Move all base analyzer classes to zeek::analyzer namespace

auxil/bifcl

@@ -1 +1 @@
-Subproject commit 20c91e27342eb1513897702bec47590ffbad5085
+Subproject commit ddcb00d15cab84f1b1d0e82dffa764f278e0c69c

src/Conn.cc

@@ -411,17 +411,17 @@ const zeek::RecordValPtr& Connection::ConnVal()
 	return conn_val;
 	}
 
-analyzer::Analyzer* Connection::FindAnalyzer(analyzer::ID id)
+zeek::analyzer::Analyzer* Connection::FindAnalyzer(zeek::analyzer::ID id)
 	{
 	return root_analyzer ? root_analyzer->FindChild(id) : nullptr;
 	}
 
-analyzer::Analyzer* Connection::FindAnalyzer(const analyzer::Tag& tag)
+zeek::analyzer::Analyzer* Connection::FindAnalyzer(const zeek::analyzer::Tag& tag)
 	{
 	return root_analyzer ? root_analyzer->FindChild(tag) : nullptr;
 	}
 
-analyzer::Analyzer* Connection::FindAnalyzer(const char* name)
+zeek::analyzer::Analyzer* Connection::FindAnalyzer(const char* name)
 	{
 	return root_analyzer->FindChild(name);
 	}
@@ -464,7 +464,7 @@ void Connection::RemovalEvent()
 		EnqueueEvent(successful_connection_remove, nullptr, ConnVal());
 	}
 
-void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name)
+void Connection::Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, const char* name)
 	{
 	if ( ! f )
 		return;
@@ -475,7 +475,7 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch
 		EnqueueEvent(f, analyzer, ConnVal());
 	}
 
-void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2)
+void Connection::Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2)
 	{
 	if ( ! f )
 		{
@@ -495,7 +495,7 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Va
 		             zeek::IntrusivePtr{zeek::AdoptRef{}, v1});
 	}
 
-void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl)
+void Connection::ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list vl)
 	{
 	auto args = zeek::val_list_to_args(vl);
 
@@ -508,14 +508,14 @@ void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_l
 	mgr.Enqueue(f, std::move(args), SOURCE_LOCAL, a ? a->GetID() : 0, this);
 	}
 
-void Connection::ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl)
+void Connection::ConnectionEventFast(EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list vl)
 	{
 	// "this" is passed as a cookie for the event
 	mgr.Enqueue(f, zeek::val_list_to_args(vl), SOURCE_LOCAL,
 	            a ? a->GetID() : 0, this);
 	}
 
-void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl)
+void Connection::ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list* vl)
 	{
 	auto args = zeek::val_list_to_args(*vl);
 	delete vl;
@@ -524,7 +524,7 @@ void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_l
 		EnqueueEvent(f, a, std::move(args));
 	}
 
-void Connection::EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* a,
+void Connection::EnqueueEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* a,
                               zeek::Args args)
 	{
 	// "this" is passed as a cookie for the event
@@ -604,7 +604,7 @@ void Connection::FlipRoles()
 	if ( root_analyzer )
 		root_analyzer->FlipRoles();
 
-	analyzer_mgr->ApplyScheduledAnalyzers(this);
+	zeek::analyzer_mgr->ApplyScheduledAnalyzers(this);
 
 	AddHistory('^');
 	}
@@ -683,7 +683,7 @@ void Connection::IDString(ODesc* d) const
 	d->Add(ntohs(resp_port));
 	}
 
-void Connection::SetRootAnalyzer(analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia)
+void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia)
 	{
 	root_analyzer = analyzer;
 	primary_PIA = pia;

src/Conn.h

@@ -31,14 +31,15 @@ class RuleEndpointState;
 class EncapsulationStack;
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
+ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
+ZEEK_FORWARD_DECLARE_NAMESPACED(TransportLayerAnalyzer, zeek, analyzer);
+ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
 
 namespace zeek {
 using ValPtr = zeek::IntrusivePtr<Val>;
 using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
 }
 
-namespace analyzer { class TransportLayerAnalyzer; }
-
 typedef enum {
 	NUL_IN_LINE,
 	SINGULAR_CR,
@@ -62,8 +63,6 @@ static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1,
 	return addr1 < addr2 || (addr1 == addr2 && p1 < p2);
 	}
 
-namespace analyzer { class Analyzer; }
-
 class Connection final : public zeek::Obj {
 public:
 	Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id,
@@ -119,9 +118,9 @@ public:
 
 	void FlipRoles();
 
-	analyzer::Analyzer* FindAnalyzer(analyzer::ID id);
+	zeek::analyzer::Analyzer* FindAnalyzer(zeek::analyzer::ID id);
-	analyzer::Analyzer* FindAnalyzer(const analyzer::Tag& tag);	// find first in tree.
+	zeek::analyzer::Analyzer* FindAnalyzer(const zeek::analyzer::Tag& tag);	// find first in tree.
-	analyzer::Analyzer* FindAnalyzer(const char* name);	// find first in tree.
+	zeek::analyzer::Analyzer* FindAnalyzer(const char* name);	// find first in tree.
 
 	TransportProto ConnTransport() const { return proto; }
 
@@ -192,20 +191,20 @@ public:
 	// given that event's first argument will be it, and it's second will be
 	// the connection value.  If 'name' is null, then the event's first
 	// argument is the connection value.
-	void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = nullptr);
+	void Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, const char* name = nullptr);
 
 	// If a handler exists for 'f', an event will be generated.  In any case,
 	// 'v1' and 'v2' reference counts get decremented.  The event's first
 	// argument is the connection value, second argument is 'v1', and if 'v2'
 	// is given that will be it's third argument.
 	[[deprecated("Remove in v4.1.  Use EnqueueEvent() instead (note it doesn't automatically add the connection argument).")]]
-	void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2 = nullptr);
+	void Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2 = nullptr);
 
 	// If a handler exists for 'f', an event will be generated.  In any case,
 	// reference count for each element in the 'vl' list are decremented.  The
 	// arguments used for the event are whatevever is provided in 'vl'.
 	[[deprecated("Remove in v4.1.  Use EnqueueEvent() instead.")]]
-	void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer,
+	void ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer,
 				val_list vl);
 
 	// Same as ConnectionEvent, except taking the event's argument list via a
@@ -213,7 +212,7 @@ public:
 	// memory pointed to by 'vl' and also for decrementing the reference count
 	// of each of its elements.
 	[[deprecated("Remove in v4.1.  Use EnqueueEvent() instead.")]]
-	void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer,
+	void ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer,
 				val_list* vl);
 
 	// Queues an event without first checking if there's any available event
@@ -225,13 +224,13 @@ public:
 	// it would be a waste of effort to construct all the event arguments when
 	// there's no handlers to consume them).
 	[[deprecated("Remove in v4.1.  Use EnqueueEvent() instead.")]]
-	void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer,
+	void ConnectionEventFast(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer,
 				val_list vl);
 
 	/**
 	 * Enqueues an event associated with this connection and given analyzer.
 	 */
-	void EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer,
+	void EnqueueEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer,
 	                  zeek::Args args);
 
 	/**
@@ -241,7 +240,7 @@ public:
 	std::enable_if_t<
 		std::is_convertible_v<
 			std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>>
-	EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
+	EnqueueEvent(EventHandlerPtr h, zeek::analyzer::Analyzer* analyzer, Args&&... args)
 		{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
 
 	void Weird(const char* name, const char* addl = "");
@@ -305,8 +304,8 @@ public:
 	void DeleteTimer(double t);
 
 	// Sets the root of the analyzer tree as well as the primary PIA.
-	void SetRootAnalyzer(analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia);
+	void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia);
-	analyzer::TransportLayerAnalyzer* GetRootAnalyzer()	{ return root_analyzer; }
+	zeek::analyzer::TransportLayerAnalyzer* GetRootAnalyzer()	{ return root_analyzer; }
 	analyzer::pia::PIA* GetPrimaryPIA()	{ return primary_PIA; }
 
 	// Sets the transport protocol in use.
@@ -383,7 +382,7 @@ protected:
 	std::string history;
 	uint32_t hist_seen;
 
-	analyzer::TransportLayerAnalyzer* root_analyzer;
+	zeek::analyzer::TransportLayerAnalyzer* root_analyzer;
 	analyzer::pia::PIA* primary_PIA;
 
 	Bro::UID uid;	// Globally unique connection ID.

src/Event.cc

@@ -19,7 +19,7 @@ uint64_t num_events_queued = 0;
 uint64_t num_events_dispatched = 0;
 
 Event::Event(EventHandlerPtr arg_handler, zeek::Args arg_args,
-             SourceID arg_src, analyzer::ID arg_aid, Obj* arg_obj)
+             SourceID arg_src, zeek::analyzer::ID arg_aid, Obj* arg_obj)
 	: handler(arg_handler),
 	  args(std::move(arg_args)),
 	  src(arg_src),
@@ -122,7 +122,7 @@ void EventMgr::QueueEvent(const EventHandlerPtr &h, val_list* vl,
 	}
 
 void EventMgr::Enqueue(const EventHandlerPtr& h, zeek::Args vl,
-                       SourceID src, analyzer::ID aid, Obj* obj)
+                       SourceID src, zeek::analyzer::ID aid, Obj* obj)
 	{
 	QueueEvent(new Event(h, std::move(vl), src, aid, obj));
 	}

src/Event.h

@@ -17,14 +17,14 @@ class EventMgr;
 class Event final : public zeek::Obj {
 public:
 	Event(EventHandlerPtr handler, zeek::Args args,
-	      SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
+	      SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0,
 	      zeek::Obj* obj = nullptr);
 
 	void SetNext(Event* n)		{ next_event = n; }
 	Event* NextEvent() const	{ return next_event; }
 
 	SourceID Source() const		{ return src; }
-	analyzer::ID Analyzer() const	{ return aid; }
+	zeek::analyzer::ID Analyzer() const	{ return aid; }
 	EventHandlerPtr Handler() const	{ return handler; }
 	const zeek::Args& Args() const	{ return args; }
 
@@ -40,7 +40,7 @@ protected:
 	EventHandlerPtr handler;
 	zeek::Args args;
 	SourceID src;
-	analyzer::ID aid;
+	zeek::analyzer::ID aid;
 	zeek::Obj* obj;
 	Event* next_event;
 };
@@ -63,7 +63,7 @@ public:
 	// arguments when there's no handlers to consume them).
 	[[deprecated("Remove in v4.1.  Use Enqueue() instead.")]]
 	void QueueEventFast(const EventHandlerPtr &h, val_list vl,
-			SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
+			SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0,
 			TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr);
 
 	// Queues an event if there's an event handler (or remote consumer).  This
@@ -74,7 +74,7 @@ public:
 	// existence check.
 	[[deprecated("Remove in v4.1.  Use Enqueue() instead.")]]
 	void QueueEvent(const EventHandlerPtr &h, val_list vl,
-			SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
+			SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0,
 			TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr);
 
