Move all of the Packet-related classes to namespaces

src/Conn.cc

@@ -58,7 +58,7 @@ uint64_t Connection::total_connections = 0;
 uint64_t Connection::current_connections = 0;
 
 Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
-                       uint32_t flow, const Packet* pkt,
+                       uint32_t flow, const zeek::Packet* pkt,
                        const EncapsulationStack* arg_encap)
 	{
 	sessions = s;
@@ -187,7 +187,7 @@ void Connection::NextPacket(double t, bool is_orig,
                             const u_char*& data,
                             int& record_packet, int& record_content,
                             // arguments for reproducing packets
-                            const Packet *pkt)
+                            const zeek::Packet *pkt)
 	{
 	current_timestamp = t;
 	current_pkt = pkt;

src/Conn.h

@@ -66,7 +66,7 @@ static inline int addr_port_canon_lt(const zeek::IPAddr& addr1, uint32_t p1,
 class Connection final : public zeek::Obj {
 public:
 	Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
-	           uint32_t flow, const Packet* pkt, const EncapsulationStack* arg_encap);
+	           uint32_t flow, const zeek::Packet* pkt, const EncapsulationStack* arg_encap);
 	~Connection() override;
 
 	// Invoked when an encapsulation is discovered. It records the
@@ -96,7 +96,7 @@ public:
 	                const u_char*& data,
 	                int& record_packet, int& record_content,
 	                // arguments for reproducing packets
-	                const Packet *pkt);
+	                const zeek::Packet *pkt);
 
 	// Keys are only considered valid for a connection when a
 	// connection is in the session map. If it is removed, the key
@@ -355,8 +355,8 @@ protected:
 	TransportProto proto;
 	uint32_t orig_flow_label, resp_flow_label;	// most recent IPv6 flow labels
 	uint32_t vlan, inner_vlan;	// VLAN this connection traverses, if available
-	u_char orig_l2_addr[Packet::l2_addr_len];	// Link-layer originator address, if available
+	u_char orig_l2_addr[zeek::Packet::l2_addr_len];	// Link-layer originator address, if available
-	u_char resp_l2_addr[Packet::l2_addr_len];	// Link-layer responder address, if available
+	u_char resp_l2_addr[zeek::Packet::l2_addr_len];	// Link-layer responder address, if available
 	double start_time, last_time;
 	double inactivity_timeout;
 	zeek::RecordValPtr conn_val;

src/Net.cc

@@ -32,7 +32,6 @@ extern "C" {
 #include "Reporter.h"
 #include "Scope.h"
 #include "Anon.h"
-#include "PacketDumper.h"
 #include "iosource/Manager.h"
 #include "iosource/PktSrc.h"
 #include "iosource/PktDumper.h"
@@ -58,7 +57,7 @@ double last_watchdog_proc_time = 0.0;	// value of above during last watchdog
 bool terminating = false;	// whether we're done reading and finishing up
 bool is_parsing = false;
 
-const Packet *current_pkt = nullptr;
+const zeek::Packet *current_pkt = nullptr;
 int current_dispatched = 0;
 double current_timestamp = 0.0;
 iosource::PktSrc* current_pktsrc = nullptr;
@@ -220,7 +219,7 @@ void expire_timers(iosource::PktSrc* src_ps)
 			max_timer_expires - current_dispatched);
 	}
 
-void net_packet_dispatch(double t, const Packet* pkt, iosource::PktSrc* src_ps)
+void net_packet_dispatch(double t, const zeek::Packet* pkt, iosource::PktSrc* src_ps)
 	{
 	if ( ! bro_start_network_time )
 		{

src/Net.h

@@ -2,6 +2,8 @@
 
 #pragma once
 
+#include "zeek-config.h"
+
 #include <sys/stat.h> // for ino_t
 
 #include <list>
@@ -15,7 +17,7 @@ namespace iosource {
 	class PktDumper;
 	}
 
-class Packet;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
 
 extern void net_init(const std::optional<std::string>& interfaces,
                      const std::optional<std::string>& pcap_input_file,
@@ -26,7 +28,7 @@ extern void net_get_final_stats();
 extern void net_finish(int drain_events);
 extern void net_delete();	// Reclaim all memory, etc.
 extern void net_update_time(double new_network_time);
-extern void net_packet_dispatch(double t, const Packet* pkt,
+extern void net_packet_dispatch(double t, const zeek::Packet* pkt,
 			iosource::PktSrc* src_ps);
 extern void expire_timers(iosource::PktSrc* src_ps = nullptr);
 extern void zeek_terminate_loop(const char* reason);
@@ -77,7 +79,7 @@ extern bool terminating;
 // True if Bro is currently parsing scripts.
 extern bool is_parsing;
 
