
 	 */
-	bool RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port);
+	bool RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port);
 	/**
 	 * Unregisters a well-known port for an anlyzers.
 	 *
 	 * @param tag The analyzer's tag as an enum of script type \c
-	 * Analyzer::Tag.
+	 * Tag.
 	 *
 	 * @param port The well-known port.
 	 *
@ -210,9 +210,9 @@ public:
 	 * @param port The port's number.
 	 *
 	 * @param tag The analyzer's tag as an enum of script type \c
-	 * Analyzer::Tag.
+	 * Tag.
 	 */
-	bool UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port);
+	bool UnregisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port);
 	/**
 	 * Instantiates a new analyzer instance for a connection.
@ -226,7 +226,7 @@ public:
 	 * null if tag is invalid, the requested analyzer is disabled, or the
 	 * analyzer can't be instantiated.
 	 */
-	Analyzer* InstantiateAnalyzer(const Tag& tag, Connection* c);
+	Analyzer* InstantiateAnalyzer(const zeek::Tag& tag, Connection* c);
 	/**
 	 * Instantiates a new analyzer instance for a connection.
@ -263,7 +263,7 @@ public:
 	 * schedule this analyzer. Must be non-zero.
 	 */
 	void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
-	                      TransportProto proto, const Tag& analyzer, double timeout);
+	                      TransportProto proto, const zeek::Tag& analyzer, double timeout);
 	/**
 	 * Schedules a particular analyzer for an upcoming connection. Once
@ -321,7 +321,7 @@ public:
 	 * @param resp_p The connection's anticipated responder port.
 	 *
 	 * @param analyzer The analyzer to use once the connection is seen as
-	 * an enum value of script-type \c Analyzer::Tag.
+	 * an enum value of script-type \c Tag.
 	 *
 	 * @param timeout An interval after which to timeout the request to
 	 * schedule this analyzer. Must be non-zero.
@ -336,11 +336,11 @@ public:
 private:
 	// Internal version that must be used only once InitPostScript has completed.
-	bool RegisterAnalyzerForPort(const std::tuple<Tag, TransportProto, uint32_t>& p);
+	bool RegisterAnalyzerForPort(const std::tuple<zeek::Tag, TransportProto, uint32_t>& p);
 	friend class packet_analysis::IP::IPBasedAnalyzer;
-	using tag_set = std::set<Tag>;
+	using tag_set = std::set<zeek::Tag>;
 	tag_set GetScheduled(const Connection* conn);
 	void ExpireScheduledAnalyzers();
@ -365,7 +365,7 @@ private:
 	struct ScheduledAnalyzer
 		{
 		ConnIndex conn;
-		Tag analyzer;
+		zeek::Tag analyzer;
 		double timeout;
 		struct Comparator
@ -377,7 +377,7 @@ private:
 			};
 		};
-	using protocol_analyzers = std::set<std::tuple<Tag, TransportProto, uint32_t>>;
+	using protocol_analyzers = std::set<std::tuple<zeek::Tag, TransportProto, uint32_t>>;
 	using conns_map = std::multimap<ConnIndex, ScheduledAnalyzer*>;
 	using conns_queue = std::priority_queue<ScheduledAnalyzer*, std::vector<ScheduledAnalyzer*>,
 	                                        ScheduledAnalyzer::Comparator>;
--- a/src/analyzer/analyzer.bif
+++ b/src/analyzer/analyzer.bif
@ -46,6 +46,6 @@ function __name%(atype: Analyzer::Tag%) : string
 function __tag%(name: string%) : Analyzer::Tag
 	%{
-	analyzer::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString());
+	zeek::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString());
 	return t.AsVal();
 	%}
--- a/src/analyzer/protocol/pia/PIA.cc
+++ b/src/analyzer/protocol/pia/PIA.cc
@ -147,7 +147,7 @@ void PIA::DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol,
 	                                      clear_state);
 	}
-void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule)
+void PIA_UDP::ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule)
 	{
 	if ( pkt_buffer.state == MATCHING_ONLY )
 		{
@ -181,7 +181,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule
 	ReplayPacketBuffer(a);
 	}
-void PIA_UDP::DeactivateAnalyzer(analyzer::Tag tag)
+void PIA_UDP::DeactivateAnalyzer(zeek::Tag tag)
 	{
 	reporter->InternalError("PIA_UDP::Deact not implemented yet");
 	}
@ -307,7 +307,7 @@ void PIA_TCP::Undelivered(uint64_t seq, int len, bool is_orig)
 		}
 	}
-void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule)
+void PIA_TCP::ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule)
 	{
 	if ( stream_buffer.state == MATCHING_ONLY )
 		{
@ -429,7 +429,7 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule
 	tcp->SetReassembler(reass_orig, reass_resp);
 	}
-void PIA_TCP::DeactivateAnalyzer(analyzer::Tag tag)
+void PIA_TCP::DeactivateAnalyzer(zeek::Tag tag)
 	{
 	reporter->InternalError("PIA_TCP::Deact not implemented yet");
 	}
--- a/src/analyzer/protocol/pia/PIA.h
+++ b/src/analyzer/protocol/pia/PIA.h
@ -29,10 +29,10 @@ public:
 	// Called when PIA wants to put an Analyzer in charge.  rule is the
 	// signature that triggered the activitation, if any.