 	// Same as QueueEvent, except taking the event's argument list via a
@@ -83,7 +83,7 @@ public:
 	// each of its elements.
 	[[deprecated("Remove in v4.1.  Use Enqueue() instead.")]]
 	void QueueEvent(const EventHandlerPtr &h, val_list* vl,
-			SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
+			SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0,
 			TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr);
 
 	/**
@@ -99,7 +99,7 @@ public:
 	 * reference to until dispatching the event.
 	 */
 	void Enqueue(const EventHandlerPtr& h, zeek::Args vl,
-	             SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
+	             SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0,
 	             zeek::Obj* obj = nullptr);
 
 	/**
@@ -124,7 +124,7 @@ public:
 
 	// Returns the ID of the analyzer which raised the last event, or 0 if
 	// non-analyzer event.
-	analyzer::ID CurrentAnalyzer() const	{ return current_aid; }
+	zeek::analyzer::ID CurrentAnalyzer() const	{ return current_aid; }
 
 	int Size() const
 		{ return num_events_queued - num_events_dispatched; }
@@ -142,7 +142,7 @@ protected:
 	Event* head;
 	Event* tail;
 	SourceID current_src;
-	analyzer::ID current_aid;
+	zeek::analyzer::ID current_aid;
 	zeek::RecordVal* src_val;
 	bool draining;
 	zeek::detail::Flare queue_flare;

src/Reporter.cc

@@ -196,8 +196,7 @@ void Reporter::InternalError(const char* fmt, ...)
 	abort();
 	}
 
-void Reporter::AnalyzerError(analyzer::Analyzer* a, const char* fmt,
+void Reporter::AnalyzerError(zeek::analyzer::Analyzer* a, const char* fmt, ...)
-                                     ...)
 	{
 	if ( a )
 		a->SetSkip(true);

src/Reporter.h

@@ -15,7 +15,7 @@
 #include "BroList.h"
 #include "net_util.h"
 
-namespace analyzer { class Analyzer; }
+ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
 namespace file_analysis { class File; }
 class Connection;
 class Reporter;
@@ -120,7 +120,7 @@ public:
 
 	// Report an analyzer error. That analyzer will be set to not process
 	// any further input, but Bro otherwise continues normally.
-	void AnalyzerError(analyzer::Analyzer* a, const char* fmt, ...) __attribute__((format(printf, 3, 4)));;
+	void AnalyzerError(zeek::analyzer::Analyzer* a, const char* fmt, ...) __attribute__((format(printf, 3, 4)));;
 
 	// Toggle whether non-fatal messages should be reported through the
 	// scripting layer rather on standard output. Fatal errors are always

src/RuleAction.cc

@@ -49,7 +49,7 @@ RuleActionAnalyzer::RuleActionAnalyzer(const char* arg_analyzer)
 	string str(arg_analyzer);
 	string::size_type pos = str.find(':');
 	string arg = str.substr(0, pos);
-	analyzer = analyzer_mgr->GetComponentTag(arg.c_str());
+	analyzer = zeek::analyzer_mgr->GetComponentTag(arg.c_str());
 
 	if ( ! analyzer )
 		reporter->Warning("unknown analyzer '%s' specified in rule", arg.c_str());
@@ -57,23 +57,23 @@ RuleActionAnalyzer::RuleActionAnalyzer(const char* arg_analyzer)
 	if ( pos != string::npos )
 		{
 		arg = str.substr(pos + 1);
-		child_analyzer = analyzer_mgr->GetComponentTag(arg.c_str());
+		child_analyzer = zeek::analyzer_mgr->GetComponentTag(arg.c_str());
 
 		if ( ! child_analyzer )
 			reporter->Warning("unknown analyzer '%s' specified in rule", arg.c_str());
 		}
 	else
-		child_analyzer = analyzer::Tag();
+		child_analyzer = zeek::analyzer::Tag();
 	}
 
 void RuleActionAnalyzer::PrintDebug()
 	{
 	if ( ! child_analyzer )
-		fprintf(stderr, "|%s|\n", analyzer_mgr->GetComponentName(analyzer).c_str());
+		fprintf(stderr, "|%s|\n", zeek::analyzer_mgr->GetComponentName(analyzer).c_str());
 	else
 		fprintf(stderr, "|%s:%s|\n",
-			analyzer_mgr->GetComponentName(analyzer).c_str(),
+		        zeek::analyzer_mgr->GetComponentName(analyzer).c_str(),
-			analyzer_mgr->GetComponentName(child_analyzer).c_str());
+		        zeek::analyzer_mgr->GetComponentName(child_analyzer).c_str());
 	}
 
 
@@ -82,7 +82,7 @@ void RuleActionEnable::DoAction(const Rule* parent, RuleEndpointState* state,
 	{
 	if ( ! ChildAnalyzer() )
 		{
-		if ( ! analyzer_mgr->IsEnabled(Analyzer()) )
+		if ( ! zeek::analyzer_mgr->IsEnabled(Analyzer()) )
 			return;
 
 		if ( state->PIA() )
@@ -90,7 +90,7 @@ void RuleActionEnable::DoAction(const Rule* parent, RuleEndpointState* state,
 		}
 	else
 		{
-		if ( ! analyzer_mgr->IsEnabled(ChildAnalyzer()) )
+		if ( ! zeek::analyzer_mgr->IsEnabled(ChildAnalyzer()) )
 			return;
 
 		// This is ugly and works only if there exists only one

src/RuleAction.h

@@ -69,12 +69,12 @@ public:
 
 	void PrintDebug() override;
 
-	analyzer::Tag Analyzer() const { return analyzer; }
+	zeek::analyzer::Tag Analyzer() const { return analyzer; }
-	analyzer::Tag ChildAnalyzer() const { return child_analyzer; }
+	zeek::analyzer::Tag ChildAnalyzer() const { return child_analyzer; }
 
 private:
-	analyzer::Tag analyzer;
+	zeek::analyzer::Tag analyzer;
-	analyzer::Tag child_analyzer;
+	zeek::analyzer::Tag child_analyzer;
 };
 
 class RuleActionEnable : public RuleActionAnalyzer {

src/RuleCondition.cc

@@ -23,7 +23,7 @@ static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e)
 bool RuleConditionTCPState::DoMatch(Rule* rule, RuleEndpointState* state,
 					const u_char* data, int len)
 	{
-	analyzer::Analyzer* root = state->GetAnalyzer()->Conn()->GetRootAnalyzer();
+	zeek::analyzer::Analyzer* root = state->GetAnalyzer()->Conn()->GetRootAnalyzer();
 
 	if ( ! root || ! root->IsAnalyzer("TCP") )
 		return false;

src/RuleMatcher.cc

@@ -181,7 +181,7 @@ void RuleHdrTest::PrintDebug()
 	fprintf(stderr, "\n");
 	}
 
-RuleEndpointState::RuleEndpointState(analyzer::Analyzer* arg_analyzer, bool arg_is_orig,
+RuleEndpointState::RuleEndpointState(zeek::analyzer::Analyzer* arg_analyzer, bool arg_is_orig,
 					  RuleEndpointState* arg_opposite,
 					  analyzer::pia::PIA* arg_PIA)
 	{
@@ -736,7 +736,7 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state,
 	return rval;
 	}
 
-RuleEndpointState* RuleMatcher::InitEndpoint(analyzer::Analyzer* analyzer,
+RuleEndpointState* RuleMatcher::InitEndpoint(zeek::analyzer::Analyzer* analyzer,
 						const IP_Hdr* ip, int caplen,
 						RuleEndpointState* opposite,
 						bool from_orig, analyzer::pia::PIA* pia)
@@ -1417,7 +1417,7 @@ uint32_t id_to_uint(const char* id)
 	return 0;
 	}
 
-void RuleMatcherState::InitEndpointMatcher(analyzer::Analyzer* analyzer, const IP_Hdr* ip,
+void RuleMatcherState::InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip,
 					   int caplen, bool from_orig, analyzer::pia::PIA* pia)
 	{
 	if ( ! rule_matcher )

src/RuleMatcher.h

@@ -37,10 +37,10 @@ class RuleMatcher;
 extern RuleMatcher* rule_matcher;
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
+ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
 
 namespace analyzer {
 	namespace pia { class PIA; }
-	class Analyzer;
 }
 
 // RuleHdrTest and associated things:
@@ -139,7 +139,7 @@ class RuleEndpointState {
 public:
 	~RuleEndpointState();
 
-	analyzer::Analyzer* GetAnalyzer()	const	{ return analyzer; }
+	zeek::analyzer::Analyzer* GetAnalyzer()	const	{ return analyzer; }
 	bool IsOrig()		{ return is_orig; }
 
 	// For flipping roles.
@@ -158,7 +158,7 @@ private:
 
 	// Constructor is private; use RuleMatcher::InitEndpoint()
 	// for creating an instance.
-	RuleEndpointState(analyzer::Analyzer* arg_analyzer, bool arg_is_orig,
+	RuleEndpointState(zeek::analyzer::Analyzer* arg_analyzer, bool arg_is_orig,
 			  RuleEndpointState* arg_opposite, analyzer::pia::PIA* arg_PIA);
 
 	struct Matcher {
@@ -168,7 +168,7 @@ private:
 
 	using matcher_list = zeek::PList<Matcher>;
 
-	analyzer::Analyzer* analyzer;
+	zeek::analyzer::Analyzer* analyzer;
 	RuleEndpointState* opposite;
 	analyzer::pia::PIA* pia;
 
@@ -263,7 +263,7 @@ public:
 	// the given packet (which should be the first packet encountered for
 	// this endpoint). If the matching is triggered by an PIA, a pointer to
 	// it needs to be given.
-	RuleEndpointState* InitEndpoint(analyzer::Analyzer* analyzer, const IP_Hdr* ip,
+	RuleEndpointState* InitEndpoint(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip,
 					int caplen, RuleEndpointState* opposite, bool is_orig, analyzer::pia::PIA* pia);
 
 	// Finish matching for this stream.
@@ -372,7 +372,7 @@ public:
 		{ delete orig_match_state; delete resp_match_state; }
 
 	// ip may be nil.
-	void InitEndpointMatcher(analyzer::Analyzer* analyzer, const IP_Hdr* ip,
+	void InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip,
 				 int caplen, bool from_orig, analyzer::pia::PIA* pia = nullptr);
 
 	// bol/eol should be set to false for type Rule::PAYLOAD; they're

src/Sessions.cc

@@ -1206,7 +1206,7 @@ Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id,
 	if ( flip )
 		conn->FlipRoles();
 
