Fix typos in event documentation

Fix typos previously committed (but apparently overwritten later), and
fix typos for new events.

src/event.bif

@@ -157,7 +157,7 @@ event new_connection%(c: connection%);
 ## e: The new encapsulation.
 event tunnel_changed%(c: connection, e: EncapsulatingConnVector%);
 
-## Generated when reassembly starts for a TCP connection. The event is raised
+## Generated when reassembly starts for a TCP connection. This event is raised
 ## at the moment when Bro's TCP analyzer enables stream reassembly for a
 ## connection.
 ##
@@ -522,7 +522,7 @@ event esp_packet%(p: pkt_hdr%);
 ## .. bro:see:: new_packet tcp_packet ipv6_ext_headers
 event mobile_ipv6_message%(p: pkt_hdr%);
 
-## Genereated for any IPv6 packet encapsulated in a Teredo tunnel.
+## Generated for any IPv6 packet encapsulated in a Teredo tunnel.
 ## See :rfc:`4380` for more information about the Teredo protocol.
 ##
 ## outer: The Teredo tunnel connection.
@@ -532,10 +532,10 @@ event mobile_ipv6_message%(p: pkt_hdr%);
 ## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble
 ##
 ## .. note:: Since this event may be raised on a per-packet basis, handling
-##    it may become particular expensive for real-time analysis.
+##    it may become particularly expensive for real-time analysis.
 event teredo_packet%(outer: connection, inner: teredo_hdr%);
 
-## Genereated for IPv6 packets encapsulated in a Teredo tunnel that
+## Generated for IPv6 packets encapsulated in a Teredo tunnel that
 ## use the Teredo authentication encapsulation method.
 ## See :rfc:`4380` for more information about the Teredo protocol.
 ##
@@ -546,10 +546,10 @@ event teredo_packet%(outer: connection, inner: teredo_hdr%);
 ## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble
 ##
 ## .. note:: Since this event may be raised on a per-packet basis, handling
-##    it may become particular expensive for real-time analysis.
+##    it may become particularly expensive for real-time analysis.
 event teredo_authentication%(outer: connection, inner: teredo_hdr%);
 
-## Genereated for IPv6 packets encapsulated in a Teredo tunnel that
+## Generated for IPv6 packets encapsulated in a Teredo tunnel that
 ## use the Teredo origin indication encapsulation method.
 ## See :rfc:`4380` for more information about the Teredo protocol.
 ##
@@ -560,10 +560,10 @@ event teredo_authentication%(outer: connection, inner: teredo_hdr%);
 ## .. bro:see:: teredo_packet teredo_authentication teredo_bubble
 ##
 ## .. note:: Since this event may be raised on a per-packet basis, handling
-##    it may become particular expensive for real-time analysis.
+##    it may become particularly expensive for real-time analysis.
 event teredo_origin_indication%(outer: connection, inner: teredo_hdr%);
 
-## Genereated for Teredo bubble packets.  That is, IPv6 packets encapsulated
+## Generated for Teredo bubble packets.  That is, IPv6 packets encapsulated
 ## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`.
 ## See :rfc:`4380` for more information about the Teredo protocol.
 ##
@@ -574,15 +574,15 @@ event teredo_origin_indication%(outer: connection, inner: teredo_hdr%);
 ## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication
 ##
 ## .. note:: Since this event may be raised on a per-packet basis, handling
-##    it may become particular expensive for real-time analysis.
+##    it may become particularly expensive for real-time analysis.
 event teredo_bubble%(outer: connection, inner: teredo_hdr%);
 
-## Generated for every packet that has non-empty transport-layer payload. This is a
+## Generated for every packet that has a non-empty transport-layer payload.
-## very low-level and expensive event that should be avoided when at all possible.
+## This is a very low-level and expensive event that should be avoided when
-## It's usually  infeasible to handle when processing even medium volumes of
+## at all possible.  It's usually infeasible to handle when processing even
-## traffic in real-time. It's even worse than :bro:id:`new_packet`. That said, if
+## medium volumes of traffic in real-time. It's even worse than
-## you work from a trace and want to do some packet-level analysis, it may come in
+## :bro:id:`new_packet`. That said, if you work from a trace and want to
-## handy.
+## do some packet-level analysis, it may come in handy.
 ##
 ## c: The connection the packet is part of.
 ##
@@ -6216,13 +6216,12 @@ event signature_match%(state: signature_state, msg: string, data: string%);
 ##
 ## request_type: The type of the request.
 ##
-## dstaddr: Address that the tunneled traffic should be sent to.
+## sa: Address that the tunneled traffic should be sent to.
-##
-## dstname: DNS name of the host that the tunneled traffic should be sent to.
 ##
 ## p: The destination port for the proxied traffic.
 ##
-## user: Username given for the SOCKS connection.  This is not yet implemented for SOCKSv5.
+## user: Username given for the SOCKS connection.  This is not yet implemented
+##       for SOCKSv5.
 event socks_request%(c: connection, version: count, request_type: count, sa: SOCKS::Address, p: port, user: string%);
 
 ## Generated when a SOCKS reply is analyzed.
@@ -6233,9 +6232,7 @@ event socks_request%(c: connection, version: count, request_type: count, sa: SOC
 ##
 ## reply: The status reply from the server.
 ##
-## dstaddr: The address that the server sent the traffic to.
+## sa: The address that the server sent the traffic to.
-##
-## dstname: The name the server sent the traffic to.  Only applicable for SOCKSv5.
 ##
 ## p: The destination port for the proxied traffic.
 event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%);