-	virtual void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0;
+	virtual void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0;
 	// Called when PIA wants to remove an Analyzer.
-	virtual void DeactivateAnalyzer(analyzer::Tag tag) = 0;
+	virtual void DeactivateAnalyzer(zeek::Tag tag) = 0;
 	void Match(zeek::detail::Rule::PatternType type, const u_char* data, int len, bool is_orig,
 	           bool bol, bool eol, bool clear_state);
@ -129,8 +129,8 @@ protected:
 		PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true);
 		}
-	void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule) override;
+	void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule) override;
-	void DeactivateAnalyzer(analyzer::Tag tag) override;
+	void DeactivateAnalyzer(zeek::Tag tag) override;
 	};
 // PIA for TCP.  Accepts both packet and stream input (and reassembles
@ -180,8 +180,8 @@ protected:
 	void DeliverStream(int len, const u_char* data, bool is_orig) override;
 	void Undelivered(uint64_t seq, int len, bool is_orig) override;
-	void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule = nullptr) override;
+	void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) override;
-	void DeactivateAnalyzer(analyzer::Tag tag) override;
+	void DeactivateAnalyzer(zeek::Tag tag) override;
 private:
 	// FIXME: Not sure yet whether we need both pkt_buffer and stream_buffer.
--- a/src/file_analysis/Analyzer.cc
+++ b/src/file_analysis/Analyzer.cc
@ -15,13 +15,13 @@ Analyzer::~Analyzer()
 	DBG_LOG(DBG_FILE_ANALYSIS, "Destroy file analyzer %s", file_mgr->GetComponentName(tag).c_str());
 	}
-void Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag)
+void Analyzer::SetAnalyzerTag(const zeek::Tag& arg_tag)
 	{
 	assert(! tag || tag == arg_tag);
 	tag = arg_tag;
 	}
-Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordValPtr arg_args, File* arg_file)
+Analyzer::Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file)
 	: tag(arg_tag), args(std::move(arg_args)), file(arg_file), got_stream_delivery(false),
 	  skip(false)
 	{
--- a/src/file_analysis/Analyzer.h
+++ b/src/file_analysis/Analyzer.h
@ -4,7 +4,7 @@
 #include <sys/types.h> // for u_char
-#include "zeek/file_analysis/Tag.h"
+#include "zeek/Tag.h"
 namespace zeek
 	{
@ -81,7 +81,7 @@ public:
 	/**
 	 * @return the analyzer type enum value.
 	 */
-	file_analysis::Tag Tag() const { return tag; }
+	zeek::Tag Tag() const { return tag; }
 	/**
 	 * Returns the analyzer instance's internal ID. These IDs are unique
@ -106,7 +106,7 @@ public:
 	 * did not receive a name or tag. The method cannot be used to change
 	 * an existing tag.
 	 */
-	void SetAnalyzerTag(const file_analysis::Tag& tag);
+	void SetAnalyzerTag(const zeek::Tag& tag);
 	/**
 	 * @return true if the analyzer has ever seen a stream-wise delivery.
@ -141,7 +141,7 @@ protected:
 	 *        tunable options, if any, related to a particular analyzer type.
 	 * @param arg_file the file to which the the analyzer is being attached.
 	 */
-	Analyzer(file_analysis::Tag arg_tag, RecordValPtr arg_args, File* arg_file);
+	Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file);
 	/**
 	 * Constructor.  Only derived classes are meant to be instantiated.
