GH-1079: Use full paths starting with zeek/ when including files

src/analyzer/protocol/ayiya/AYIYA.cc

@@ -1,8 +1,9 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "AYIYA.h"
-#include "Func.h"
-#include "packet_analysis/protocol/iptunnel/IPTunnel.h"
+#include "zeek/analyzer/protocol/ayiya/AYIYA.h"
+
+#include "zeek/Func.h"
+#include "zeek/packet_analysis/protocol/iptunnel/IPTunnel.h"
 
 namespace zeek::analyzer::ayiya {
 

src/analyzer/protocol/ayiya/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "AYIYA.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/ayiya/AYIYA.h"
 
 namespace zeek::plugin::detail::Zeek_AYIYA {
 

src/analyzer/protocol/ayiya/ayiya-analyzer.pac

@@ -1,7 +1,7 @@
 %extern{
-#include "Sessions.h"
-#include "Conn.h"
-#include "AYIYA.h"
+#include "zeek/Sessions.h"
+#include "zeek/Conn.h"
+#include "zeek/analyzer/protocol/ayiya/AYIYA.h"
 %}
 
 connection AYIYA_Conn(zeek_analyzer: ZeekAnalyzer)

src/analyzer/protocol/ayiya/ayiya.pac

@@ -3,9 +3,9 @@
 %include zeek.pac
 
 %extern{
-#include "IP.h"
-#include "Reporter.h"
-#include "TunnelEncapsulation.h"
+#include "zeek/IP.h"
+#include "zeek/Reporter.h"
+#include "zeek/TunnelEncapsulation.h"
 %}
 
 analyzer AYIYA withcontext {

src/analyzer/protocol/bittorrent/BitTorrent.cc

@@ -1,7 +1,7 @@
 // This code contributed by Nadi Sarrar.
 
-#include "BitTorrent.h"
-#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "zeek/analyzer/protocol/bittorrent/BitTorrent.h"
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/bittorrent/BitTorrent.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 #include "bittorrent_pac.h"
 

src/analyzer/protocol/bittorrent/BitTorrentTracker.cc

@@ -1,15 +1,15 @@
 // This code contributed by Nadi Sarrar.
 
-#include "BitTorrentTracker.h"
-#include "analyzer/protocol/tcp/TCP_Reassembler.h"
-
-#include "events.bif.h"
+#include "zeek/analyzer/protocol/bittorrent/BitTorrentTracker.h"
 
 #include <sys/types.h>
 #include <regex.h>
-
 #include <algorithm>
 
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
+
+#include "events.bif.h"
+
 # define FMT_INT "%" PRId64
 # define FMT_UINT "%" PRIu64
 

src/analyzer/protocol/bittorrent/BitTorrentTracker.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 #define BTTRACKER_BUF 2048
 

src/analyzer/protocol/bittorrent/Plugin.cc

@@ -1,9 +1,9 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "BitTorrent.h"
-#include "BitTorrentTracker.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/bittorrent/BitTorrent.h"
+#include "zeek/analyzer/protocol/bittorrent/BitTorrentTracker.h"
 
 namespace zeek::plugin::plugin::Zeek_BitTorrent {
 

src/analyzer/protocol/conn-size/ConnSize.cc

@@ -2,12 +2,12 @@
 //
 // See ConnSize.h for more extensive comments.
 
+#include "zeek/analyzer/protocol/conn-size/ConnSize.h"
 
-#include "ConnSize.h"
-#include "analyzer/protocol/tcp/TCP.h"
-#include "IP.h"
-#include "Reporter.h"
-#include "RunState.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/IP.h"
+#include "zeek/Reporter.h"
+#include "zeek/RunState.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/conn-size/ConnSize.h

@@ -1,10 +1,9 @@
 // See the file "COPYING" in the main distribution directory for copyright.
-//
 