-	if ( ! analyzer_mgr->BuildInitialAnalyzerTree(conn) )
+	if ( ! zeek::analyzer_mgr->BuildInitialAnalyzerTree(conn) )
 		{
 		conn->Done();
 		Unref(conn);

src/analyzer/Analyzer.cc

@@ -10,7 +10,7 @@
 #include "../ZeekString.h"
 #include "../Event.h"
 
-namespace analyzer {
+namespace zeek::analyzer {
 
 class AnalyzerTimer final : public Timer {
 public:
@@ -31,9 +31,9 @@ protected:
 	int do_expire;
 };
 
-}
+} // namespace zeek::analyzer
 
-using namespace analyzer;
+using namespace zeek::analyzer;
 
 AnalyzerTimer::AnalyzerTimer(Analyzer* arg_analyzer, analyzer_timer_func arg_timer,
 			     double arg_t, int arg_do_expire, TimerType arg_type)
@@ -72,7 +72,7 @@ void AnalyzerTimer::Init(Analyzer* arg_analyzer, analyzer_timer_func arg_timer,
 	Ref(analyzer->Conn());
 	}
 
-analyzer::ID Analyzer::id_counter = 0;
+zeek::analyzer::ID Analyzer::id_counter = 0;
 
 const char* Analyzer::GetAnalyzerName() const
 	{

src/analyzer/Analyzer.h

@@ -28,9 +28,11 @@ using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
 }
 
 namespace analyzer {
-
 namespace tcp { class TCP_ApplicationAnalyzer; }
 namespace pia { class PIA; }
+}
+
+namespace zeek::analyzer {
 
 class Analyzer;
 class AnalyzerTimer;
@@ -629,7 +631,7 @@ protected:
 	friend class AnalyzerTimer;
 	friend class Manager;
 	friend class ::Connection;
-	friend class tcp::TCP_ApplicationAnalyzer;
+	friend class ::analyzer::tcp::TCP_ApplicationAnalyzer;
 
 	/**
 	 * Return a string represantation of an analyzer, containing its name
@@ -755,13 +757,13 @@ private:
  * Convenience macro to add a new timer.
  */
 #define ADD_ANALYZER_TIMER(timer, t, do_expire, type) \
-	   AddTimer(analyzer::analyzer_timer_func(timer), (t), (do_expire), (type))
+	AddTimer(zeek::analyzer::analyzer_timer_func(timer), (t), (do_expire), (type))
 
 /**
  * Internal convenience macro to iterate over the list of child analyzers.
  */
 #define LOOP_OVER_CHILDREN(var) \
-	for ( analyzer::analyzer_list::iterator var = children.begin(); \
+	for ( zeek::analyzer::analyzer_list::iterator var = children.begin(); \
 	      var != children.end(); var++ )
 
 /**
@@ -769,14 +771,14 @@ private:
  * analyzers.
  */
 #define LOOP_OVER_CONST_CHILDREN(var) \
-	for ( analyzer::analyzer_list::const_iterator var = children.begin(); \
+	for ( zeek::analyzer::analyzer_list::const_iterator var = children.begin(); \
 	      var != children.end(); var++ )
 
 /**
  * Convenience macro to iterate over a given list of child analyzers.
  */
 #define LOOP_OVER_GIVEN_CHILDREN(var, the_kids) \
-	for ( analyzer::analyzer_list::iterator var = the_kids.begin(); \
+	for ( zeek::analyzer::analyzer_list::iterator var = the_kids.begin(); \
 	      var != the_kids.end(); var++ )
 
 /**
@@ -784,7 +786,7 @@ private:
  * analyzers.
  */
 #define LOOP_OVER_GIVEN_CONST_CHILDREN(var, the_kids) \
-	for ( analyzer::analyzer_list::const_iterator var = the_kids.begin(); \
+	for ( zeek::analyzer::analyzer_list::const_iterator var = the_kids.begin(); \
 	      var != the_kids.end(); var++ )
 
 /**
@@ -934,13 +936,13 @@ public:
 	 * transport-layer input and determine which protocol analyzer(s) to
 	 * use for parsing it.
 	 */
-	void SetPIA(pia::PIA* arg_PIA)	{ pia = arg_PIA; }
+	void SetPIA(::analyzer::pia::PIA* arg_PIA)	{ pia = arg_PIA; }
 
 	/**
 	 * Returns the associated PIA, or null of none. Does not take
 	 * ownership.
 	 */
-	pia::PIA* GetPIA() const		{ return pia; }
+	::analyzer::pia::PIA* GetPIA() const		{ return pia; }
 
 	/**
 	 * Helper to raise a \c packet_contents event.
@@ -952,7 +954,18 @@ public:
 	void PacketContents(const u_char* data, int len);
 
 private:
-	pia::PIA* pia;
+	::analyzer::pia::PIA* pia;
 };
 
+} // namespace zeek::analyzer
+
+namespace analyzer {
+	using Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::Analyzer instead.")]] = zeek::analyzer::Analyzer;
+	using AnalyzerTimer [[deprecated("Remove in v4.1. Use zeek::analyzer::AnalyzerTimer instead.")]] = zeek::analyzer::AnalyzerTimer;
+	using SupportAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::SupportAnalyzer instead.")]] = zeek::analyzer::SupportAnalyzer;
+	using OutputHandler [[deprecated("Remove in v4.1. Use zeek::analyzer::OutputHandler instead.")]] = zeek::analyzer::OutputHandler;
+	using TransportLayerAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::TransportLayerAnalyzer instead.")]] = zeek::analyzer::TransportLayerAnalyzer;
+
+	using analyzer_list [[deprecated("Remove in v4.1. Use zeek::analyzer::analyzer_list instead.")]] = zeek::analyzer::analyzer_list;
+	using ID [[deprecated("Remove in v4.1. Use zeek::analyzer::ID instead.")]] = zeek::analyzer::ID;
 }

src/analyzer/Component.cc

@@ -6,7 +6,7 @@
 #include "../Desc.h"
 #include "../util.h"
 
-using namespace analyzer;
+using namespace zeek::analyzer;
 
 Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial)
 	: zeek::plugin::Component(zeek::plugin::component::ANALYZER, name),
@@ -20,7 +20,7 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag:
 void Component::Initialize()
 	{
 	InitializeTag();
-	analyzer_mgr->RegisterComponent(this, "ANALYZER_");
+	zeek::analyzer_mgr->RegisterComponent(this, "ANALYZER_");
 	}
 
 Component::~Component()

src/analyzer/Component.h

@@ -11,9 +11,9 @@
 
 class Connection;
 
-namespace analyzer {
+ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
 
-class Analyzer;
+namespace zeek::analyzer {
 
 /**
  * Component description for plugins providing analyzers.
@@ -35,7 +35,7 @@ public:
 	 *
 	 * @param factory A factory function to instantiate instances of the
 	 * analyzer's class, which must be derived directly or indirectly
-	 * from analyzer::Analyzer. This is typically a static \c
+	 * from zeek::analyzer::Analyzer. This is typically a static \c
 	 * Instatiate() method inside the class that just allocates and
 	 * returns a new instance.
 	 *
@@ -107,4 +107,8 @@ private:
 	bool enabled;	// True if the analyzer is enabled.
 };
 
-}
+} // namespace zeek::analyzer
+
+namespace analyzer {
+	using Component [[deprecated("Remove in v4.1. Use zeek::analyzer::Component.")]] = zeek::analyzer::Component;
+} // namespace analyzer

src/analyzer/Manager.cc

@@ -17,7 +17,7 @@
 
 #include "protocol/tcp/events.bif.h"
 
-using namespace analyzer;
+using namespace zeek::analyzer;
 
 Manager::ConnIndex::ConnIndex(const IPAddr& _orig, const IPAddr& _resp,
 				     uint16_t _resp_p, uint16_t _proto)
@@ -109,7 +109,7 @@ void Manager::DumpDebug()
 	std::list<Component*> all_analyzers = GetComponents();
 	for ( std::list<Component*>::const_iterator i = all_analyzers.begin(); i != all_analyzers.end(); ++i )
 		DBG_LOG(DBG_ANALYZER, "    %s (%s)", (*i)->Name().c_str(),
-			IsEnabled((*i)->Tag()) ? "enabled" : "disabled");
+		        IsEnabled((*i)->Tag()) ? "enabled" : "disabled");
 
 	DBG_LOG(DBG_ANALYZER, " ");
 	DBG_LOG(DBG_ANALYZER, "Analyzers by port:");
@@ -202,7 +202,7 @@ void Manager::DisableAllAnalyzers()
 		(*i)->SetEnabled(false);
 	}
 
-analyzer::Tag Manager::GetAnalyzerTag(const char* name)
+zeek::analyzer::Tag Manager::GetAnalyzerTag(const char* name)
 	{
 	return GetComponentTag(name);
 	}
@@ -360,31 +360,31 @@ Manager::tag_set* Manager::LookupPort(zeek::PortVal* val, bool add_if_not_found)
 
 bool Manager::BuildInitialAnalyzerTree(Connection* conn)
 	{
-	tcp::TCP_Analyzer* tcp = nullptr;
+	::analyzer::tcp::TCP_Analyzer* tcp = nullptr;
-	udp::UDP_Analyzer* udp = nullptr;
+	::analyzer::udp::UDP_Analyzer* udp = nullptr;
-	icmp::ICMP_Analyzer* icmp = nullptr;
+	::analyzer::icmp::ICMP_Analyzer* icmp = nullptr;
 	TransportLayerAnalyzer* root = nullptr;
-	pia::PIA* pia = nullptr;
+	::analyzer::pia::PIA* pia = nullptr;
 	bool check_port = false;
 
 	switch ( conn->ConnTransport() ) {
 
 	case TRANSPORT_TCP:
-		root = tcp = new tcp::TCP_Analyzer(conn);
+		root = tcp = new ::analyzer::tcp::TCP_Analyzer(conn);
-		pia = new pia::PIA_TCP(conn);
+		pia = new ::analyzer::pia::PIA_TCP(conn);
 		check_port = true;
 		DBG_ANALYZER(conn, "activated TCP analyzer");
 		break;
 
 	case TRANSPORT_UDP:
-		root = udp = new udp::UDP_Analyzer(conn);
+		root = udp = new ::analyzer::udp::UDP_Analyzer(conn);
-		pia = new pia::PIA_UDP(conn);
+		pia = new ::analyzer::pia::PIA_UDP(conn);
 		check_port = true;
 		DBG_ANALYZER(conn, "activated UDP analyzer");
 		break;
 
 	case TRANSPORT_ICMP: {
-		root = icmp = new icmp::ICMP_Analyzer(conn);
+		root = icmp = new ::analyzer::icmp::ICMP_Analyzer(conn);
 		DBG_ANALYZER(conn, "activated ICMP analyzer");
 		break;
 		}
@@ -410,14 +410,14 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
 				{
 				for ( tag_set::const_iterator j = ports->begin(); j != ports->end(); ++j )
 					{
-					Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(*j, conn);
+					Analyzer* analyzer = zeek::analyzer_mgr->InstantiateAnalyzer(*j, conn);
 