@ -156,7 +156,7 @@ protected:
 private:
 	ID id; /**< Unique instance ID. */
-	file_analysis::Tag tag; /**< The particular type of the analyzer instance. */
+	zeek::Tag tag; /**< The particular type of the analyzer instance. */
 	RecordValPtr args; /**< \c AnalyzerArgs val gives tunable analyzer params. */
 	File* file; /**< The file to which the analyzer is attached. */
 	bool got_stream_delivery;
--- a/src/file_analysis/AnalyzerSet.cc
+++ b/src/file_analysis/AnalyzerSet.cc
@ -42,14 +42,14 @@ AnalyzerSet::~AnalyzerSet()
 	delete analyzer_hash;
 	}
-Analyzer* AnalyzerSet::Find(const file_analysis::Tag& tag, RecordValPtr args)
+Analyzer* AnalyzerSet::Find(const zeek::Tag& tag, RecordValPtr args)
 	{
 	auto key = GetKey(tag, std::move(args));
 	Analyzer* rval = analyzer_map.Lookup(key.get());
 	return rval;
 	}
-bool AnalyzerSet::Add(const file_analysis::Tag& tag, RecordValPtr args)
+bool AnalyzerSet::Add(const zeek::Tag& tag, RecordValPtr args)
 	{
 	auto key = GetKey(tag, args);
@ -71,7 +71,7 @@ bool AnalyzerSet::Add(const file_analysis::Tag& tag, RecordValPtr args)
 	return true;
 	}
-Analyzer* AnalyzerSet::QueueAdd(const file_analysis::Tag& tag, RecordValPtr args)
+Analyzer* AnalyzerSet::QueueAdd(const zeek::Tag& tag, RecordValPtr args)
 	{
 	auto key = GetKey(tag, args);
 	file_analysis::Analyzer* a = InstantiateAnalyzer(tag, std::move(args));
@ -105,12 +105,12 @@ void AnalyzerSet::AddMod::Abort()
 	delete a;
 	}
-bool AnalyzerSet::Remove(const file_analysis::Tag& tag, RecordValPtr args)
+bool AnalyzerSet::Remove(const zeek::Tag& tag, RecordValPtr args)
 	{
 	return Remove(tag, GetKey(tag, std::move(args)));
 	}
-bool AnalyzerSet::Remove(const file_analysis::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key)
+bool AnalyzerSet::Remove(const zeek::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key)
 	{
 	auto a = (file_analysis::Analyzer*)analyzer_map.Remove(key.get());
@ -134,7 +134,7 @@ bool AnalyzerSet::Remove(const file_analysis::Tag& tag, std::unique_ptr<zeek::de
 	return true;
 	}
-bool AnalyzerSet::QueueRemove(const file_analysis::Tag& tag, RecordValPtr args)
+bool AnalyzerSet::QueueRemove(const zeek::Tag& tag, RecordValPtr args)
 	{
 	auto key = GetKey(tag, std::move(args));
 	auto rval = analyzer_map.Lookup(key.get());
@ -147,7 +147,7 @@ bool AnalyzerSet::RemoveMod::Perform(AnalyzerSet* set)
 	return set->Remove(tag, std::move(key));
 	}
-std::unique_ptr<zeek::detail::HashKey> AnalyzerSet::GetKey(const file_analysis::Tag& t,
+std::unique_ptr<zeek::detail::HashKey> AnalyzerSet::GetKey(const zeek::Tag& t,
                                                           RecordValPtr args) const
 	{
 	auto lv = make_intrusive<ListVal>(TYPE_ANY);
--- a/src/file_analysis/AnalyzerSet.h
+++ b/src/file_analysis/AnalyzerSet.h
@ -6,7 +6,7 @@
 #include <queue>
 #include "zeek/Dict.h"
-#include "zeek/file_analysis/Tag.h"
+#include "zeek/Tag.h"
 namespace zeek
 	{
@ -55,7 +55,7 @@ public:
 	 * @param args an \c AnalyzerArgs record.
 	 * @return pointer to an analyzer instance, or a null pointer if not found.
 	 */
-	Analyzer* Find(const file_analysis::Tag& tag, RecordValPtr args);
+	Analyzer* Find(const zeek::Tag& tag, RecordValPtr args);
 	/**
 	 * Attach an analyzer to #file immediately.
@ -63,7 +63,7 @@ public:
 	 * @param args an \c AnalyzerArgs value which specifies an analyzer.
 	 * @return true if analyzer was instantiated/attached, else false.
 	 */
-	bool Add(const file_analysis::Tag& tag, RecordValPtr args);
+	bool Add(const zeek::Tag& tag, RecordValPtr args);
 	/**
 	 * Queue the attachment of an analyzer to #file.
@ -72,7 +72,7 @@ public:
 	 * @return if successful, a pointer to a newly instantiated analyzer else
 	 * a null pointer.  The caller does *not* take ownership of the memory.
 	 */
-	file_analysis::Analyzer* QueueAdd(const file_analysis::Tag& tag, RecordValPtr args);
+	file_analysis::Analyzer* QueueAdd(const zeek::Tag& tag, RecordValPtr args);
 	/**
 	 * Remove an analyzer from #file immediately.
@ -80,7 +80,7 @@ public:
 	 * @param args an \c AnalyzerArgs value which specifies an analyzer.
 	 * @return false if analyzer didn't exist and so wasn't removed, else true.
 	 */
-	bool Remove(const file_analysis::Tag& tag, RecordValPtr args);
+	bool Remove(const zeek::Tag& tag, RecordValPtr args);
 	/**
 	 * Queue the removal of an analyzer from #file.
@ -88,7 +88,7 @@ public:
 	 * @param args an \c AnalyzerArgs value which specifies an analyzer.
 	 * @return true if analyzer exists at time of call, else false;
 	 */
-	bool QueueRemove(const file_analysis::Tag& tag, RecordValPtr args);
+	bool QueueRemove(const zeek::Tag& tag, RecordValPtr args);
 	/**
 	 * Perform all queued modifications to the current analyzer set.
@ -146,8 +146,7 @@ protected:
 	 * @param args an \c AnalyzerArgs value which specifies an analyzer.