 #pragma once
 
-#include "analyzer/Analyzer.h"
-#include "NetVar.h"
+#include "zeek/analyzer/Analyzer.h"
+#include "zeek/NetVar.h"
 
 namespace zeek::analyzer::conn_size {
 

src/analyzer/protocol/conn-size/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "ConnSize.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/conn-size/ConnSize.h"
 
 namespace zeek::plugin::detail::Zeek_ConnSize {
 

src/analyzer/protocol/conn-size/functions.bif

@@ -1,7 +1,7 @@
 %%{
-#include "analyzer/protocol/conn-size/ConnSize.h"
-#include "Reporter.h"
-#include "Sessions.h"
+#include "zeek/analyzer/protocol/conn-size/ConnSize.h"
+#include "zeek/Reporter.h"
+#include "zeek/Sessions.h"
 
 static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
 	{

src/analyzer/protocol/dce-rpc/DCE_RPC.cc

@@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
-#include "DCE_RPC.h"
+#include "zeek/analyzer/protocol/dce-rpc/DCE_RPC.h"
 
 #include <stdlib.h>
 #include <string>

src/analyzer/protocol/dce-rpc/DCE_RPC.h

@@ -2,11 +2,11 @@
 
 #pragma once
 
-#include "NetVar.h"
-#include "analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/dce-rpc/events.bif.h"
-#include "IPAddr.h"
+#include "zeek/NetVar.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/IPAddr.h"
 
+#include "events.bif.h"
 #include "dce_rpc_pac.h"
 
 namespace zeek::analyzer::dce_rpc {

src/analyzer/protocol/dce-rpc/Plugin.cc

@@ -1,9 +1,7 @@
 // See the file  in the main distribution directory for copyright.
 
-
-#include "plugin/Plugin.h"
-
-#include "DCE_RPC.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/protocol/dce-rpc/DCE_RPC.h"
 
 namespace zeek::plugin::detail::Zeek_DCE_RPC {
 

src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac

@@ -1,5 +1,5 @@
 %extern{
-#include "analyzer/Manager.h"
+#include "zeek/analyzer/Manager.h"
 %}
 
 refine connection DCE_RPC_Conn += {

src/analyzer/protocol/dhcp/DHCP.cc

@@ -1,4 +1,4 @@
-#include "DHCP.h"
+#include "zeek/analyzer/protocol/dhcp/DHCP.h"
 
 #include "events.bif.h"
 #include "types.bif.h"

src/analyzer/protocol/dhcp/DHCP.h

@@ -1,6 +1,6 @@
 #pragma once
 
-#include "analyzer/protocol/udp/UDP.h"
+#include "zeek/analyzer/protocol/udp/UDP.h"
 
 #include "dhcp_pac.h"
 

src/analyzer/protocol/dhcp/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "DHCP.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/dhcp/DHCP.h"
 
 namespace zeek::plugin::detail::Zeek_DHCP {
 

src/analyzer/protocol/dnp3/DNP3.cc

@@ -96,8 +96,9 @@
 //                                                   \/
 //                                            Binpac DNP3 Analyzer
 
-#include "DNP3.h"
-#include "Reporter.h"
+#include "zeek/analyzer/protocol/dnp3/DNP3.h"
+#include "zeek/Reporter.h"
+
 #include "events.bif.h"
 
 constexpr unsigned int PSEUDO_LENGTH_INDEX = 2;		// index of len field of DNP3 Pseudo Link Layer

src/analyzer/protocol/dnp3/DNP3.h

@@ -1,8 +1,7 @@
-
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/udp/UDP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/udp/UDP.h"
 
 #include "dnp3_pac.h"
 

src/analyzer/protocol/dnp3/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "DNP3.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/dnp3/DNP3.h"
 
 namespace zeek::plugin::detail::Zeek_DNP3 {
 

src/analyzer/protocol/dns/DNS.cc

@@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
-#include "DNS.h"
+#include "zeek/analyzer/protocol/dns/DNS.h"
 