 					if ( ! analyzer )
 						continue;
 
 					root->AddChildAnalyzer(analyzer, false);
 					DBG_ANALYZER_ARGS(conn, "activated %s analyzer due to port %d",
-							  analyzer_mgr->GetComponentName(*j).c_str(), resp_port);
+					                  zeek::analyzer_mgr->GetComponentName(*j).c_str(), resp_port);
 					}
 				}
 			}
@@ -466,25 +466,25 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
 				auto src = zeek::make_intrusive<zeek::AddrVal>(conn->OrigAddr());
 
 				if ( ! stp_skip_src->FindOrDefault(src) )
-					tcp->AddChildAnalyzer(new stepping_stone::SteppingStone_Analyzer(conn), false);
+					tcp->AddChildAnalyzer(new ::analyzer::stepping_stone::SteppingStone_Analyzer(conn), false);
 				}
 			}
 
 		if ( IsEnabled(analyzer_tcpstats) )
 			// Add TCPStats analyzer. This needs to see packets so
 			// we cannot add it as a normal child.
-			tcp->AddChildPacketAnalyzer(new tcp::TCPStats_Analyzer(conn));
+			tcp->AddChildPacketAnalyzer(new ::analyzer::tcp::TCPStats_Analyzer(conn));
 
 		if ( IsEnabled(analyzer_connsize) )
 			// Add ConnSize analyzer. Needs to see packets, not stream.
-			tcp->AddChildPacketAnalyzer(new conn_size::ConnSize_Analyzer(conn));
+			tcp->AddChildPacketAnalyzer(new ::analyzer::conn_size::ConnSize_Analyzer(conn));
 		}
 
 	else
 		{
 		if ( IsEnabled(analyzer_connsize) )
 			// Add ConnSize analyzer. Needs to see packets, not stream.
-			root->AddChildAnalyzer(new conn_size::ConnSize_Analyzer(conn));
+			root->AddChildAnalyzer(new ::analyzer::conn_size::ConnSize_Analyzer(conn));
 		}
 
 	if ( pia )
@@ -525,8 +525,8 @@ void Manager::ExpireScheduledAnalyzers()
 			conns.erase(i);
 
 			DBG_LOG(DBG_ANALYZER, "Expiring expected analyzer %s for connection %s",
-				analyzer_mgr->GetComponentName(a->analyzer).c_str(),
+			        zeek::analyzer_mgr->GetComponentName(a->analyzer).c_str(),
-				fmt_conn_id(a->conn.orig, 0, a->conn.resp, a->conn.resp_p));
+			        fmt_conn_id(a->conn.orig, 0, a->conn.resp, a->conn.resp_p));
 
 			delete a;
 			found = true;
@@ -620,7 +620,7 @@ bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, TransportLaye
 
 	for ( tag_set::iterator it = expected.begin(); it != expected.end(); ++it )
 		{
-		Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(*it, conn);
+		Analyzer* analyzer = zeek::analyzer_mgr->InstantiateAnalyzer(*it, conn);
 
 		if ( ! analyzer )
 			continue;
@@ -632,7 +632,7 @@ bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, TransportLaye
 			                   conn->ConnVal(), it->AsVal());
 
 		DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled",
-		                  analyzer_mgr->GetComponentName(*it).c_str());
+		                  zeek::analyzer_mgr->GetComponentName(*it).c_str());
 		}
 
 	return expected.size();

src/analyzer/Manager.h

@@ -34,6 +34,7 @@
 
 #include "analyzer/analyzer.bif.h"
 
+namespace zeek {
 namespace analyzer {
 
 /**
@@ -46,7 +47,7 @@ namespace analyzer {
  * respecting well-known ports, and tracking any analyzers specifically
  * scheduled for individidual connections.
  */
-class Manager : public plugin::ComponentManager<Tag, Component> {
+class Manager : public zeek::plugin::ComponentManager<Tag, Component> {
 public:
 	/**
 	 * Constructor.
@@ -399,10 +400,18 @@ private:
 	std::vector<uint16_t> vxlan_ports;
 };
 
-}
+} // namespace analyzer
 
 extern analyzer::Manager* analyzer_mgr;
 
+} // namespace zeek
+
+namespace analyzer {
+	using Manager [[deprecated("Remove in v4.1. Use zeek::analyzer::Manager instead.")]] = zeek::analyzer::Manager;
+} // namespace analyzer
+
+extern zeek::analyzer::Manager*& analyzer_mgr [[deprecated("Remove in v4.1. Use zeek::analyzer_mgr instead.")]];
+
 // Macros for anayzer debug logging which include the connection id into the
 // message.
 #ifdef DEBUG

src/analyzer/Tag.cc

@@ -3,33 +3,33 @@
 #include "Tag.h"
 #include "Manager.h"
 
-const analyzer::Tag analyzer::Tag::Error;
+const zeek::analyzer::Tag zeek::analyzer::Tag::Error;
 
-analyzer::Tag::Tag(type_t type, subtype_t subtype)
+zeek::analyzer::Tag::Tag(type_t type, subtype_t subtype)
-	: zeek::Tag(analyzer_mgr->GetTagType(), type, subtype)
+	: zeek::Tag(zeek::analyzer_mgr->GetTagType(), type, subtype)
 	{
 	}
 
-analyzer::Tag& analyzer::Tag::operator=(const analyzer::Tag& other)
+zeek::analyzer::Tag& zeek::analyzer::Tag::operator=(const zeek::analyzer::Tag& other)
 	{
 	zeek::Tag::operator=(other);
 	return *this;
 	}
 
-const zeek::EnumValPtr& analyzer::Tag::AsVal() const
+const zeek::EnumValPtr& zeek::analyzer::Tag::AsVal() const
 	{
-	return zeek::Tag::AsVal(analyzer_mgr->GetTagType());
+	return zeek::Tag::AsVal(zeek::analyzer_mgr->GetTagType());
 	}
 
-zeek::EnumVal* analyzer::Tag::AsEnumVal() const
+zeek::EnumVal* zeek::analyzer::Tag::AsEnumVal() const
 	{
 	return AsVal().get();
 	}
 
-analyzer::Tag::Tag(zeek::EnumValPtr val)
+zeek::analyzer::Tag::Tag(zeek::EnumValPtr val)
 	: zeek::Tag(std::move(val))
 	{ }
 
-analyzer::Tag::Tag(zeek::EnumVal* val)
+zeek::analyzer::Tag::Tag(zeek::EnumVal* val)
 	: zeek::Tag({zeek::NewRef{}, val})
 	{ }

src/analyzer/Tag.h

@@ -21,10 +21,10 @@ namespace plugin {
 		zeek::plugin::ComponentManager<T, C>;
 }
 
-namespace analyzer {
+ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, analyzer);
+ZEEK_FORWARD_DECLARE_NAMESPACED(Component, zeek, analyzer);
 
-class Manager;
+namespace zeek::analyzer {
-class Component;
 
 /**
  * Class to identify a protocol analyzer type.
@@ -125,4 +125,8 @@ protected:
 	explicit Tag(zeek::EnumVal* val);
 };
 
-}
+} // namespace zeek::analyzer
+
+namespace analyzer {
+	using Tag [[deprecated("Remove in v4.1. Use zeek::analyzer::Tag")]] = zeek::analyzer::Tag;
+} // namespace analyzer

src/analyzer/analyzer.bif

@@ -10,43 +10,43 @@ module Analyzer;
 
 function Analyzer::__enable_analyzer%(id: Analyzer::Tag%) : bool
 	%{
-	bool result = analyzer_mgr->EnableAnalyzer(id->AsEnumVal());
+	bool result = zeek::analyzer_mgr->EnableAnalyzer(id->AsEnumVal());
 	return zeek::val_mgr->Bool(result);
 	%}
 
 function Analyzer::__disable_analyzer%(id: Analyzer::Tag%) : bool
 	%{
-	bool result = analyzer_mgr->DisableAnalyzer(id->AsEnumVal());
+	bool result = zeek::analyzer_mgr->DisableAnalyzer(id->AsEnumVal());
 	return zeek::val_mgr->Bool(result);
 	%}
 
 function Analyzer::__disable_all_analyzers%(%) : any
 	%{
-	analyzer_mgr->DisableAllAnalyzers();
+	zeek::analyzer_mgr->DisableAllAnalyzers();
 	return nullptr;
 	%}
 
 function Analyzer::__register_for_port%(id: Analyzer::Tag, p: port%) : bool
 	%{
-	bool result = analyzer_mgr->RegisterAnalyzerForPort(id->AsEnumVal(), p);
+	bool result = zeek::analyzer_mgr->RegisterAnalyzerForPort(id->AsEnumVal(), p);
 	return zeek::val_mgr->Bool(result);
 	%}
 
 function Analyzer::__schedule_analyzer%(orig: addr, resp: addr, resp_p: port,
 					analyzer: Analyzer::Tag, tout: interval%) : bool
 	%{
-	analyzer_mgr->ScheduleAnalyzer(orig->AsAddr(), resp->AsAddr(), resp_p, analyzer->AsEnumVal(), tout);
+	zeek::analyzer_mgr->ScheduleAnalyzer(orig->AsAddr(), resp->AsAddr(), resp_p, analyzer->AsEnumVal(), tout);
 	return zeek::val_mgr->True();
 	%}
 
 function __name%(atype: Analyzer::Tag%) : string
 	%{
-	const auto& n = analyzer_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, atype->AsEnumVal()});
+	const auto& n = zeek::analyzer_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, atype->AsEnumVal()});
 	return zeek::make_intrusive<zeek::StringVal>(n);
 	%}
 
 function __tag%(name: string%) : Analyzer::Tag
 	%{
-	analyzer::Tag t = analyzer_mgr->GetComponentTag(name->CheckString());
+	analyzer::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString());
 	return t.AsVal();
 	%}

src/analyzer/protocol/ayiya/AYIYA.h

@@ -4,7 +4,7 @@
 
 namespace analyzer { namespace ayiya {
 
-class AYIYA_Analyzer final : public analyzer::Analyzer {
+class AYIYA_Analyzer final : public zeek::analyzer::Analyzer {
 public:
 	explicit AYIYA_Analyzer(Connection* conn);
 	virtual ~AYIYA_Analyzer();
@@ -13,7 +13,7 @@ public:
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const IP_Hdr* ip, int caplen);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new AYIYA_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/ayiya/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("AYIYA", ::analyzer::ayiya::AYIYA_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("AYIYA", ::analyzer::ayiya::AYIYA_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::AYIYA";

src/analyzer/protocol/bittorrent/BitTorrent.h

@@ -18,7 +18,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new BitTorrent_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/bittorrent/BitTorrentTracker.h