 	 * @return the hash key calculated from \a args
 	 */
-	std::unique_ptr<zeek::detail::HashKey> GetKey(const file_analysis::Tag& tag,
+	std::unique_ptr<zeek::detail::HashKey> GetKey(const zeek::Tag& tag, RecordValPtr args) const;
 	                                              RecordValPtr args) const;
 	/**
 	 * Create an instance of a file analyzer.
@ -155,8 +154,7 @@ protected:
 	 * @param args an \c AnalyzerArgs value which specifies an analyzer.
 	 * @return a new file analyzer instance.
 	 */
-	file_analysis::Analyzer* InstantiateAnalyzer(const file_analysis::Tag& tag,
+	file_analysis::Analyzer* InstantiateAnalyzer(const zeek::Tag& tag, RecordValPtr args) const;
 	                                             RecordValPtr args) const;
 	/**
 	 * Insert an analyzer instance in to the set.
@ -171,7 +169,7 @@ protected:
 	 *        just used for debugging messages.
 	 * @param key the hash key which represents the analyzer's \c AnalyzerArgs.
 	 */
-	bool Remove(const file_analysis::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key);
+	bool Remove(const zeek::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key);
 private:
 	File* file; /**< File which owns the set */
@ -234,7 +232,7 @@ private:
 		 * @param arg_a an analyzer instance to add to an analyzer set.
 		 * @param arg_key hash key representing the analyzer's \c AnalyzerArgs.
 		 */
-		RemoveMod(const file_analysis::Tag& arg_tag, std::unique_ptr<zeek::detail::HashKey> arg_key)
+		RemoveMod(const zeek::Tag& arg_tag, std::unique_ptr<zeek::detail::HashKey> arg_key)
 			: Modification(), tag(arg_tag), key(std::move(arg_key))
 			{
 			}
@ -243,7 +241,7 @@ private:
 		void Abort() override { }
 	protected:
-		file_analysis::Tag tag;
+		zeek::Tag tag;
 		std::unique_ptr<zeek::detail::HashKey> key;
 		};
--- a/src/file_analysis/Component.h
+++ b/src/file_analysis/Component.h
@ -4,7 +4,7 @@
 #include "zeek/zeek-config.h"
-#include "zeek/file_analysis/Tag.h"
+#include "zeek/Tag.h"
 #include "zeek/plugin/Component.h"
 #include "zeek/plugin/TaggedComponent.h"
@ -47,15 +47,15 @@ public:
 	 *
 	 * @param subtype A subtype associated with this component that
 	 * further distinguishes it. The subtype will be integrated into the
-	 * analyzer::Tag that the manager associates with this analyzer, and
+	 * Tag that the manager associates with this analyzer, and
-	 * analyzer instances can accordingly access it via analyzer::Tag().
+	 * analyzer instances can accordingly access it via Tag().
 	 * If not used, leave at zero.
 	 *
 	 * @param enabled If false the analyzer starts out as disabled and
 	 * hence won't be used. It can still be enabled later via the
 	 * manager, including from script-land.
 	 */
-	Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0,
+	Component(const std::string& name, factory_function factory, zeek::Tag::subtype_t subtype = 0,
 	          bool enabled = true);
 	/**
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -79,7 +79,7 @@ void File::StaticInit()
 	}
 File::File(const std::string& file_id, const std::string& source_name, Connection* conn,
-           analyzer::Tag tag, bool is_orig)
+           zeek::Tag tag, bool is_orig)
 	: id(file_id), val(nullptr), file_reassembler(nullptr), stream_offset(0),
 	  reassembly_max_buffer(0), did_metadata_inference(false), reassembly_enabled(false),
 	  postpone_timeout(false), done(false), analyzers(this)
@ -246,7 +246,7 @@ void File::ScheduleInactivityTimer() const
 		new detail::FileTimer(run_state::network_time, id, GetTimeoutInterval()));
 	}
-bool File::AddAnalyzer(file_analysis::Tag tag, RecordValPtr args)
+bool File::AddAnalyzer(zeek::Tag tag, RecordValPtr args)
 	{
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing addition of %s analyzer", id.c_str(),
 	        file_mgr->GetComponentName(tag).c_str());
@ -257,7 +257,7 @@ bool File::AddAnalyzer(file_analysis::Tag tag, RecordValPtr args)
 	return analyzers.QueueAdd(tag, std::move(args)) != nullptr;
 	}
-bool File::RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args)
+bool File::RemoveAnalyzer(zeek::Tag tag, RecordValPtr args)
 	{
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing remove of %s analyzer", id.c_str(),
 	        file_mgr->GetComponentName(tag).c_str());
--- a/src/file_analysis/File.h
+++ b/src/file_analysis/File.h
@ -119,7 +119,7 @@ public:
 	 * @param args an \c AnalyzerArgs value representing a file analyzer.
 	 * @return false if analyzer can't be instantiated, else true.