-extern const Packet* current_pkt;
+extern const zeek::Packet* current_pkt;
 extern int current_dispatched;
 extern double current_timestamp;
 extern iosource::PktSrc* current_pktsrc;

src/PacketDumper.cc

@@ -6,6 +6,8 @@
 #include "util.h"
 #include "iosource/PktDumper.h"
 
+namespace zeek::detail {
+
 PacketDumper::PacketDumper(pcap_dumper_t* arg_pkt_dump)
 	{
 	last_timestamp.tv_sec = last_timestamp.tv_usec = 0;
@@ -36,3 +38,5 @@ void PacketDumper::SortTimeStamp(struct timeval* timestamp)
 	else
 		last_timestamp = *timestamp;
 	}
+
+} // namespace zeek::detail

src/PacketDumper.h

@@ -6,6 +6,8 @@
 
 #include <sys/types.h> // for u_char
 
+namespace zeek::detail {
+
 class PacketDumper {
 public:
 	explicit PacketDumper(pcap_dumper_t* pkt_dump);
@@ -19,3 +21,5 @@ protected:
 
 	void SortTimeStamp(struct timeval* timestamp);
 };
+
+} // namespace zeek::detail

src/PacketFilter.cc

@@ -1,6 +1,8 @@
 #include "PacketFilter.h"
 #include "IP.h"
 
+namespace zeek::detail {
+
 void PacketFilter::DeleteFilter(void* data)
 	{
 	auto f = static_cast<Filter*>(data);
@@ -115,3 +117,5 @@ bool PacketFilter::MatchFilter(const Filter& f, const zeek::IP_Hdr& ip,
 
 	return zeek::random_number() < f.probability;
 	}
+
+} // namespace zeek::detail

src/PacketFilter.h

@@ -8,6 +8,8 @@
 ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
 
+namespace zeek::detail {
+
 class PacketFilter {
 public:
 	explicit PacketFilter(bool arg_default);
@@ -45,3 +47,7 @@ private:
 	PrefixTable src_filter;
 	PrefixTable dst_filter;
 };
+
+} // namespace zeek::detail
+
+using PacketFilter [[deprecated("Remove in v4.1. Use zeek::detail::PacketFilter.")]] = zeek::detail::PacketFilter;

src/Sessions.cc

@@ -119,7 +119,7 @@ void NetSessions::Done()
 	{
 	}
 
-void NetSessions::NextPacket(double t, const Packet* pkt)
+void NetSessions::NextPacket(double t, const zeek::Packet* pkt)
 	{
 	SegmentProfiler prof(segment_logger, "dispatching-packet");
 
@@ -144,7 +144,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
 
 	uint32_t caplen = pkt->cap_len - pkt->hdr_size;
 
-	if ( pkt->l3_proto == L3_IPV4 )
+	if ( pkt->l3_proto == zeek::L3_IPV4 )
 		{
 		if ( caplen < sizeof(struct ip) )
 			{
@@ -157,7 +157,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
 		DoNextPacket(t, pkt, &ip_hdr, nullptr);
 		}
 
-	else if ( pkt->l3_proto == L3_IPV6 )
+	else if ( pkt->l3_proto == zeek::L3_IPV6 )
 		{
 		if ( caplen < sizeof(struct ip6_hdr) )
 			{
@@ -169,7 +169,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
 		DoNextPacket(t, pkt, &ip_hdr, nullptr);
 		}
 
-	else if ( pkt->l3_proto == L3_ARP )
+	else if ( pkt->l3_proto == zeek::L3_ARP )
 		{
 		if ( arp_analyzer )
 			arp_analyzer->NextPacket(t, pkt);
@@ -211,7 +211,7 @@ static unsigned int gre_header_len(uint16_t flags)
 	return len;
 	}
 