@@ -53,7 +53,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new BitTorrentTracker_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/bittorrent/Plugin.cc

@@ -12,8 +12,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("BitTorrent", ::analyzer::bittorrent::BitTorrent_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("BitTorrent", ::analyzer::bittorrent::BitTorrent_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("BitTorrentTracker", ::analyzer::bittorrent::BitTorrentTracker_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("BitTorrentTracker", ::analyzer::bittorrent::BitTorrentTracker_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::BitTorrent";

src/analyzer/protocol/conn-size/ConnSize.h

@@ -8,7 +8,7 @@
 
 namespace analyzer { namespace conn_size {
 
-class ConnSize_Analyzer : public analyzer::Analyzer {
+class ConnSize_Analyzer : public zeek::analyzer::Analyzer {
 public:
 	explicit ConnSize_Analyzer(Connection* c);
 	~ConnSize_Analyzer() override;
@@ -26,7 +26,7 @@ public:
 	void SetDurationThreshold(double duration);
 	double GetDurationThreshold() { return duration_thresh; };
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new ConnSize_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/conn-size/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("ConnSize", ::analyzer::conn_size::ConnSize_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("ConnSize", ::analyzer::conn_size::ConnSize_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::ConnSize";

src/analyzer/protocol/conn-size/functions.bif

@@ -3,13 +3,13 @@
 #include "Reporter.h"
 #include "Sessions.h"
 
-static analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
+static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
 	{
 	Connection* c = sessions->FindConnection(cid);
 	if ( ! c )
 		return nullptr;
 
-	analyzer::Analyzer* a = c->FindAnalyzer("CONNSIZE");
+	zeek::analyzer::Analyzer* a = c->FindAnalyzer("CONNSIZE");
 	if ( ! a )
 		reporter->Error("connection does not have ConnSize analyzer");
 
@@ -33,11 +33,11 @@ static analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
 ##               set_current_conn_duration_threshold get_current_conn_duration_threshold
 function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool
 	%{
-	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
 	if ( ! a )
 		return zeek::val_mgr->False();
 
-	static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, true, is_orig);
+	static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, true, is_orig);
 
 	return zeek::val_mgr->True();
 	%}
@@ -57,11 +57,11 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or
 ##               set_current_conn_duration_threshold get_current_conn_duration_threshold
 function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool
 	%{
-	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
 	if ( ! a )
 		return zeek::val_mgr->False();
 
-	static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, false, is_orig);
+	static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, false, is_orig);
 
 	return zeek::val_mgr->True();
 	%}
@@ -79,11 +79,11 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_
 ##               get_current_conn_duration_threshold
 function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%): bool
 	%{
-	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
 	if ( ! a )
 		return zeek::val_mgr->False();
 
-	static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetDurationThreshold(threshold);
+	static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetDurationThreshold(threshold);
 
 	return zeek::val_mgr->True();
 	%}
@@ -101,11 +101,11 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%
 ##               get_current_conn_duration_threshold
 function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
 	%{
-	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
 	if ( ! a )
 		return zeek::val_mgr->Count(0);
 
-	return zeek::val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
+	return zeek::val_mgr->Count(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
 	%}
 
 ## Gets the current packet threshold size for a connection.
@@ -120,11 +120,11 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
 ##               get_current_conn_bytes_threshold set_current_conn_duration_threshold get_current_conn_duration_threshold
 function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): count
 	%{
-	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
 	if ( ! a )
 		return zeek::val_mgr->Count(0);
 
-	return zeek::val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
+	return zeek::val_mgr->Count(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
 	%}
 
 ## Gets the current duration threshold size for a connection.
@@ -137,9 +137,9 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun
 ##               get_current_conn_packets_threshold set_current_conn_duration_threshold
 function get_current_conn_duration_threshold%(cid: conn_id%): interval
 	%{
-	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
 	if ( ! a )
 		return zeek::make_intrusive<zeek::IntervalVal>(0.0);
 
-	return zeek::make_intrusive<zeek::IntervalVal>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
+	return zeek::make_intrusive<zeek::IntervalVal>(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
 	%}

src/analyzer/protocol/dce-rpc/DCE_RPC.h

@@ -24,7 +24,7 @@ public:
 	bool SetFileID(uint64_t fid_in)
 		{ interp->set_file_id(fid_in); return true; }
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new DCE_RPC_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/dce-rpc/Plugin.cc

@@ -12,7 +12,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("DCE_RPC", ::analyzer::dce_rpc::DCE_RPC_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("DCE_RPC", ::analyzer::dce_rpc::DCE_RPC_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::DCE_RPC";

src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac

@@ -4,8 +4,8 @@
 
 refine connection DCE_RPC_Conn += {
 	%member{
-		analyzer::Analyzer *gssapi;
+		zeek::analyzer::Analyzer *gssapi;
-		analyzer::Analyzer *ntlm;
+		zeek::analyzer::Analyzer *ntlm;
 	%}
 
 	%init{
@@ -32,13 +32,13 @@ refine connection DCE_RPC_Conn += {
 			{
 			case 0x09:
 				if ( ! gssapi )
-					gssapi = analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn());
+					gssapi = zeek::analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn());
 				if ( gssapi )
 					gssapi->DeliverStream(${auth.blob}.length(), ${auth.blob}.begin(), is_orig);
 				break;
 			case 0x0a:
 				if ( ! ntlm )
-					ntlm = analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn());
+					ntlm = zeek::analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn());
 				if ( ntlm )
 					ntlm->DeliverStream(${auth.blob}.length(), ${auth.blob}.begin(), is_orig);
 				break;

src/analyzer/protocol/dhcp/DHCP.h

@@ -6,7 +6,7 @@
 
 namespace analyzer { namespace dhcp {
 
-class DHCP_Analyzer final : public analyzer::Analyzer {
+class DHCP_Analyzer final : public zeek::analyzer::Analyzer {
 public:
 	explicit DHCP_Analyzer(Connection* conn);
 	~DHCP_Analyzer() override;
@@ -15,7 +15,7 @@ public:
 	void DeliverPacket(int len, const u_char* data, bool orig,
 	                   uint64_t seq, const IP_Hdr* ip, int caplen) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new DHCP_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/dhcp/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("DHCP", ::analyzer::dhcp::DHCP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("DHCP", ::analyzer::dhcp::DHCP_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::DHCP";

src/analyzer/protocol/dnp3/DNP3.cc

@@ -113,7 +113,7 @@ bool DNP3_Base::crc_table_initialized = false;
 unsigned int DNP3_Base::crc_table[256];
 
 
-DNP3_Base::DNP3_Base(analyzer::Analyzer* arg_analyzer)
+DNP3_Base::DNP3_Base(zeek::analyzer::Analyzer* arg_analyzer)
 	{
 	analyzer = arg_analyzer;
 	interp = new binpac::DNP3::DNP3_Conn(analyzer);

src/analyzer/protocol/dnp3/DNP3.h

@@ -10,7 +10,7 @@ namespace analyzer { namespace dnp3 {
 
 class DNP3_Base {
 public:
-	explicit DNP3_Base(analyzer::Analyzer* analyzer);
+	explicit DNP3_Base(zeek::analyzer::Analyzer* analyzer);
 	virtual ~DNP3_Base();
 
 	binpac::DNP3::DNP3_Conn* Interpreter()	{ return interp; }
@@ -54,7 +54,7 @@ protected:
 	static bool crc_table_initialized;
 	static unsigned int crc_table[256];
 
-	analyzer::Analyzer* analyzer;
+	zeek::analyzer::Analyzer* analyzer;
 	binpac::DNP3::DNP3_Conn* interp;
 
 	Endpoint orig_state;
@@ -75,7 +75,7 @@ public:
 		{ return new DNP3_TCP_Analyzer(conn); }
 };
 
-class DNP3_UDP_Analyzer : public DNP3_Base, public analyzer::Analyzer {
+class DNP3_UDP_Analyzer : public DNP3_Base, public zeek::analyzer::Analyzer {
 public:
 	explicit DNP3_UDP_Analyzer(Connection* conn);
 	~DNP3_UDP_Analyzer() override;
@@ -83,7 +83,7 @@ public:
 	void DeliverPacket(int len, const u_char* data, bool orig,
                     uint64_t seq, const IP_Hdr* ip, int caplen) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new DNP3_UDP_Analyzer(conn); }
 };
 

src/analyzer/protocol/dnp3/Plugin.cc

@@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("DNP3_TCP", ::analyzer::dnp3::DNP3_TCP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("DNP3_TCP", ::analyzer::dnp3::DNP3_TCP_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::DNP3";

src/analyzer/protocol/dns/DNS.cc

@@ -19,7 +19,7 @@
 
 using namespace analyzer::dns;
 
-DNS_Interpreter::DNS_Interpreter(analyzer::Analyzer* arg_analyzer)
+DNS_Interpreter::DNS_Interpreter(zeek::analyzer::Analyzer* arg_analyzer)
 	{
 	analyzer = arg_analyzer;
 	first_message = true;
@@ -1334,7 +1334,7 @@ bool DNS_Interpreter::ParseRR_HINFO(DNS_MsgInfo* msg,
 	}
 
 static zeek::StringValPtr
-extract_char_string(analyzer::Analyzer* analyzer,
+extract_char_string(zeek::analyzer::Analyzer* analyzer,
                     const u_char*& data, int& len, int& rdlen)
 	{
 	if ( rdlen <= 0 )

src/analyzer/protocol/dns/DNS.h

@@ -248,7 +248,7 @@ public:
 
 class DNS_Interpreter {
 public:
-	explicit DNS_Interpreter(analyzer::Analyzer* analyzer);
+	explicit DNS_Interpreter(zeek::analyzer::Analyzer* analyzer);
 
 	void ParseMessage(const u_char* data, int len, int is_query);
 
@@ -343,7 +343,7 @@ protected:
 					zeek::String* question_name,
 					zeek::String* original_name);
 
-	analyzer::Analyzer* analyzer;
+	zeek::analyzer::Analyzer* analyzer;
 	bool first_message;
 };
 
@@ -393,7 +393,7 @@ public:
 					tcp::TCP_Endpoint* peer, bool gen_event) override;
 	void ExpireTimer(double t);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new DNS_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/dns/Plugin.cc

@@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("DNS", ::analyzer::dns::DNS_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("DNS", ::analyzer::dns::DNS_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("Contents_DNS", nullptr));
+		AddComponent(new zeek::analyzer::Component("Contents_DNS", nullptr));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::DNS";

src/analyzer/protocol/file/File.h

@@ -18,7 +18,7 @@ public:
 
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-//	static analyzer::Analyzer* Instantiate(Connection* conn)
+//	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 //		{ return new File_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/file/Plugin.cc