 	 */
-	bool AddAnalyzer(file_analysis::Tag tag, RecordValPtr args);
+	bool AddAnalyzer(zeek::Tag tag, RecordValPtr args);
 	/**
 	 * Queues removal of an analyzer.
@ -127,7 +127,7 @@ public:
 	 * @param args an \c AnalyzerArgs value representing a file analyzer.
 	 * @return true if analyzer was active at time of call, else false.
 	 */
-	bool RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args);
+	bool RemoveAnalyzer(zeek::Tag tag, RecordValPtr args);
 	/**
 	 * Signal that this analyzer can be deleted once it's safe to do so.
@ -223,7 +223,7 @@ protected:
 	 *        direction.
 	 */
 	File(const std::string& file_id, const std::string& source_name, Connection* conn = nullptr,
-	     analyzer::Tag tag = analyzer::Tag::Error, bool is_orig = false);
+	     zeek::Tag tag = zeek::Tag::Error, bool is_orig = false);
 	/**
 	 * Updates the "conn_ids" and "conn_uids" fields in #val record with the
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -87,7 +87,7 @@ void Manager::SetHandle(const string& handle)
 	current_file_id = HashHandle(handle);
 	}
-string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const analyzer::Tag& tag,
+string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const zeek::Tag& tag,
                       Connection* conn, bool is_orig, const string& precomputed_id,
                       const string& mime_type)
 	{
@ -117,7 +117,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const
 	return id;
 	}
-string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, Connection* conn,
+string Manager::DataIn(const u_char* data, uint64_t len, const zeek::Tag& tag, Connection* conn,
                       bool is_orig, const string& precomputed_id, const string& mime_type)
 	{
 	string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -145,7 +145,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& ta
 void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, const string& source,
                     const string& mime_type)
 	{
-	File* file = GetFile(file_id, nullptr, analyzer::Tag::Error, false, false, source.c_str());
+	File* file = GetFile(file_id, nullptr, zeek::Tag::Error, false, false, source.c_str());
 	if ( ! file )
 		return;
@ -162,7 +162,7 @@ void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, co
 void Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const string& file_id,
                     const string& source, const string& mime_type)
 	{
-	File* file = GetFile(file_id, nullptr, analyzer::Tag::Error, false, false, source.c_str());
+	File* file = GetFile(file_id, nullptr, zeek::Tag::Error, false, false, source.c_str());
 	if ( ! file )
 		return;
@ -176,13 +176,13 @@ void Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const st
 		RemoveFile(file->GetID());
 	}
-void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn)
+void Manager::EndOfFile(const zeek::Tag& tag, Connection* conn)
 	{
 	EndOfFile(tag, conn, true);
 	EndOfFile(tag, conn, false);
 	}
-void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig)
+void Manager::EndOfFile(const zeek::Tag& tag, Connection* conn, bool is_orig)
 	{
 	// Don't need to create a file if we're just going to remove it right away.
 	RemoveFile(GetFileID(tag, conn, is_orig));
@ -193,7 +193,7 @@ void Manager::EndOfFile(const string& file_id)
 	RemoveFile(file_id);
 	}
-string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Connection* conn,
+string Manager::Gap(uint64_t offset, uint64_t len, const zeek::Tag& tag, Connection* conn,
                    bool is_orig, const string& precomputed_id)
 	{
 	string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -206,7 +206,7 @@ string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Con
 	return id;
 	}
-string Manager::SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, bool is_orig,
+string Manager::SetSize(uint64_t size, const zeek::Tag& tag, Connection* conn, bool is_orig,
                        const string& precomputed_id)
 	{
 	string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -283,8 +283,7 @@ bool Manager::SetExtractionLimit(const string& file_id, RecordValPtr args, uint6
 	return file->SetExtractionLimit(std::move(args), n);
 	}
-bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag,
+bool Manager::AddAnalyzer(const string& file_id, const zeek::Tag& tag, RecordValPtr args) const
                          RecordValPtr args) const
 	{
 	File* file = LookupFile(file_id);
@ -294,8 +293,7 @@ bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag,
 	return file->AddAnalyzer(tag, std::move(args));
 	}
-bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& tag,
+bool Manager::RemoveAnalyzer(const string& file_id, const zeek::Tag& tag, RecordValPtr args) const
                             RecordValPtr args) const
 	{
 	File* file = LookupFile(file_id);
@ -305,8 +303,8 @@ bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& ta
 	return file->RemoveAnalyzer(tag, std::move(args));
 	}
-File* Manager::GetFile(const string& file_id, Connection* conn, const analyzer::Tag& tag,
+File* Manager::GetFile(const string& file_id, Connection* conn, const zeek::Tag& tag, bool is_orig,
-                       bool is_orig, bool update_conn, const char* source_name)
+                       bool update_conn, const char* source_name)
 	{
 	if ( file_id.empty() )
 		return nullptr;
@ -417,7 +415,7 @@ bool Manager::IsIgnored(const string& file_id)
 	return ignored.find(file_id) != ignored.end();
 	}
-string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
+string Manager::GetFileID(const zeek::Tag& tag, Connection* c, bool is_orig)
 	{
 	current_file_id.clear();
@ -437,7 +435,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
 	return current_file_id;
 	}
-bool Manager::IsDisabled(const analyzer::Tag& tag)
+bool Manager::IsDisabled(const zeek::Tag& tag)
 	{
 	if ( ! disabled )
 		disabled = id::find_const("Files::disable")->AsTableVal();
--- a/src/file_analysis/Manager.h
+++ b/src/file_analysis/Manager.h
@ -8,7 +8,7 @@
 #include "zeek/RuleMatcher.h"
 #include "zeek/RunState.h"
-#include "zeek/analyzer/Tag.h"
+#include "zeek/Tag.h"
 #include "zeek/file_analysis/Component.h"
 #include "zeek/file_analysis/FileTimer.h"
 #include "zeek/plugin/ComponentManager.h"
@ -110,7 +110,7 @@ public:
 	 *         the \c get_file_handle script-layer event).  An empty string
 	 *         indicates the associate file is not going to be analyzed further.