-void NetSessions::DoNextPacket(double t, const Packet* pkt, const zeek::IP_Hdr* ip_hdr,
+void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP_Hdr* ip_hdr,
                                const EncapsulationStack* encapsulation)
 	{
 	uint32_t caplen = pkt->cap_len - pkt->hdr_size;
@@ -738,7 +738,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const zeek::IP_Hdr*
 		}
 	}
 
-void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
+void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt,
                                     const zeek::IP_Hdr* inner, const EncapsulationStack* prev,
                                     const EncapsulatingConn& ec)
 	{
@@ -769,7 +769,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
 	outer->Add(ec);
 
 	// Construct fake packet for DoNextPacket
-	Packet p;
+	zeek::Packet p;
 	p.Init(DLT_RAW, &ts, caplen, len, data, false, "");
 
 	DoNextPacket(t, &p, inner, outer);
@@ -778,7 +778,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
 	delete outer;
 	}
 
-void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
+void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt,
                                     uint32_t caplen, uint32_t len,
                                     const u_char* data, int link_type,
                                     const EncapsulationStack* prev,
@@ -800,10 +800,10 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
 	outer->Add(ec);
 
 	// Construct fake packet for DoNextPacket
-	Packet p;
+	zeek::Packet p;
 	p.Init(link_type, &ts, caplen, len, data, false, "");
 
-	if ( p.Layer2Valid() && (p.l3_proto == L3_IPV4 || p.l3_proto == L3_IPV6) )
+	if ( p.Layer2Valid() && (p.l3_proto == zeek::L3_IPV4 || p.l3_proto == zeek::L3_IPV6) )
 		{
 		auto inner = p.IP();
 		DoNextPacket(t, &p, &inner, outer);
@@ -850,7 +850,7 @@ int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto,
 	}
 
 bool NetSessions::CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
-                                   const Packet* p, const EncapsulationStack* encap)
+                                   const zeek::Packet* p, const EncapsulationStack* encap)
 	{
 	uint32_t min_hdr_len = 0;
 	switch ( proto ) {
@@ -1160,8 +1160,8 @@ void NetSessions::GetStats(SessionStats& s) const
 	}
 
 Connection* NetSessions::NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
-					const u_char* data, int proto, uint32_t flow_label,
+                                 const u_char* data, int proto, uint32_t flow_label,
-					const Packet* pkt, const EncapsulationStack* encapsulation)
+                                 const zeek::Packet* pkt, const EncapsulationStack* encapsulation)
 	{
 	// FIXME: This should be cleaned up a bit, it's too protocol-specific.
 	// But I'm not yet sure what the right abstraction for these things is.
@@ -1302,7 +1302,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,
 	return true;
 	}
 
-void NetSessions::DumpPacket(const Packet *pkt, int len)
+void NetSessions::DumpPacket(const zeek::Packet *pkt, int len)
 	{
 	if ( ! pkt_dumper )
 		return;
@@ -1312,13 +1312,13 @@ void NetSessions::DumpPacket(const Packet *pkt, int len)
 		if ( (uint32_t)len > pkt->cap_len )
 			zeek::reporter->Warning("bad modified caplen");
 		else
-			const_cast<Packet *>(pkt)->cap_len = len;
+			const_cast<zeek::Packet *>(pkt)->cap_len = len;
 		}
 
 	pkt_dumper->Dump(pkt);
 	}
 
-void NetSessions::Weird(const char* name, const Packet* pkt,
+void NetSessions::Weird(const char* name, const zeek::Packet* pkt,
                         const EncapsulationStack* encap, const char* addl)
 	{
 	if ( pkt )

src/Sessions.h

@@ -14,7 +14,7 @@
 
 class EncapsulationStack;
 class EncapsulatingConn;
-class Packet;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
 class PacketProfiler;
 class Connection;
 class ConnCompressor;
@@ -49,7 +49,7 @@ public:
 	~NetSessions();
 
 	// Main entry point for packet processing.
-	void NextPacket(double t, const Packet* pkt);
+	void NextPacket(double t, const zeek::Packet* pkt);
 
 	void Done();	// call to drain events before destructing
 
@@ -77,15 +77,15 @@ public:
 
 	void GetStats(SessionStats& s) const;
 