@@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("FTP_Data", ::analyzer::file::FTP_Data::Instantiate));
+		AddComponent(new zeek::analyzer::Component("FTP_Data", ::analyzer::file::FTP_Data::Instantiate));
-		AddComponent(new ::analyzer::Component("IRC_Data", ::analyzer::file::IRC_Data::Instantiate));
+		AddComponent(new zeek::analyzer::Component("IRC_Data", ::analyzer::file::IRC_Data::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::File";

src/analyzer/protocol/finger/Finger.h

@@ -16,7 +16,7 @@ public:
 	// Line-based input.
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new Finger_Analyzer(conn); }
 
 protected:
@@ -25,4 +25,4 @@ protected:
 	int did_deliver;
 };
 
-} } // namespace analyzer::* 
+} } // namespace analyzer::*

src/analyzer/protocol/finger/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("Finger", ::analyzer::finger::Finger_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("Finger", ::analyzer::finger::Finger_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::Finger";

src/analyzer/protocol/ftp/FTP.cc

@@ -166,7 +166,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
 			// Server wants to proceed with an ADAT exchange and we
 			// know how to analyze the GSI mechanism, so attach analyzer
 			// to look for that.
-			Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn());
+			Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn());
 			if ( ssl )
 				{
 				ssl->AddSupportAnalyzer(new FTP_ADAT_Analyzer(Conn(), true));

src/analyzer/protocol/ftp/FTP.h

@@ -15,7 +15,7 @@ public:
 	void Done() override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{
 		return new FTP_Analyzer(conn);
 		}
@@ -34,7 +34,7 @@ protected:
  * analyzer just decodes the tokens and passes them on to the parent, which must
  * be an SSL analyzer instance.
  */
-class FTP_ADAT_Analyzer final : public analyzer::SupportAnalyzer {
+class FTP_ADAT_Analyzer final : public zeek::analyzer::SupportAnalyzer {
 public:
 	FTP_ADAT_Analyzer(Connection* conn, bool arg_orig)
 	    : SupportAnalyzer("FTP_ADAT", conn, arg_orig),

src/analyzer/protocol/ftp/Plugin.cc

@@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("FTP", ::analyzer::ftp::FTP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("FTP", ::analyzer::ftp::FTP_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("FTP_ADAT", nullptr));
+		AddComponent(new zeek::analyzer::Component("FTP_ADAT", nullptr));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::FTP";

src/analyzer/protocol/gnutella/Gnutella.cc

@@ -119,14 +119,14 @@ bool Gnutella_Analyzer::IsHTTP(std::string header)
 	if ( gnutella_http_notify )
 		EnqueueConnEvent(gnutella_http_notify, ConnVal());
 
-	analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn());
+	zeek::analyzer::Analyzer* a = zeek::analyzer_mgr->InstantiateAnalyzer("HTTP", Conn());
 
 	if ( a && Parent()->AddChildAnalyzer(a) )
 		{
 		if ( Parent()->IsAnalyzer("TCP") )
 			{
 			// Replay buffered data.
-			pia::PIA* pia = static_cast<analyzer::TransportLayerAnalyzer *>(Parent())->GetPIA();
+			pia::PIA* pia = static_cast<zeek::analyzer::TransportLayerAnalyzer *>(Parent())->GetPIA();
 			if ( pia )
 				static_cast<pia::PIA_TCP *>(pia)->ReplayStreamBuffer(a);
 			}

src/analyzer/protocol/gnutella/Gnutella.h

@@ -41,7 +41,7 @@ public:
 	void Done () override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new Gnutella_Analyzer(conn); }
 
 private:

src/analyzer/protocol/gnutella/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("Gnutella", ::analyzer::gnutella::Gnutella_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("Gnutella", ::analyzer::gnutella::Gnutella_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::Gnutella";

src/analyzer/protocol/gssapi/GSSAPI.h

@@ -24,7 +24,7 @@ public:
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new GSSAPI_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/gssapi/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("GSSAPI", ::analyzer::gssapi::GSSAPI_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("GSSAPI", ::analyzer::gssapi::GSSAPI_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::GSSAPI";

src/analyzer/protocol/gssapi/gssapi-analyzer.pac

@@ -1,8 +1,8 @@
 
 refine connection GSSAPI_Conn += {
 	%member{
-		analyzer::Analyzer *ntlm;
+		zeek::analyzer::Analyzer *ntlm;
-		analyzer::Analyzer *krb5;
+		zeek::analyzer::Analyzer *krb5;
 	%}
 
 	%init{
@@ -34,7 +34,7 @@ refine connection GSSAPI_Conn += {
 			{
 			// ntlmssp
 			if ( ! ntlm )
-				ntlm = analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn());
+				ntlm = zeek::analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn());
 
 			if ( ntlm )
 				ntlm->DeliverStream(${val.ntlm}.length(),
@@ -44,7 +44,7 @@ refine connection GSSAPI_Conn += {
 		else if ( ${val.has_krb} )
 			{
 			if ( ! krb5 )
-				krb5 = analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn());
+				krb5 = zeek::analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn());
 
 			if ( krb5 ) // accepting all KRB types (REQ, REP, etc)
 				{
@@ -77,4 +77,3 @@ refine typeattr GSSAPI_NEG_TOKEN_MECH_TOKEN += &let {
 refine typeattr GSSAPI_NEG_TOKEN_RESP_Arg += &let {
 	proc: bool = $context.connection.proc_gssapi_neg_result(this) &if(seq_meta.index==0);
 };
-

src/analyzer/protocol/gtpv1/GTPv1.h

@@ -4,7 +4,7 @@
 
 namespace analyzer { namespace gtpv1 {
 
-class GTPv1_Analyzer final : public analyzer::Analyzer {
+class GTPv1_Analyzer final : public zeek::analyzer::Analyzer {
 public:
 	explicit GTPv1_Analyzer(Connection* conn);
 	virtual ~GTPv1_Analyzer();
@@ -13,7 +13,7 @@ public:
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const IP_Hdr* ip, int caplen);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new GTPv1_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/gtpv1/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("GTPv1", ::analyzer::gtpv1::GTPv1_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("GTPv1", ::analyzer::gtpv1::GTPv1_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::GTPv1";

src/analyzer/protocol/http/HTTP.cc

@@ -173,7 +173,7 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF)
 		DeliverBody(len, data, trailing_CRLF);
 	}
 
-class HTTP_Entity::UncompressedOutput : public analyzer::OutputHandler {
+class HTTP_Entity::UncompressedOutput : public zeek::analyzer::OutputHandler {
 public:
 	UncompressedOutput(HTTP_Entity* e)	{ entity = e; }
 	void DeliverStream(int len, const u_char* data, bool orig) override
@@ -1712,7 +1712,7 @@ void analyzer::http::escape_URI_char(unsigned char ch, unsigned char*& p)
 	}
 
 zeek::String* analyzer::http::unescape_URI(const u_char* line, const u_char* line_end,
-                                              analyzer::Analyzer* analyzer)
+                                           zeek::analyzer::Analyzer* analyzer)
 	{
 	zeek::byte_vec decoded_URI = new u_char[line_end - line + 1];
 	zeek::byte_vec URI_p = decoded_URI;

src/analyzer/protocol/http/HTTP.h

@@ -195,7 +195,7 @@ public:
 	int GetRequestOngoing() { return request_ongoing; };
 	int GetReplyOngoing() { return reply_ongoing; };
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new HTTP_Analyzer(conn); }
 
 	static bool Available()
@@ -282,6 +282,6 @@ extern bool is_reserved_URI_char(unsigned char ch);
 extern bool is_unreserved_URI_char(unsigned char ch);
 extern void escape_URI_char(unsigned char ch, unsigned char*& p);
 extern zeek::String* unescape_URI(const u_char* line, const u_char* line_end,
-                                     analyzer::Analyzer* analyzer);
+                                  zeek::analyzer::Analyzer* analyzer);
 
 } } // namespace analyzer::*

src/analyzer/protocol/http/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("HTTP", ::analyzer::http::HTTP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("HTTP", ::analyzer::http::HTTP_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::HTTP";

src/analyzer/protocol/http/functions.bif

@@ -15,12 +15,12 @@ function skip_http_entity_data%(c: connection, is_orig: bool%): any
 	analyzer::ID id = mgr.CurrentAnalyzer();
 	if ( id )
 		{
-		analyzer::Analyzer* ha = c->FindAnalyzer(id);
+		zeek::analyzer::Analyzer* ha = c->FindAnalyzer(id);
 
 		if ( ha )
 			{
 			if ( ha->IsAnalyzer("HTTP") )
-				static_cast<analyzer::http::HTTP_Analyzer*>(ha)->SkipEntityData(is_orig);
+				static_cast<::analyzer::http::HTTP_Analyzer*>(ha)->SkipEntityData(is_orig);
 			else
 				reporter->Error("non-HTTP analyzer associated with connection record");
 			}
@@ -52,5 +52,5 @@ function unescape_URI%(URI: string%): string
 	const u_char* line = URI->Bytes();
 	const u_char* const line_end = line + URI->Len();
 
-	return zeek::make_intrusive<zeek::StringVal>(analyzer::http::unescape_URI(line, line_end, 0));
+	return zeek::make_intrusive<zeek::StringVal>(::analyzer::http::unescape_URI(line, line_end, 0));
 	%}

src/analyzer/protocol/icmp/ICMP.h

@@ -20,13 +20,13 @@ typedef enum {
 
 // We do not have an PIA for ICMP (yet) and therefore derive from
 // RuleMatcherState to perform our own matching.
-class ICMP_Analyzer final : public analyzer::TransportLayerAnalyzer {
+class ICMP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer {
 public:
 	explicit ICMP_Analyzer(Connection* conn);
 
 	void UpdateConnVal(zeek::RecordVal *conn_val) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new ICMP_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/icmp/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("ICMP", ::analyzer::icmp::ICMP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("ICMP", ::analyzer::icmp::ICMP_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::ICMP";

src/analyzer/protocol/ident/Ident.h

@@ -14,7 +14,7 @@ public:
 
 	void DeliverStream(int length, const u_char* data, bool is_orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new Ident_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/ident/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("Ident", ::analyzer::ident::Ident_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("Ident", ::analyzer::ident::Ident_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::Ident";

src/analyzer/protocol/imap/IMAP.cc

@@ -79,7 +79,7 @@ void IMAP_Analyzer::StartTLS()
 	// TLS datastream.
 	tls_active = true;
 
-	Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn());
+	Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn());
 	if ( ssl )
 		AddChildAnalyzer(ssl);
 	}

src/analyzer/protocol/imap/IMAP.h

@@ -24,7 +24,7 @@ public:
 
 	void StartTLS();
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new IMAP_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/imap/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("IMAP", ::analyzer::imap::IMAP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("IMAP", ::analyzer::imap::IMAP_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::IMAP";

src/analyzer/protocol/irc/IRC.cc

@@ -1178,7 +1178,7 @@ void IRC_Analyzer::StartTLS()
 	RemoveSupportAnalyzer(cl_orig);
 	RemoveSupportAnalyzer(cl_resp);
 