 #include <ctype.h>
 #include <sys/types.h>
@@ -9,11 +9,11 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
-#include "ZeekString.h"
-#include "NetVar.h"
-#include "Sessions.h"
-#include "Event.h"
-#include "RunState.h"
+#include "zeek/ZeekString.h"
+#include "zeek/NetVar.h"
+#include "zeek/Sessions.h"
+#include "zeek/Event.h"
+#include "zeek/RunState.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/dns/DNS.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
-#include "binpac_zeek.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/binpac_zeek.h"
 
 namespace zeek::analyzer::dns {
 namespace detail {

src/analyzer/protocol/dns/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "DNS.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/dns/DNS.h"
 
 namespace zeek::plugin::detail::Zeek_DNS {
 

src/analyzer/protocol/file/File.cc

@@ -1,11 +1,11 @@
+#include "zeek/analyzer/protocol/file/File.h"
+
 #include <algorithm>
 
-#include "File.h"
-
-#include "file_analysis/Manager.h"
-#include "RuleMatcher.h"
-#include "Reporter.h"
-#include "util.h"
+#include "zeek/file_analysis/Manager.h"
+#include "zeek/RuleMatcher.h"
+#include "zeek/Reporter.h"
+#include "zeek/util.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/file/File.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
-
 #include <string>
 
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+
 namespace zeek::analyzer::file {
 
 class File_Analyzer : public analyzer::tcp::TCP_ApplicationAnalyzer {

src/analyzer/protocol/file/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "File.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/file/File.h"
 
 namespace zeek::plugin::detail::Zeek_File {
 

src/analyzer/protocol/finger/Finger.cc

@@ -1,13 +1,13 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/finger/Finger.h"
 
 #include <ctype.h>
 
-#include "NetVar.h"
-#include "Finger.h"
-#include "Event.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/finger/Finger.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
 
 namespace zeek::analyzer::finger {
 

src/analyzer/protocol/finger/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "Finger.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/finger/Finger.h"
 
 namespace zeek::plugin::detail::Zeek_Finger {
 

src/analyzer/protocol/ftp/FTP.cc

@@ -1,19 +1,19 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
-#include "FTP.h"
+#include "zeek/analyzer/protocol/ftp/FTP.h"
 
 #include <stdlib.h>
 
-#include "ZeekString.h"
-#include "NetVar.h"
-#include "Event.h"
-#include "Base64.h"
-#include "analyzer/Manager.h"
-#include "analyzer/protocol/login/NVT.h"
-#include "RuleMatcher.h"
+#include "zeek/ZeekString.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/Base64.h"
+#include "zeek/analyzer/Manager.h"
+#include "zeek/analyzer/protocol/login/NVT.h"
+#include "zeek/RuleMatcher.h"
 
-#include "events.bif.h"
+#include "analyzer/protocol/ftp/events.bif.h"
 
 namespace zeek::analyzer::ftp {
 

src/analyzer/protocol/ftp/FTP.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(NVT_Analyzer, zeek, analyzer::login);
 

src/analyzer/protocol/ftp/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "FTP.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/ftp/FTP.h"
 
 namespace zeek::plugin::detail::Zeek_FTP {
 

src/analyzer/protocol/ftp/functions.bif

@@ -2,7 +2,7 @@
 type ftp_port: record;
 
 %%{
-#include "Reporter.h"
+#include "zeek/Reporter.h"
 
 static zeek::ValPtr parse_port(const char* line)
 	{

src/analyzer/protocol/gnutella/Gnutella.cc

@@ -1,16 +1,16 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/gnutella/Gnutella.h"
 
 #include <ctype.h>
 
 #include <algorithm>
 
-#include "NetVar.h"
-#include "Gnutella.h"
-#include "Event.h"
-#include "analyzer/protocol/pia/PIA.h"
-#include "analyzer/Manager.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/analyzer/protocol/pia/PIA.h"
+#include "zeek/analyzer/Manager.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/gnutella/Gnutella.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 namespace zeek::analyzer::gnutella {
 

src/analyzer/protocol/gnutella/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "Gnutella.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/gnutella/Gnutella.h"
 
 namespace zeek::plugin::detail::Zeek_Gnutella {
 

src/analyzer/protocol/gssapi/GSSAPI.cc

@@ -1,8 +1,10 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "GSSAPI.h"
-#include "analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "Reporter.h"
+#include "zeek/analyzer/protocol/gssapi/GSSAPI.h"
+
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "zeek/Reporter.h"
+
 #include "events.bif.h"
 