-	void Weird(const char* name, const Packet* pkt,
+	void Weird(const char* name, const zeek::Packet* pkt,
 	           const EncapsulationStack* encap = nullptr, const char* addl = "");
 	void Weird(const char* name, const zeek::IP_Hdr* ip,
 	           const EncapsulationStack* encap = nullptr, const char* addl = "");
 
-	PacketFilter* GetPacketFilter()
+	zeek::detail::PacketFilter* GetPacketFilter()
 		{
 		if ( ! packet_filter )
-			packet_filter = new PacketFilter(packet_filter_default);
+			packet_filter = new zeek::detail::PacketFilter(packet_filter_default);
 		return packet_filter;
 		}
 
@@ -96,7 +96,7 @@ public:
 		return tcp_conns.size() + udp_conns.size() + icmp_conns.size();
 		}
 
-	void DoNextPacket(double t, const Packet *pkt, const zeek::IP_Hdr* ip_hdr,
+	void DoNextPacket(double t, const zeek::Packet *pkt, const zeek::IP_Hdr* ip_hdr,
 	                  const EncapsulationStack* encapsulation);
 
 	/**
@@ -113,7 +113,7 @@ public:
 	 *        the most-recently found depth of encapsulation.
 	 * @param ec The most-recently found depth of encapsulation.
 	 */
-	void DoNextInnerPacket(double t, const Packet *pkt,
+	void DoNextInnerPacket(double t, const zeek::Packet *pkt,
 	                       const zeek::IP_Hdr* inner, const EncapsulationStack* prev,
 	                       const EncapsulatingConn& ec);
 
@@ -132,7 +132,7 @@ public:
 	 *        including the most-recently found depth of encapsulation.
 	 * @param ec The most-recently found depth of encapsulation.
 	 */
-	void DoNextInnerPacket(double t, const Packet* pkt,
+	void DoNextInnerPacket(double t, const zeek::Packet* pkt,
                            uint32_t caplen, uint32_t len,
                            const u_char* data, int link_type,
                            const EncapsulationStack* prev,
@@ -177,7 +177,7 @@ protected:
 
 	Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
 			const u_char* data, int proto, uint32_t flow_label,
-			const Packet* pkt, const EncapsulationStack* encapsulation);
+			const zeek::Packet* pkt, const EncapsulationStack* encapsulation);
 
 	Connection* LookupConn(const ConnectionMap& conns, const zeek::detail::ConnIDKey& key);
 
@@ -202,13 +202,13 @@ protected:
 	// Record the given packet (if a dumper is active).  If len=0
 	// then the whole packet is recorded, otherwise just the first
 	// len bytes.
-	void DumpPacket(const Packet *pkt, int len=0);
+	void DumpPacket(const zeek::Packet *pkt, int len=0);
 
 	// For a given protocol, checks whether the header's length as derived
 	// from lower-level headers or the length actually captured is less
 	// than that protocol's minimum header size.
 	bool CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
-			      const Packet *pkt, const EncapsulationStack* encap);
+	                      const zeek::Packet *pkt, const EncapsulationStack* encap);
 
 	// Inserts a new connection into the sessions map. If a connection with
 	// the same key already exists in the map, it will be overwritten by
@@ -233,7 +233,7 @@ protected:
 
 	analyzer::stepping_stone::SteppingStoneManager* stp_manager;
 	Discarder* discarder;
-	PacketFilter* packet_filter;
+	zeek::detail::PacketFilter* packet_filter;
 	uint64_t num_packets_processed;
 	PacketProfiler* pkt_profiler;
 	bool dump_this_packet;	// if true, current packet should be recorded

src/analyzer/protocol/arp/ARP.cc

@@ -76,7 +76,7 @@ ARP_Analyzer::~ARP_Analyzer()
 #endif
 
 
-void ARP_Analyzer::NextPacket(double t, const Packet* pkt)
+void ARP_Analyzer::NextPacket(double t, const zeek::Packet* pkt)
 	{
 	const u_char *data = pkt->data;
 	// Check whether the packet is OK ("inspired" in tcpdump's print-arp.c).

src/analyzer/protocol/arp/ARP.h

@@ -24,7 +24,7 @@
 
 #include "NetVar.h"
 