-	Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn());
+	Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn());
 	if ( ssl )
 		AddChildAnalyzer(ssl);
 

src/analyzer/protocol/irc/IRC.h

@@ -32,7 +32,7 @@ public:
 	*/
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{
 		return new IRC_Analyzer(conn);
 		}

src/analyzer/protocol/irc/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("IRC", ::analyzer::irc::IRC_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("IRC", ::analyzer::irc::IRC_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::IRC";

src/analyzer/protocol/krb/KRB.h

@@ -12,7 +12,7 @@
 
 namespace analyzer { namespace krb {
 
-class KRB_Analyzer final : public analyzer::Analyzer {
+class KRB_Analyzer final : public zeek::analyzer::Analyzer {
 
 public:
 	explicit KRB_Analyzer(Connection* conn);
@@ -22,7 +22,7 @@ public:
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
 							   uint64_t seq, const IP_Hdr* ip, int caplen);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new KRB_Analyzer(conn); }
 
 	zeek::StringValPtr GetAuthenticationInfo(const zeek::String* principal,

src/analyzer/protocol/krb/KRB_TCP.h

@@ -26,7 +26,7 @@ public:
 	                                         const bro_uint_t enctype)
 		{ return zeek::val_mgr->EmptyString(); }
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new KRB_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/krb/Plugin.cc

@@ -12,8 +12,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("KRB", ::analyzer::krb::KRB_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("KRB", ::analyzer::krb::KRB_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("KRB_TCP", ::analyzer::krb_tcp::KRB_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("KRB_TCP", ::analyzer::krb_tcp::KRB_Analyzer::Instantiate));
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::KRB";
 		config.description = "Kerberos analyzer";

src/analyzer/protocol/login/Plugin.cc

@@ -14,13 +14,13 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("Telnet", ::analyzer::login::Telnet_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("Telnet", ::analyzer::login::Telnet_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("Rsh", ::analyzer::login::Rsh_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("Rsh", ::analyzer::login::Rsh_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("Rlogin", ::analyzer::login::Rlogin_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("Rlogin", ::analyzer::login::Rlogin_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("NVT", nullptr));
+		AddComponent(new zeek::analyzer::Component("NVT", nullptr));
-		AddComponent(new ::analyzer::Component("Login", nullptr));
+		AddComponent(new zeek::analyzer::Component("Login", nullptr));
-		AddComponent(new ::analyzer::Component("Contents_Rsh", nullptr));
+		AddComponent(new zeek::analyzer::Component("Contents_Rsh", nullptr));
-		AddComponent(new ::analyzer::Component("Contents_Rlogin", nullptr));
+		AddComponent(new zeek::analyzer::Component("Contents_Rlogin", nullptr));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::Login";

src/analyzer/protocol/login/RSH.h

@@ -48,7 +48,7 @@ public:
 	void ClientUserName(const char* s);
 	void ServerUserName(const char* s);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new Rsh_Analyzer(conn); }
 
 	Contents_Rsh_Analyzer* contents_orig;

src/analyzer/protocol/login/Rlogin.h

@@ -61,7 +61,7 @@ public:
 	void ServerUserName(const char* s);
 	void TerminalType(const char* s);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new Rlogin_Analyzer(conn); }
 };
 

src/analyzer/protocol/login/Telnet.h

@@ -11,8 +11,8 @@ public:
 	explicit Telnet_Analyzer(Connection* conn);
 	~Telnet_Analyzer() override {}
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new Telnet_Analyzer(conn); }
 };
 
-} } // namespace analyzer::* 
+} } // namespace analyzer::*

src/analyzer/protocol/login/functions.bif

@@ -30,11 +30,11 @@ function get_login_state%(cid: conn_id%): count
 	if ( ! c )
 		return zeek::val_mgr->False();
 
-	analyzer::Analyzer* la = c->FindAnalyzer("Login");
+	zeek::analyzer::Analyzer* la = c->FindAnalyzer("Login");
 	if ( ! la )
 		return zeek::val_mgr->False();
 
-	return zeek::val_mgr->Count(int(static_cast<analyzer::login::Login_Analyzer*>(la)->LoginState()));
+	return zeek::val_mgr->Count(int(static_cast<::analyzer::login::Login_Analyzer*>(la)->LoginState()));
 	%}
 
 ## Sets the login state of a connection with a login analyzer.
@@ -54,10 +54,10 @@ function set_login_state%(cid: conn_id, new_state: count%): bool
 	if ( ! c )
 		return zeek::val_mgr->False();
 
-	analyzer::Analyzer* la = c->FindAnalyzer("Login");
+	zeek::analyzer::Analyzer* la = c->FindAnalyzer("Login");
 	if ( ! la )
 		return zeek::val_mgr->False();
 
-	static_cast<analyzer::login::Login_Analyzer*>(la)->SetLoginState(analyzer::login::login_state(new_state));
+	static_cast<::analyzer::login::Login_Analyzer*>(la)->SetLoginState(::analyzer::login::login_state(new_state));
 	return zeek::val_mgr->True();
 	%}

src/analyzer/protocol/mime/MIME.cc

@@ -1154,7 +1154,7 @@ void MIME_Entity::StartDecodeBase64()
 		delete base64_decoder;
 		}
 
-	analyzer::Analyzer* analyzer = message->GetAnalyzer();
+	zeek::analyzer::Analyzer* analyzer = message->GetAnalyzer();
 
 	if ( ! analyzer )
 		{
@@ -1329,7 +1329,7 @@ zeek::TableValPtr MIME_Message::ToHeaderTable(MIME_HeaderList& hlist)
 	return t;
 	}
 
-MIME_Mail::MIME_Mail(analyzer::Analyzer* mail_analyzer, bool orig, int buf_size)
+MIME_Mail::MIME_Mail(zeek::analyzer::Analyzer* mail_analyzer, bool orig, int buf_size)
 : MIME_Message(mail_analyzer), md5_hash()
 	{
 	analyzer = mail_analyzer;

src/analyzer/protocol/mime/MIME.h

@@ -192,7 +192,7 @@ protected:
 
 class MIME_Message {
 public:
-	explicit MIME_Message(analyzer::Analyzer* arg_analyzer)
+	explicit MIME_Message(zeek::analyzer::Analyzer* arg_analyzer)
 		{
 		// Cannot initialize top_level entity because we do
 		// not know its type yet (MIME_Entity / MIME_Mail /
@@ -218,7 +218,7 @@ public:
 		top_level->Deliver(len, data, trailing_CRLF);
 		}
 
-	analyzer::Analyzer* GetAnalyzer() const	{ return analyzer; }
+	zeek::analyzer::Analyzer* GetAnalyzer() const	{ return analyzer; }
 
 	// Events generated by MIME_Entity
 	virtual void BeginEntity(MIME_Entity*) = 0;
@@ -230,7 +230,7 @@ public:
 	virtual void SubmitEvent(int event_type, const char* detail) = 0;
 
 protected:
-	analyzer::Analyzer* analyzer;
+	zeek::analyzer::Analyzer* analyzer;
 
 	MIME_Entity* top_level;
 	bool finished;
@@ -246,7 +246,7 @@ protected:
 
 class MIME_Mail final : public MIME_Message {
 public:
-	MIME_Mail(analyzer::Analyzer* mail_conn, bool is_orig, int buf_size = 0);
+	MIME_Mail(zeek::analyzer::Analyzer* mail_conn, bool is_orig, int buf_size = 0);
 	~MIME_Mail() override;
 	void Done() override;
 

src/analyzer/protocol/modbus/Modbus.h

@@ -16,11 +16,11 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new ModbusTCP_Analyzer(conn); }
 
 protected:
 	binpac::ModbusTCP::ModbusTCP_Conn* interp;
 };
 
-} } // namespace analyzer::* 
+} } // namespace analyzer::*

src/analyzer/protocol/modbus/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("MODBUS", ::analyzer::modbus::ModbusTCP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("MODBUS", ::analyzer::modbus::ModbusTCP_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::Modbus";

src/analyzer/protocol/mqtt/MQTT.h

@@ -20,7 +20,7 @@ public:
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 	void EndpointEOF(bool is_orig) override;
 
-	static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
+	static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
 		{ return new MQTT_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/mqtt/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("MQTT",
+		AddComponent(new zeek::analyzer::Component("MQTT",
 		             ::analyzer::MQTT::MQTT_Analyzer::InstantiateAnalyzer));
 
 		zeek::plugin::Configuration config;

src/analyzer/protocol/mysql/MySQL.h

@@ -24,7 +24,7 @@ public:
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new MySQL_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/mysql/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("MySQL", ::analyzer::MySQL::MySQL_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("MySQL", ::analyzer::MySQL::MySQL_Analyzer::Instantiate));
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::MySQL";
 		config.description = "MySQL analyzer";

src/analyzer/protocol/ncp/NCP.cc

@@ -23,7 +23,7 @@ using namespace analyzer::ncp;
 	 uint16(xbyte(bytes, 0)) | ((uint16(xbyte(bytes, 1))) << 8) : \
 	 uint16(xbyte(bytes, 1)) | ((uint16(xbyte(bytes, 0))) << 8))
 
-NCP_Session::NCP_Session(analyzer::Analyzer* a)
+NCP_Session::NCP_Session(zeek::analyzer::Analyzer* a)
 : analyzer(a)
 	{
 	req_frame_type = 0;

src/analyzer/protocol/ncp/NCP.h

@@ -30,7 +30,7 @@ namespace analyzer { namespace ncp {
 
 class NCP_Session {
 public:
-	explicit NCP_Session(analyzer::Analyzer* analyzer);
+	explicit NCP_Session(zeek::analyzer::Analyzer* analyzer);
 
 	void Deliver(bool is_orig, int len, const u_char* data);
 
@@ -42,7 +42,7 @@ public:
 protected:
 	void DeliverFrame(const binpac::NCP::ncp_frame* frame);
 
-	analyzer::Analyzer* analyzer;
+	zeek::analyzer::Analyzer* analyzer;
 	int req_frame_type;
 	int req_func;
 };
@@ -104,7 +104,7 @@ public:
 	explicit NCP_Analyzer(Connection* conn);
 	~NCP_Analyzer() override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new NCP_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/ncp/Plugin.cc

@@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("NCP", ::analyzer::ncp::NCP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("NCP", ::analyzer::ncp::NCP_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("Contents_NCP", nullptr));
+		AddComponent(new zeek::analyzer::Component("Contents_NCP", nullptr));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::NCP";

src/analyzer/protocol/netbios/NetbiosSSN.cc

@@ -49,14 +49,14 @@ NetbiosDGM_RawMsgHdr::NetbiosDGM_RawMsgHdr(const u_char*& data, int& len)
 	}
 