 namespace zeek::analyzer::gssapi {

src/analyzer/protocol/gssapi/GSSAPI.h

@@ -2,9 +2,9 @@
 
 #pragma once
 
-#include "events.bif.h"
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
+#include "events.bif.h"
 #include "gssapi_pac.h"
 
 namespace zeek::analyzer::gssapi {

src/analyzer/protocol/gssapi/Plugin.cc

@@ -1,8 +1,7 @@
 // See the file in the main distribution directory for copyright.
 
-#include "plugin/Plugin.h"
-
-#include "GSSAPI.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/protocol/gssapi/GSSAPI.h"
 
 namespace zeek::plugin::detail::Zeek_GSSAPI {
 

src/analyzer/protocol/gssapi/gssapi.pac

@@ -2,8 +2,8 @@
 %include zeek.pac
 
 %extern{
-#include "analyzer/Manager.h"
-#include "analyzer/Analyzer.h"
+#include "zeek/analyzer/Manager.h"
+#include "zeek/analyzer/Analyzer.h"
 
 #include "events.bif.h"
 %}

src/analyzer/protocol/gtpv1/GTPv1.cc

@@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "GTPv1.h"
-#include "packet_analysis/protocol/iptunnel/IPTunnel.h"
+#include "zeek/analyzer/protocol/gtpv1/GTPv1.h"
+#include "zeek/packet_analysis/protocol/iptunnel/IPTunnel.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/gtpv1/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "GTPv1.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/gtpv1/GTPv1.h"
 
 namespace zeek::plugin::detail::Zeek_GTPv1 {
 

src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac

@@ -1,7 +1,7 @@
 %extern{
-#include "Sessions.h"
-#include "ZeekString.h"
-#include "GTPv1.h"
+#include "zeek/Sessions.h"
+#include "zeek/ZeekString.h"
+#include "zeek/analyzer/protocol/gtpv1/GTPv1.h"
 %}
 
 %code{

src/analyzer/protocol/gtpv1/gtpv1.pac

@@ -2,9 +2,10 @@
 %include zeek.pac
 
 %extern{
-#include "IP.h"
-#include "TunnelEncapsulation.h"
-#include "Reporter.h"
+#include "zeek/IP.h"
+#include "zeek/TunnelEncapsulation.h"
+#include "zeek/Reporter.h"
+
 #include "events.bif.h"
 %}
 

src/analyzer/protocol/http/HTTP.cc

@@ -1,6 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/http/HTTP.h"
 
 #include <ctype.h>
 #include <math.h>
@@ -8,11 +9,10 @@
 #include <string>
 #include <algorithm>
 
-#include "NetVar.h"
-#include "HTTP.h"
-#include "Event.h"
-#include "analyzer/protocol/mime/MIME.h"
-#include "file_analysis/Manager.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/analyzer/protocol/mime/MIME.h"
+#include "zeek/file_analysis/Manager.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/http/HTTP.h

@@ -2,13 +2,14 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
-#include "analyzer/protocol/pia/PIA.h"
-#include "analyzer/protocol/zip/ZIP.h"
-#include "analyzer/protocol/mime/MIME.h"
-#include "binpac_zeek.h"
-#include "IPAddr.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
+#include "zeek/analyzer/protocol/pia/PIA.h"
+#include "zeek/analyzer/protocol/zip/ZIP.h"
+#include "zeek/analyzer/protocol/mime/MIME.h"
+#include "zeek/binpac_zeek.h"
+#include "zeek/IPAddr.h"
+
 #include "analyzer/protocol/http/events.bif.h"
 
 namespace zeek::analyzer::http {

src/analyzer/protocol/http/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "HTTP.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/http/HTTP.h"
 
 namespace zeek::plugin::detail::Zeek_HTTP {
 

src/analyzer/protocol/http/functions.bif

@@ -1,6 +1,6 @@
 
 %%{
-#include "analyzer/protocol/http/HTTP.h"
+#include "zeek/analyzer/protocol/http/HTTP.h"
 %%}
 