-class Packet;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
 
 extern "C" {
 #include <pcap.h>
@@ -37,7 +37,7 @@ public:
 	ARP_Analyzer();
 	~ARP_Analyzer() override;
 
-	void NextPacket(double t, const Packet* pkt);
+	void NextPacket(double t, const zeek::Packet* pkt);
 
 	void Describe(ODesc* d) const override;
 	void RREvent(zeek::EventHandlerPtr e, const u_char* src, const u_char* dst,

src/analyzer/protocol/dns/DNS.cc

@@ -739,7 +739,7 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
 				// IPv6 address, depending on FAMILY, which MUST be truncated to the
 				// number of bits indicated by the SOURCE PREFIX-LENGTH field,
 				// padding with 0 bits to pad to the end of the last octet needed.
-				if ( ecs_family == L3_IPV4 )
+				if ( ecs_family == zeek::L3_IPV4 )
 					{
 					opt.ecs_family = zeek::make_intrusive<zeek::StringVal>("v4");
 					uint32_t addr = 0;
@@ -752,7 +752,7 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
 					addr = htonl(addr);
 					opt.ecs_addr = zeek::make_intrusive<zeek::AddrVal>(addr);
 					}
-				else if ( ecs_family == L3_IPV6 )
+				else if ( ecs_family == zeek::L3_IPV6 )
 					{
 					opt.ecs_family = zeek::make_intrusive<zeek::StringVal>("v6");
 					uint32_t addr[4] = { 0 };

src/analyzer/protocol/vxlan/VXLAN.cc

@@ -63,7 +63,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 	pkt_timeval ts;
 	ts.tv_sec = (time_t) current_timestamp;
 	ts.tv_usec = (suseconds_t) ((current_timestamp - (double)ts.tv_sec) * 1000000);
-	Packet pkt(DLT_EN10MB, &ts, caplen, len, data);
+	zeek::Packet pkt(DLT_EN10MB, &ts, caplen, len, data);
 
 	if ( ! pkt.Layer2Valid() )
 		{
@@ -80,10 +80,10 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 	int res = 0;
 
 	switch ( pkt.l3_proto ) {
-		case L3_IPV4:
+		case zeek::L3_IPV4:
 			res = sessions->ParseIPPacket(len, data, IPPROTO_IPV4, inner);
 			break;
-		case L3_IPV6:
+		case zeek::L3_IPV6:
 			res = sessions->ParseIPPacket(len, data, IPPROTO_IPV6, inner);
 			break;
 		default:

src/iosource/BPF_Program.cc

@@ -59,6 +59,8 @@ int pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
 }
 #endif
 
+namespace zeek::detail {
+
 // Simple heuristic to identify filters that always match, so that we can
 // skip the filtering in that case. "ip or not ip" is Bro's default filter.
 static bool filter_matches_anything(const char *filter)
@@ -158,3 +160,5 @@ void BPF_Program::FreeCode()
 		m_compiled = false;
 		}
 	}
+
+} // namespace zeek::detail

src/iosource/BPF_Program.h

@@ -8,6 +8,8 @@ extern "C" {
 
 #include <stdint.h>
 
+namespace zeek::detail {
+
 // BPF_Programs are an abstraction around struct bpf_program,
 // to create a clean facility for creating, compiling, and
 // freeing such programs.
@@ -53,3 +55,7 @@ protected:
 	bool m_matches_anything;
 	struct bpf_program m_program;
 };
+
+} // namespace zeek::detail
+
+using BPF_Program [[deprecated("Remove in v4.1. Use zeek::detail::BPF_Program.")]] = zeek::detail::BPF_Program;

src/iosource/Packet.cc

@@ -19,6 +19,8 @@ extern "C" {
 #endif
 }
 
+namespace zeek {
+
 void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen,
 		  uint32_t arg_len, const u_char *arg_data, bool arg_copy,
 		  std::string arg_tag)
@@ -688,3 +690,5 @@ void Packet::Describe(ODesc* d) const
 	d->Add("->");
 	d->Add(ip.DstAddr());
 	}
+
+} // namespace zeek

src/iosource/Packet.h

@@ -14,17 +14,16 @@ typedef struct bpf_timeval pkt_timeval;
 typedef struct timeval pkt_timeval;
 #endif
 