 	 */
-	std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, const analyzer::Tag& tag,
+	std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, const zeek::Tag& tag,
 	                   Connection* conn, bool is_orig, const std::string& precomputed_file_id = "",
 	                   const std::string& mime_type = "");
@ -136,7 +136,7 @@ public:
 	 *         the \c get_file_handle script-layer event).  An empty string
 	 *         indicates the associated file is not going to be analyzed further.
 	 */
-	std::string DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, Connection* conn,
+	std::string DataIn(const u_char* data, uint64_t len, const zeek::Tag& tag, Connection* conn,
 	                   bool is_orig, const std::string& precomputed_file_id = "",
 	                   const std::string& mime_type = "");
@ -183,7 +183,7 @@ public:
 	 * @param tag network protocol over which the file data is transferred.
 	 * @param conn network connection over which the file data is transferred.
 	 */
-	void EndOfFile(const analyzer::Tag& tag, Connection* conn);
+	void EndOfFile(const zeek::Tag& tag, Connection* conn);
 	/**
 	 * Signal the end of file data being transferred over a connection in
@ -191,7 +191,7 @@ public:
 	 * @param tag network protocol over which the file data is transferred.
 	 * @param conn network connection over which the file data is transferred.
 	 */
-	void EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig);
+	void EndOfFile(const zeek::Tag& tag, Connection* conn, bool is_orig);
 	/**
 	 * Signal the end of file data being transferred using the file identifier.
@ -215,7 +215,7 @@ public:
 	 *         the \c get_file_handle script-layer event).  An empty string
 	 *         indicates the associate file is not going to be analyzed further.
 	 */
-	std::string Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Connection* conn,
+	std::string Gap(uint64_t offset, uint64_t len, const zeek::Tag& tag, Connection* conn,
 	                bool is_orig, const std::string& precomputed_file_id = "");
 	/**
@ -233,7 +233,7 @@ public:
 	 *         the \c get_file_handle script-layer event).  An empty string
 	 *         indicates the associate file is not going to be analyzed further.
 	 */
-	std::string SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, bool is_orig,
+	std::string SetSize(uint64_t size, const zeek::Tag& tag, Connection* conn, bool is_orig,
 	                    const std::string& precomputed_file_id = "");
 	/**
@ -298,8 +298,7 @@ public:
 	 * @param args a \c AnalyzerArgs value which describes a file analyzer.
 	 * @return false if the analyzer failed to be instantiated, else true.
 	 */
-	bool AddAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
+	bool AddAnalyzer(const std::string& file_id, const zeek::Tag& tag, RecordValPtr args) const;
 	                 RecordValPtr args) const;
 	/**
 	 * Queue removal of an analyzer for a given file identifier.
@ -308,8 +307,7 @@ public:
 	 * @param args a \c AnalyzerArgs value which describes a file analyzer.
 	 * @return true if the analyzer is active at the time of call, else false.
 	 */
-	bool RemoveAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
+	bool RemoveAnalyzer(const std::string& file_id, const zeek::Tag& tag, RecordValPtr args) const;
 	                    RecordValPtr args) const;
 	/**
 	 * Tells whether analysis for a file is active or ignored.
@ -379,7 +377,7 @@ protected:
 	 *         connection-related fields.
 	 */
 	File* GetFile(const std::string& file_id, Connection* conn = nullptr,
-	              const analyzer::Tag& tag = analyzer::Tag::Error, bool is_orig = false,
+	              const zeek::Tag& tag = zeek::Tag::Error, bool is_orig = false,
 	              bool update_conn = true, const char* source_name = nullptr);
 	/**
@ -409,7 +407,7 @@ protected:
 	 * @return #current_file_id, which is a hash of a unique file handle string
 	 *         set by a \c get_file_handle event handler.