 ## Skips the data of the HTTP entity.

src/analyzer/protocol/icmp/ICMP.cc

@@ -1,22 +1,20 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "ICMP.h"
-
-#include <algorithm>
-
 #include "zeek-config.h"
-
-#include "IP.h"
-#include "RunState.h"
-#include "NetVar.h"
-#include "Event.h"
-#include "Conn.h"
-#include "Desc.h"
-#include "Reporter.h"
-
-#include "events.bif.h"
+#include "zeek/analyzer/protocol/icmp/ICMP.h"
 
 #include <netinet/icmp6.h>
+#include <algorithm>
+
+#include "zeek/IP.h"
+#include "zeek/RunState.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/Conn.h"
+#include "zeek/Desc.h"
+#include "zeek/Reporter.h"
+
+#include "events.bif.h"
 
 namespace zeek::analyzer::icmp {
 
@@ -49,7 +47,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
 
 	const struct icmp* icmpp = (const struct icmp*) data;
 
-	if ( ! zeek::detail::ignore_checksums && 
+	if ( ! zeek::detail::ignore_checksums &&
 	     ! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(ip->IPHeaderSrcAddr()) &&
 	     caplen >= len )
 		{

src/analyzer/protocol/icmp/ICMP.h

@@ -2,9 +2,9 @@
 
 #pragma once
 
-#include "RuleMatcher.h"
-#include "analyzer/Analyzer.h"
-#include "net_util.h"
+#include "zeek/RuleMatcher.h"
+#include "zeek/analyzer/Analyzer.h"
+#include "zeek/net_util.h"
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
 namespace zeek {

src/analyzer/protocol/icmp/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "ICMP.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/icmp/ICMP.h"
 
 namespace zeek::plugin::detail::Zeek_ICMP {
 

src/analyzer/protocol/ident/Ident.cc

@@ -1,13 +1,13 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/ident/Ident.h"
 
 #include <ctype.h>
 
-#include "ZeekString.h"
-#include "NetVar.h"
-#include "Ident.h"
-#include "Event.h"
+#include "zeek/ZeekString.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/ident/Ident.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
 
 namespace zeek::analyzer::ident {
 

src/analyzer/protocol/ident/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "Ident.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/ident/Ident.h"
 
 namespace zeek::plugin::detail::Zeek_Ident {
 

src/analyzer/protocol/imap/IMAP.cc

@@ -1,8 +1,8 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "IMAP.h"
-#include "analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/Manager.h"
+#include "zeek/analyzer/protocol/imap/IMAP.h"
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "zeek/analyzer/Manager.h"
 
 namespace zeek::analyzer::imap {
 

src/analyzer/protocol/imap/IMAP.h

@@ -4,7 +4,8 @@
 
 // for std::transform
 #include <algorithm>
-#include "analyzer/protocol/tcp/TCP.h"
+
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 #include "imap_pac.h"
 

src/analyzer/protocol/imap/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "IMAP.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/imap/IMAP.h"
 
 namespace zeek::plugin::detail::Zeek_IMAP {
 

src/analyzer/protocol/imap/imap.pac

@@ -7,15 +7,17 @@
 %include zeek.pac
 
 %extern{
-#include "zeek-config.h"
-#include "Reporter.h"
-#include "events.bif.h"
 
 namespace zeek::analyzer::imap { class IMAP_Analyzer; }
 namespace binpac { namespace IMAP { class IMAP_Conn; } }
 using IMAPAnalyzer = zeek::analyzer::imap::IMAP_Analyzer*;
 
-#include "IMAP.h"
+#include "zeek-config.h"
+#include "zeek/Reporter.h"
+#include "zeek/analyzer/protocol/imap/IMAP.h"
+
+#include "events.bif.h"
+
 %}
 
 extern type IMAPAnalyzer;

src/analyzer/protocol/irc/IRC.cc

@@ -1,11 +1,13 @@
 // An IRC analyzer contributed by Roland Gruber.
 