 
-NetbiosSSN_Interpreter::NetbiosSSN_Interpreter(Analyzer* arg_analyzer)
+NetbiosSSN_Interpreter::NetbiosSSN_Interpreter(zeek::analyzer::Analyzer* arg_analyzer)
 	{
 	analyzer = arg_analyzer;
 	//smb_session = arg_smb_session;
 	}
 
 void NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags,
-				const u_char* data, int len, bool is_query)
+                                          const u_char* data, int len, bool is_query)
 	{
 	if ( netbios_session_message )
 		analyzer->EnqueueConnEvent(netbios_session_message,

src/analyzer/protocol/netbios/NetbiosSSN.h

@@ -63,7 +63,7 @@ struct NetbiosDGM_RawMsgHdr {
 
 class NetbiosSSN_Interpreter {
 public:
-	explicit NetbiosSSN_Interpreter(Analyzer* analyzer);
+	explicit NetbiosSSN_Interpreter(zeek::analyzer::Analyzer* analyzer);
 
 	void ParseMessage(unsigned int type, unsigned int flags,
 			const u_char* data, int len, bool is_query);
@@ -98,7 +98,7 @@ protected:
 			u_char*& xname, int& xlen);
 
 protected:
-	Analyzer* analyzer;
+	zeek::analyzer::Analyzer* analyzer;
 	//SMB_Session* smb_session;
 };
 
@@ -148,7 +148,7 @@ public:
 	void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const IP_Hdr* ip, int caplen) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new NetbiosSSN_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/netbios/Plugin.cc

@@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("NetbiosSSN", ::analyzer::netbios_ssn::NetbiosSSN_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("NetbiosSSN", ::analyzer::netbios_ssn::NetbiosSSN_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("Contents_NetbiosSSN", nullptr));
+		AddComponent(new zeek::analyzer::Component("Contents_NetbiosSSN", nullptr));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::NetBIOS";

src/analyzer/protocol/ntlm/NTLM.h

@@ -24,7 +24,7 @@ public:
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new NTLM_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/ntlm/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("NTLM", ::analyzer::ntlm::NTLM_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("NTLM", ::analyzer::ntlm::NTLM_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::NTLM";

src/analyzer/protocol/ntp/NTP.cc

@@ -7,7 +7,7 @@
 using namespace analyzer::NTP;
 
 NTP_Analyzer::NTP_Analyzer(Connection* c)
-	: analyzer::Analyzer("NTP", c)
+	: zeek::analyzer::Analyzer("NTP", c)
 	{
 	interp = new binpac::NTP::NTP_Conn(this);
 	}

src/analyzer/protocol/ntp/NTP.h

@@ -9,7 +9,7 @@
 
 namespace analyzer { namespace NTP {
 
-class NTP_Analyzer final : public analyzer::Analyzer {
+class NTP_Analyzer final : public zeek::analyzer::Analyzer {
 public:
 	explicit NTP_Analyzer(Connection* conn);
 	~NTP_Analyzer() override;
@@ -19,7 +19,7 @@ public:
 	void DeliverPacket(int len, const u_char* data, bool orig,
 					uint64_t seq, const IP_Hdr* ip, int caplen) override;
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new NTP_Analyzer(conn); }
 
 protected:

src/analyzer/protocol/ntp/Plugin.cc

@@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("NTP", ::analyzer::NTP::NTP_Analyzer::Instantiate));
+		AddComponent(new zeek::analyzer::Component("NTP", ::analyzer::NTP::NTP_Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::NTP";

src/analyzer/protocol/pia/PIA.cc

@@ -10,7 +10,7 @@
 
 using namespace analyzer::pia;
 
-PIA::PIA(analyzer::Analyzer* arg_as_analyzer)
+PIA::PIA(zeek::analyzer::Analyzer* arg_as_analyzer)
 	: state(INIT), as_analyzer(arg_as_analyzer), conn(), current_packet()
 	{
 	}
@@ -71,7 +71,7 @@ void PIA::AddToBuffer(Buffer* buffer, int len, const u_char* data, bool is_orig,
 	AddToBuffer(buffer, -1, len, data, is_orig, ip);
 	}
 
-void PIA::ReplayPacketBuffer(analyzer::Analyzer* analyzer)
+void PIA::ReplayPacketBuffer(zeek::analyzer::Analyzer* analyzer)
 	{
 	DBG_LOG(DBG_ANALYZER, "PIA replaying %d total packet bytes", pkt_buffer.size);
 
@@ -145,7 +145,7 @@ void PIA::DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol,
 				bol, eol, clear_state);
 	}
 
-void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
+void PIA_UDP::ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule)
 	{
 	if ( pkt_buffer.state == MATCHING_ONLY )
 		{
@@ -170,7 +170,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
 	if ( Parent()->HasChildAnalyzer(tag) )
 		return;
 
-	analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag);
+	zeek::analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag);
 
 	if ( ! a )
 		return;
@@ -179,7 +179,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
 	ReplayPacketBuffer(a);
 	}
 
-void PIA_UDP::DeactivateAnalyzer(analyzer::Tag tag)
+void PIA_UDP::DeactivateAnalyzer(zeek::analyzer::Tag tag)
 	{
 	reporter->InternalError("PIA_UDP::Deact not implemented yet");
 	}
@@ -292,7 +292,7 @@ void PIA_TCP::Undelivered(uint64_t seq, int len, bool is_orig)
 	// No check for buffer overrun here. I think that's ok.
 	}
 
-void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
+void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule)
 	{
 	if ( stream_buffer.state == MATCHING_ONLY )
 		{
@@ -314,7 +314,7 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
 		return;
 		}
 
-	analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag);
+	zeek::analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag);
 
 	if ( ! a )
 		return;
@@ -418,12 +418,12 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule)
 	tcp->SetReassembler(reass_orig, reass_resp);
 	}
 
-void PIA_TCP::DeactivateAnalyzer(analyzer::Tag tag)
+void PIA_TCP::DeactivateAnalyzer(zeek::analyzer::Tag tag)
 	{
 	reporter->InternalError("PIA_TCP::Deact not implemented yet");
 	}
 
-void PIA_TCP::ReplayStreamBuffer(analyzer::Analyzer* analyzer)
+void PIA_TCP::ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer)
 	{
 	DBG_LOG(DBG_ANALYZER, "PIA_TCP replaying %d total stream bytes", stream_buffer.size);
 

src/analyzer/protocol/pia/PIA.h

@@ -19,25 +19,25 @@ namespace analyzer { namespace pia {
 // PIAs and then each needs its own matching-state.
 class PIA : public RuleMatcherState {
 public:
-	explicit PIA(analyzer::Analyzer* as_analyzer);
+	explicit PIA(zeek::analyzer::Analyzer* as_analyzer);
 	virtual ~PIA();
 
 	// Called when PIA wants to put an Analyzer in charge.  rule is the
 	// signature that triggered the activitation, if any.
-	virtual void ActivateAnalyzer(analyzer::Tag tag,
+	virtual void ActivateAnalyzer(zeek::analyzer::Tag tag,
 					const Rule* rule = nullptr) = 0;
 
 	// Called when PIA wants to remove an Analyzer.
-	virtual void DeactivateAnalyzer(analyzer::Tag tag) = 0;
+	virtual void DeactivateAnalyzer(zeek::analyzer::Tag tag) = 0;
 
 	void Match(Rule::PatternType type, const u_char* data, int len,
 			bool is_orig, bool bol, bool eol, bool clear_state);
 
-	void ReplayPacketBuffer(analyzer::Analyzer* analyzer);
+	void ReplayPacketBuffer(zeek::analyzer::Analyzer* analyzer);
 
 	// Children are also derived from Analyzer. Return this object
 	// as pointer to an Analyzer.
-	analyzer::Analyzer* AsAnalyzer()	{ return as_analyzer; }
+	zeek::analyzer::Analyzer* AsAnalyzer()	{ return as_analyzer; }
 
 protected:
 	void PIA_Done();
@@ -82,20 +82,20 @@ protected:
 	Buffer pkt_buffer;
 
 private:
-	analyzer::Analyzer* as_analyzer;
+	zeek::analyzer::Analyzer* as_analyzer;
 	Connection* conn;
 	DataBlock current_packet;
 };
 
 // PIA for UDP.
-class PIA_UDP : public PIA, public analyzer::Analyzer {
+class PIA_UDP : public PIA, public zeek::analyzer::Analyzer {
 public:
 	explicit PIA_UDP(Connection* conn)
 	: PIA(this), Analyzer("PIA_UDP", conn)
 		{ SetConn(conn); }
 	~PIA_UDP() override { }
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new PIA_UDP(conn); }
 
 protected:
@@ -112,8 +112,8 @@ protected:
 		PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true);
 		}
 
-	void ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) override;
+	void ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule) override;
-	void DeactivateAnalyzer(analyzer::Tag tag) override;
+	void DeactivateAnalyzer(zeek::analyzer::Tag tag) override;
 };
 
 // PIA for TCP.  Accepts both packet and stream input (and reassembles
@@ -138,9 +138,9 @@ public:
 	// to be unnecessary overhead.)
 	void FirstPacket(bool is_orig, const IP_Hdr* ip);
 
-	void ReplayStreamBuffer(analyzer::Analyzer* analyzer);
+	void ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
+	static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new PIA_TCP(conn); }
 
 protected:
@@ -160,9 +160,9 @@ protected:
 	void DeliverStream(int len, const u_char* data, bool is_orig) override;
 	void Undelivered(uint64_t seq, int len, bool is_orig) override;
 
-	void ActivateAnalyzer(analyzer::Tag tag,
+	void ActivateAnalyzer(zeek::analyzer::Tag tag,
 					const Rule* rule = nullptr) override;
-	void DeactivateAnalyzer(analyzer::Tag tag) override;
+	void DeactivateAnalyzer(zeek::analyzer::Tag tag) override;
 
 private:
 	// FIXME: Not sure yet whether we need both pkt_buffer and stream_buffer.
@@ -172,4 +172,4 @@ private:
 	bool stream_mode;
 };
 
-} } // namespace analyzer::* 
+} } // namespace analyzer::*

src/analyzer/protocol/pia/Plugin.cc

@@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::analyzer::Component("PIA_TCP", ::analyzer::pia::PIA_TCP::Instantiate));
+		AddComponent(new zeek::analyzer::Component("PIA_TCP", ::analyzer::pia::PIA_TCP::Instantiate));
-		AddComponent(new ::analyzer::Component("PIA_UDP", ::analyzer::pia::PIA_UDP::Instantiate));
+		AddComponent(new zeek::analyzer::Component("PIA_UDP", ::analyzer::pia::PIA_UDP::Instantiate));
 
 		zeek::plugin::Configuration config;
 		config.name = "Zeek::PIA";