 	 */
-	std::string GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig);
+	std::string GetFileID(const zeek::Tag& tag, Connection* c, bool is_orig);
 	/**
 	 * Check if analysis is available for files transferred over a given
@ -419,7 +417,7 @@ protected:
 	 * @return whether file analysis is disabled for the analyzer given by
 	 *         \a tag.
 	 */
-	static bool IsDisabled(const analyzer::Tag& tag);
+	static bool IsDisabled(const zeek::Tag& tag);
 private:
 	using TagSet = std::set<Tag>;
--- a/src/file_analysis/analyzer/x509/X509Common.cc
+++ b/src/file_analysis/analyzer/x509/X509Common.cc
@ -17,7 +17,7 @@
 namespace zeek::file_analysis::detail
 	{
-X509Common::X509Common(const file_analysis::Tag& arg_tag, RecordValPtr arg_args,
+X509Common::X509Common(const zeek::Tag& arg_tag, RecordValPtr arg_args,
                       file_analysis::File* arg_file)
 	: file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file)
 	{
--- a/src/file_analysis/analyzer/x509/X509Common.h
+++ b/src/file_analysis/analyzer/x509/X509Common.h
@ -49,8 +49,7 @@ public:
 	                              Reporter* reporter);
 protected:
-	X509Common(const file_analysis::Tag& arg_tag, RecordValPtr arg_args,
+	X509Common(const zeek::Tag& arg_tag, RecordValPtr arg_args, file_analysis::File* arg_file);
 	           file_analysis::File* arg_file);
 	void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global);
 	void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);
--- a/src/input/Component.h
+++ b/src/input/Component.h
@ -2,7 +2,7 @@
 #pragma once
-#include "zeek/input/Tag.h"
+#include "zeek/Tag.h"
 #include "zeek/plugin/Component.h"
 #include "zeek/plugin/TaggedComponent.h"
--- a/src/logging/Component.h
+++ b/src/logging/Component.h
@ -2,7 +2,7 @@
 #pragma once
-#include "zeek/logging/Tag.h"
+#include "zeek/Tag.h"
 #include "zeek/plugin/Component.h"
 #include "zeek/plugin/TaggedComponent.h"
--- a/src/packet_analysis/Analyzer.h
+++ b/src/packet_analysis/Analyzer.h
@ -1,9 +1,9 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 #pragma once
 #include "zeek/Tag.h"
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Manager.h"
 #include "zeek/packet_analysis/Tag.h"
 namespace zeek::packet_analysis
 	{
@ -31,7 +31,7 @@ public:
 	 * @param tag The tag for the type of analyzer. The tag must map to
 	 * the name the corresponding Component registers.
 	 */
-	explicit Analyzer(const Tag& tag);
+	explicit Analyzer(const zeek::Tag& tag);
 	/**
 	 * Destructor.
@ -50,7 +50,7 @@ public:
 	/**
 	 * Returns the tag associated with the analyzer's type.
 	 */
-	const Tag GetAnalyzerTag() const;
+	const zeek::Tag GetAnalyzerTag() const;
 	/**
 	 * Returns a textual description of the analyzer's type. This is
@ -165,7 +165,7 @@ protected:
 	void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const;
 private:
-	Tag tag;
+	zeek::Tag tag;
 	Dispatcher dispatcher;
 	AnalyzerPtr default_analyzer = nullptr;
@ -174,7 +174,7 @@ private:
 	 */
 	bool report_unknown_protocols = true;
-	void Init(const Tag& tag);
+	void Init(const zeek::Tag& tag);
 	};
 using AnalyzerPtr = std::shared_ptr<Analyzer>;
--- a/src/packet_analysis/Component.h
+++ b/src/packet_analysis/Component.h
@ -6,7 +6,7 @@
 #include <functional>
-#include "zeek/packet_analysis/Tag.h"
+#include "zeek/Tag.h"
 #include "zeek/plugin/Component.h"
 #include "zeek/plugin/TaggedComponent.h"
 #include "zeek/util.h"
@ -22,7 +22,7 @@ class Component : public plugin::Component, public plugin::TaggedComponent
 public:
 	using factory_callback = std::function<AnalyzerPtr()>;
-	Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0);
+	Component(const std::string& name, factory_callback factory, zeek::Tag::subtype_t subtype = 0);
 	~Component() override = default;
 	/**
--- a/src/packet_analysis/Manager.h
+++ b/src/packet_analysis/Manager.h
@ -4,10 +4,10 @@
 #include "zeek/Func.h"
 #include "zeek/PacketFilter.h"
 #include "zeek/Tag.h"
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Component.h"
 #include "zeek/packet_analysis/Dispatcher.h"
 #include "zeek/packet_analysis/Tag.h"
 #include "zeek/plugin/ComponentManager.h"
 namespace zeek
@ -151,7 +151,7 @@ private:
 	 * @return The new analyzer instance. Returns null if tag is invalid, the
 	 * requested analyzer is disabled, or the analyzer can't be instantiated.
 	 */
-	AnalyzerPtr InstantiateAnalyzer(const Tag& tag);
+	AnalyzerPtr InstantiateAnalyzer(const zeek::Tag& tag);
 	/**
 	 * Instantiates a new analyzer.
--- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
+++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
@ -16,7 +16,7 @@ enum ICMP_EndpointState
 void ICMPSessionAdapter::AddExtraAnalyzers(Connection* conn)
 	{
-	static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
+	static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
 	if ( analyzer_mgr->IsEnabled(analyzer_connsize) )
 		// Add ConnSize analyzer. Needs to see packets, not stream.
--- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
+++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
@ -196,7 +196,7 @@ void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn)
 		if ( ! analyzers_by_port.empty() && ! zeek::detail::dpd_ignore_ports )
 			{
 			int resp_port = ntohs(conn->RespPort());
-			std::set<analyzer::Tag>* ports = LookupPort(resp_port, false);
+			std::set<zeek::Tag>* ports = LookupPort(resp_port, false);
 			if ( ports )
 				{
@ -227,7 +227,7 @@ void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn)
 	PLUGIN_HOOK_VOID(HOOK_SETUP_ANALYZER_TREE, HookSetupAnalyzerTree(conn));
 	}
-bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port)
+bool IPBasedAnalyzer::RegisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port)
 	{
 	tag_set* l = LookupPort(port, true);
@ -243,7 +243,7 @@ bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t
 	return true;
 	}
-bool IPBasedAnalyzer::UnregisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port)
+bool IPBasedAnalyzer::UnregisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port)
 	{
 	tag_set* l = LookupPort(port, true);
--- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
+++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
@ -6,7 +6,7 @@
 #include <set>
 #include "zeek/ID.h"
-#include "zeek/analyzer/Tag.h"
+#include "zeek/Tag.h"
 #include "zeek/packet_analysis/Analyzer.h"
 namespace zeek::analyzer::pia
@ -49,7 +49,7 @@ public:
 	 * @param port The port's number.
 	 * @return True if successful.
 	 */
-	bool RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port);
+	bool RegisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port);
 	/**
 	 * Unregisters a well-known port for an analyzer.
@ -57,9 +57,9 @@ public:
 	 * @param tag The analyzer's tag.
 	 * @param port The port's number.
 	 * @param tag The analyzer's tag as an enum of script type \c
-	 * Analyzer::Tag.
+	 * Tag.
 	 */
-	bool UnregisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port);
+	bool UnregisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port);
 	/**
 	 * Dumps information about the registered session analyzers per port.
@ -180,7 +180,7 @@ private:
 	// While this is storing session analyzer tags, we store it here since packet analyzers
 	// are persitent objects. We can't do this in the adapters because those get created
 	// and destroyed for each connection.
-	using tag_set = std::set<analyzer::Tag>;
+	using tag_set = std::set<zeek::Tag>;
 	using analyzer_map_by_port = std::map<uint32_t, tag_set*>;
 	analyzer_map_by_port analyzers_by_port;
--- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
+++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
@ -724,7 +724,7 @@ analyzer::Analyzer* TCPSessionAdapter::FindChild(analyzer::ID arg_id)
 	return nullptr;
 	}
-analyzer::Analyzer* TCPSessionAdapter::FindChild(analyzer::Tag arg_tag)
+analyzer::Analyzer* TCPSessionAdapter::FindChild(zeek::Tag arg_tag)
 	{
 	analyzer::Analyzer* child = packet_analysis::IP::SessionAdapter::FindChild(arg_tag);
@ -1599,8 +1599,8 @@ bool TCPSessionAdapter::IsReuse(double t, const u_char* pkt)
 void TCPSessionAdapter::AddExtraAnalyzers(Connection* conn)
 	{
-	static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
+	static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
-	static analyzer::Tag analyzer_tcpstats = analyzer_mgr->GetComponentTag("TCPSTATS");
+	static zeek::Tag analyzer_tcpstats = analyzer_mgr->GetComponentTag("TCPSTATS");
 	// We have to decide whether to reassamble the stream.
 	// We turn it on right away if we already have an app-layer
--- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
+++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
@ -2,6 +2,7 @@
 #pragma once
 #include "zeek/Tag.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Endpoint.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
 #include "zeek/packet_analysis/Analyzer.h"
@ -42,7 +43,7 @@ public:
 	void AddChildPacketAnalyzer(analyzer::Analyzer* a);
 	Analyzer* FindChild(analyzer::ID id) override;
-	Analyzer* FindChild(analyzer::Tag tag) override;
+	Analyzer* FindChild(zeek::Tag tag) override;
 	bool RemoveChildAnalyzer(analyzer::ID id) override;
 	// True if the connection has closed in some sense, false otherwise.
--- a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc
+++ b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc
@ -17,7 +17,7 @@ enum UDP_EndpointState
 void UDPSessionAdapter::AddExtraAnalyzers(Connection* conn)
 	{
-	static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
+	static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
 	if ( analyzer_mgr->IsEnabled(analyzer_connsize) )
 		// Add ConnSize analyzer. Needs to see packets, not stream.