+#include "zeek/analyzer/protocol/irc/IRC.h"
+
 #include <iostream>
-#include "IRC.h"
-#include "NetVar.h"
-#include "Event.h"
-#include "analyzer/protocol/zip/ZIP.h"
-#include "analyzer/Manager.h"
+
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/analyzer/protocol/zip/ZIP.h"
+#include "zeek/analyzer/Manager.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/irc/IRC.h

@@ -1,8 +1,9 @@
 // An IRC analyzer contributed by Roland Gruber.
 
 #pragma once
-#include "analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
+
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
 
 namespace zeek::analyzer::irc {
 

src/analyzer/protocol/irc/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "IRC.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/irc/IRC.h"
 
 namespace zeek::plugin::detail::Zeek_IRC {
 

src/analyzer/protocol/krb/KRB.cc

@@ -1,6 +1,6 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "KRB.h"
+#include "zeek/analyzer/protocol/krb/KRB.h"
 
 #include <unistd.h>
 

src/analyzer/protocol/krb/KRB.h

@@ -2,13 +2,14 @@
 
 #pragma once
 
-#include "krb_pac.h"
+#include "zeek-config.h"
+#include <mutex>
 
 #ifdef USE_KRB5
 #include <krb5.h>
 #endif
 
-#include <mutex>
+#include "krb_pac.h"
 
 namespace zeek::analyzer::krb {
 

src/analyzer/protocol/krb/KRB_TCP.cc

@@ -1,7 +1,8 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "KRB_TCP.h"
-#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "zeek/analyzer/protocol/krb/KRB_TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
+
 #include "types.bif.h"
 #include "events.bif.h"
 

src/analyzer/protocol/krb/KRB_TCP.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 #include "krb_TCP_pac.h"
 

src/analyzer/protocol/krb/Plugin.cc

@@ -1,9 +1,9 @@
 //See the file in the main distribution directory for copyright.
 
-#include "KRB.h"
-#include "KRB_TCP.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/krb/KRB.h"
+#include "zeek/analyzer/protocol/krb/KRB_TCP.h"
 
 namespace zeek::plugin::detail::Zeek_KRB {
 

src/analyzer/protocol/krb/krb-padata.pac

@@ -2,8 +2,8 @@
 # so we're splitting this off
 
 %extern{
-#include "file_analysis/Manager.h"
-#include "Desc.h"
+#include "zeek/file_analysis/Manager.h"
+#include "zeek/Desc.h"
 %}
 
 %header{

src/analyzer/protocol/krb/krb.pac

@@ -2,15 +2,15 @@
 %include zeek.pac
 
 %extern{
-#include "zeek-config.h"
-#include "types.bif.h"
-#include "events.bif.h"
-
 namespace zeek::analyzer::krb { class KRB_Analyzer; }
 namespace binpac { namespace KRB { class KRB_Conn; } }
 using KRBAnalyzer = zeek::analyzer::krb::KRB_Analyzer*;
 
-#include "KRB.h"
+#include "zeek-config.h"
+#include "zeek/analyzer/protocol/krb/KRB.h"
+
+#include "types.bif.h"
+#include "events.bif.h"
 %}
 
 extern type KRBAnalyzer;

src/analyzer/protocol/krb/krb_TCP.pac

@@ -2,15 +2,15 @@
 %include zeek.pac
 
 %extern{
-#include "zeek-config.h"
-#include "types.bif.h"
-#include "events.bif.h"
-
 namespace zeek::analyzer::krb_tcp { class KRB_Analyzer; }
 namespace binpac { namespace KRB_TCP { class KRB_Conn; } }
 using KRBTCPAnalyzer = zeek::analyzer::krb_tcp::KRB_Analyzer*;
 
-#include "KRB_TCP.h"
+#include "zeek-config.h"
+#include "zeek/analyzer/protocol/krb/KRB_TCP.h"
+
+#include "types.bif.h"
+#include "events.bif.h"
 %}
 
 extern type KRBTCPAnalyzer;

src/analyzer/protocol/login/Login.cc

@@ -1,17 +1,17 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
-#include "Login.h"
+#include "zeek/analyzer/protocol/login/Login.h"
 