+class ODesc;
 ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
+ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
 
 namespace zeek {
+
 template <class T> class IntrusivePtr;
 using ValPtr = zeek::IntrusivePtr<zeek::Val>;
 using RecordValPtr = zeek::IntrusivePtr<zeek::RecordVal>;
-}
-
-class ODesc;
-ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
 
 /**
  * The Layer 3 type of a packet, as determined by the parsing code in Packet.
@@ -242,3 +241,13 @@ private:
 	// True if L2 processing succeeded.
 	bool l2_valid;
 };
+
+} // namespace zeek
+
+using Layer3Proto [[deprecated("Remove in v4.1. Use zeek::Layer3Proto.")]] = zeek::Layer3Proto;
+using Packet [[deprecated("Remove in v4.1. Use zeek::Packet.")]] = zeek::Packet;
+
+constexpr auto L3_UNKNOWN [[deprecated("Remove in v4.1. Use zeek::L3_UNKNOWN")]] = zeek::L3_UNKNOWN;
+constexpr auto L3_IPV4 [[deprecated("Remove in v4.1. Use zeek::L3_IPV4")]] = zeek::L3_IPV4;
+constexpr auto L3_IPV6 [[deprecated("Remove in v4.1. Use zeek::L3_IPV6")]] = zeek::L3_IPV6;
+constexpr auto L3_ARP [[deprecated("Remove in v4.1. Use zeek::L3_ARP")]] = zeek::L3_ARP;

src/iosource/PktDumper.h

@@ -2,9 +2,10 @@
 
 #pragma once
 
+#include "zeek-config.h"
 #include <string>
 
-class Packet;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
 
 namespace iosource {
 
@@ -84,7 +85,7 @@ public:
 	 * @return True if succesful, false otherwise (in which case \a
 	 * Error() must have been called.)
 	 */
-	virtual bool Dump(const Packet* pkt) = 0;
+	virtual bool Dump(const zeek::Packet* pkt) = 0;
 
 protected:
 	friend class Manager;

src/iosource/PktSrc.cc

@@ -90,7 +90,7 @@ double PktSrc::CurrentPacketWallClock()
 
 void PktSrc::Opened(const Properties& arg_props)
 	{
-	if ( Packet::GetLinkHeaderSize(arg_props.link_type) < 0 )
+	if ( zeek::Packet::GetLinkHeaderSize(arg_props.link_type) < 0 )
 		{
 		char buf[512];
 		snprintf(buf, sizeof(buf),
@@ -151,7 +151,7 @@ void PktSrc::Info(const std::string& msg)
 	zeek::reporter->Info("%s", msg.c_str());
 	}
 
-void PktSrc::Weird(const std::string& msg, const Packet* p)
+void PktSrc::Weird(const std::string& msg, const zeek::Packet* p)
 	{
 	sessions->Weird(msg.c_str(), p, nullptr);
 	}
@@ -269,7 +269,7 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter)
 	char errbuf[PCAP_ERRBUF_SIZE];
 
 	// Compile filter.
-	BPF_Program* code = new BPF_Program();
+	auto* code = new zeek::detail::BPF_Program();
 
 	if ( ! code->Compile(zeek::BifConst::Pcap::snaplen, LinkType(), filter.c_str(), Netmask(), errbuf, sizeof(errbuf)) )
 		{
@@ -296,7 +296,7 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter)
 	return true;
 	}
 
-BPF_Program* PktSrc::GetBPFFilter(int index)
+zeek::detail::BPF_Program* PktSrc::GetBPFFilter(int index)
 	{
 	if ( index < 0 )
 		return nullptr;
@@ -306,7 +306,7 @@ BPF_Program* PktSrc::GetBPFFilter(int index)
 
 bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_char *pkt)
 	{
-	BPF_Program* code = GetBPFFilter(index);
+	zeek::detail::BPF_Program* code = GetBPFFilter(index);
 
 	if ( ! code )
 		{
@@ -321,7 +321,7 @@ bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_ch
 	return pcap_offline_filter(code->GetProgram(), hdr, pkt);
 	}
 