 #include <ctype.h>
 #include <stdlib.h>
 
-#include "ZeekString.h"
-#include "NetVar.h"
-#include "RE.h"
-#include "Reporter.h"
-#include "Event.h"
-#include "Var.h"
+#include "zeek/ZeekString.h"
+#include "zeek/NetVar.h"
+#include "zeek/RE.h"
+#include "zeek/Reporter.h"
+#include "zeek/Event.h"
+#include "zeek/Var.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/login/Login.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 namespace zeek::analyzer::login {
 

src/analyzer/protocol/login/NVT.cc

@@ -1,15 +1,15 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
-#include "NVT.h"
+#include "zeek/analyzer/protocol/login/NVT.h"
 
 #include <stdlib.h>
 
-#include "ZeekString.h"
-#include "NetVar.h"
-#include "Event.h"
-#include "Reporter.h"
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/ZeekString.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/Reporter.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/login/NVT.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/ContentLine.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
 
 #define TELNET_OPTION_BINARY 0
 #define TELNET_OPTION_TERMINAL 24

src/analyzer/protocol/login/Plugin.cc

@@ -1,11 +1,11 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "Login.h"
-#include "Telnet.h"
-#include "RSH.h"
-#include "Rlogin.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/login/Login.h"
+#include "zeek/analyzer/protocol/login/Telnet.h"
+#include "zeek/analyzer/protocol/login/RSH.h"
+#include "zeek/analyzer/protocol/login/Rlogin.h"
 
 namespace zeek::plugin::detail::Zeek_Login {
 

src/analyzer/protocol/login/RSH.cc

@@ -1,11 +1,11 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/login/RSH.h"
 
-#include "RSH.h"
-#include "NetVar.h"
-#include "Event.h"
-#include "Reporter.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/Reporter.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/login/RSH.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
-#include "Login.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
+#include "zeek/analyzer/protocol/login/Login.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(Rsh_Analyzer, zeek, analyzer::login);
 

src/analyzer/protocol/login/Rlogin.cc

@@ -1,11 +1,11 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/login/Rlogin.h"
 
-#include "Rlogin.h"
-#include "NetVar.h"
-#include "Event.h"
-#include "Reporter.h"
+#include "zeek/NetVar.h"
+#include "zeek/Event.h"
+#include "zeek/Reporter.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/login/Rlogin.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
-#include "Login.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
+#include "zeek/analyzer/protocol/login/Login.h"
+#include "zeek/analyzer/protocol/tcp/ContentLine.h"
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(Rlogin_Analyzer, zeek, analyzer::login);
 

src/analyzer/protocol/login/Telnet.cc

@@ -2,8 +2,8 @@
 
 #include "zeek-config.h"
 
-#include "Telnet.h"
-#include "NVT.h"
+#include "zeek/analyzer/protocol/login/Telnet.h"
+#include "zeek/analyzer/protocol/login/NVT.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/login/Telnet.h

@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include "Login.h"
+#include "zeek/analyzer/protocol/login/Login.h"
 
 namespace zeek::analyzer::login {
 

src/analyzer/protocol/login/functions.bif

@@ -1,8 +1,8 @@
 
 %%{
-#include "Login.h"
-#include "Reporter.h"
-#include "Sessions.h"
+#include "zeek/analyzer/protocol/login/Login.h"
+#include "zeek/Reporter.h"
+#include "zeek/Sessions.h"
 %%}
 
 ## Returns the state of the given login (Telnet or Rlogin) connection.

src/analyzer/protocol/mime/MIME.cc

@@ -1,11 +1,11 @@
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/mime/MIME.h"
 
-#include "MIME.h"
-#include "NetVar.h"
-#include "Base64.h"
-#include "Reporter.h"
-#include "digest.h"
-#include "file_analysis/Manager.h"
+#include "zeek/NetVar.h"
+#include "zeek/Base64.h"
+#include "zeek/Reporter.h"
+#include "zeek/digest.h"
+#include "zeek/file_analysis/Manager.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/mime/MIME.h