-bool PktSrc::GetCurrentPacket(const Packet** pkt)
+bool PktSrc::GetCurrentPacket(const zeek::Packet** pkt)
 	{
 	if ( ! have_packet )
 		return false;

src/iosource/PktSrc.h

@@ -10,7 +10,7 @@
 #include <sys/types.h> // for u_char
 
 struct pcap_pkthdr;
-class BPF_Program;
+ZEEK_FORWARD_DECLARE_NAMESPACED(BPF_Program, zeek::detail);
 
 namespace iosource {
 
@@ -136,7 +136,7 @@ public:
 	 * @return The BPF filter associated, or null if none has been
 	 * (successfully) compiled.
 	 */
-	BPF_Program* GetBPFFilter(int index);
+	zeek::detail::BPF_Program* GetBPFFilter(int index);
 
 	/**
 	 * Applies a precompiled BPF filter to a packet. This will close the
@@ -163,7 +163,7 @@ public:
 	 *
 	 * @return True if the current packet is available, or false if not.
 	 */
-	bool GetCurrentPacket(const Packet** hdr);
+	bool GetCurrentPacket(const zeek::Packet** hdr);
 
 	// PacketSource interace for derived classes to override.
 
@@ -297,7 +297,7 @@ protected:
 	 *
 	 * @param pkt The packet associated with the weird, or null if none.
 	 */
-	void Weird(const std::string& msg, const Packet* pkt);
+	void Weird(const std::string& msg, const zeek::Packet* pkt);
 
 	/**
 	 * Can be called from derived classes to flag an internal error,
@@ -340,7 +340,7 @@ protected:
 	 * if not packet is available or an error occured (which must be
 	 * flageed via Error()).
 	 */
-	virtual bool ExtractNextPacket(Packet* pkt) = 0;
+	virtual bool ExtractNextPacket(zeek::Packet* pkt) = 0;
 
 	/**
 	 * Signals that the data of previously extracted packet will no
@@ -365,10 +365,10 @@ private:
 	Properties props;
 
 	bool have_packet;
-	Packet current_packet;
+	zeek::Packet current_packet;
 
 	// For BPF filtering support.
-	std::vector<BPF_Program *> filters;
+	std::vector<zeek::detail::BPF_Program *> filters;
 
 	// Only set in pseudo-realtime mode.
 	double first_timestamp;

src/iosource/pcap/Dumper.cc

@@ -82,7 +82,7 @@ void PcapDumper::Open()
 		}
 
 	props.open_time = network_time;
-	props.hdr_size = Packet::GetLinkHeaderSize(pcap_datalink(pd));
+	props.hdr_size = zeek::Packet::GetLinkHeaderSize(pcap_datalink(pd));
 	Opened(props);
 	}
 
@@ -99,7 +99,7 @@ void PcapDumper::Close()
 	Closed();
 	}
 
-bool PcapDumper::Dump(const Packet* pkt)
+bool PcapDumper::Dump(const zeek::Packet* pkt)
 	{
 	if ( ! dumper )
 		return false;

src/iosource/pcap/Dumper.h

@@ -22,7 +22,7 @@ protected:
 	// PktDumper interface.
 	void Open() override;
 	void Close() override;
-	bool Dump(const Packet* pkt) override;
+	bool Dump(const zeek::Packet* pkt) override;
 
 private:
 	Properties props;

src/iosource/pcap/Source.cc

@@ -191,7 +191,7 @@ void PcapSource::OpenOffline()
 	Opened(props);
 	}
 
-bool PcapSource::ExtractNextPacket(Packet* pkt)
+bool PcapSource::ExtractNextPacket(zeek::Packet* pkt)
 	{
 	if ( ! pd )
 		return false;
@@ -258,7 +258,7 @@ bool PcapSource::SetFilter(int index)
 
 	char errbuf[PCAP_ERRBUF_SIZE];
 
-	BPF_Program* code = GetBPFFilter(index);
+	zeek::detail::BPF_Program* code = GetBPFFilter(index);
 
 	if ( ! code )
 		{

src/iosource/pcap/Source.h

@@ -24,7 +24,7 @@ protected:
 	// PktSrc interface.
 	void Open() override;
 	void Close() override;
-	bool ExtractNextPacket(Packet* pkt) override;
+	bool ExtractNextPacket(zeek::Packet* pkt) override;
 	void DoneWithPacket() override;
 	bool PrecompileFilter(int index, const std::string& filter) override;
 	bool SetFilter(int index) override;