@@ -6,9 +6,9 @@
 #include <vector>
 #include <queue>
 
-#include "ZeekString.h"
-#include "Reporter.h"
-#include "analyzer/Analyzer.h"
+#include "zeek/ZeekString.h"
+#include "zeek/Reporter.h"
+#include "zeek/analyzer/Analyzer.h"
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);

src/analyzer/protocol/mime/Plugin.cc

@@ -1,7 +1,6 @@
 // See the file  in the main distribution directory for copyright.
 
-
-#include "plugin/Plugin.h"
+#include "zeek/plugin/Plugin.h"
 
 namespace zeek::plugin::detail::Zeek_MIME {
 

src/analyzer/protocol/modbus/Modbus.cc

@@ -1,6 +1,5 @@
-
-#include "Modbus.h"
-#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "zeek/analyzer/protocol/modbus/Modbus.h"
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 
 #include "events.bif.h"
 

src/analyzer/protocol/modbus/Modbus.h

@@ -1,6 +1,7 @@
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+
 #include "modbus_pac.h"
 
 namespace zeek::analyzer::modbus {

src/analyzer/protocol/modbus/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "Modbus.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/modbus/Modbus.h"
 
 namespace zeek::plugin::detail::Zeek_Modbus {
 

src/analyzer/protocol/mqtt/MQTT.cc

@@ -1,10 +1,9 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "plugin/Plugin.h"
+#include "zeek/analyzer/protocol/mqtt/MQTT.h"
+
+#include "zeek/Reporter.h"
 
-#include "MQTT.h"
-#include "Reporter.h"
-#include "Scope.h"
 #include "mqtt_pac.h"
 
 namespace zeek::analyzer::mqtt {

src/analyzer/protocol/mqtt/MQTT.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
-#include "analyzer/protocol/tcp/TCP.h"
-#include "ID.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+#include "zeek/ID.h"
 
 namespace binpac { namespace MQTT { class MQTT_Conn; } }
 

src/analyzer/protocol/mqtt/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "MQTT.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/mqtt/MQTT.h"
 
 namespace zeek::plugin::detail::Zeek_MQTT {
 

src/analyzer/protocol/mqtt/mqtt.pac

@@ -4,7 +4,7 @@
 %include zeek.pac
 
 %extern{
-	#include "MQTT.h"
+	#include "zeek/analyzer/protocol/mqtt/MQTT.h"
 	#include "events.bif.h"
 	#include "types.bif.h"
 %}

src/analyzer/protocol/mysql/MySQL.cc

@@ -1,8 +1,10 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "MySQL.h"
-#include "analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "Reporter.h"
+#include "zeek/analyzer/protocol/mysql/MySQL.h"
+
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "zeek/Reporter.h"
+
 #include "events.bif.h"
 
 namespace zeek::analyzer::mysql {

src/analyzer/protocol/mysql/MySQL.h

@@ -2,9 +2,9 @@
 
 #pragma once
 
-#include "events.bif.h"
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
+#include "events.bif.h"
 #include "mysql_pac.h"
 
 namespace zeek::analyzer::mysql {

src/analyzer/protocol/mysql/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "MySQL.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/mysql/MySQL.h"
 
 namespace zeek::plugin::detail::Zeek_MySQL {
 

src/analyzer/protocol/ncp/NCP.cc

@@ -1,21 +1,19 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek-config.h"
+#include "zeek/analyzer/protocol/ncp/NCP.h"
 
 #include <stdlib.h>
 #include <string>
 #include <map>
 
-#include "NCP.h"
+#include "zeek/Sessions.h"
 
 #include "events.bif.h"
 #include "consts.bif.h"
 
 using namespace std;
 
-#include "NCP.h"
-#include "Sessions.h"
-
 #define xbyte(b, n) (((const u_char*) (b))[n])
 #define extract_uint16(little_endian, bytes) \
 	((little_endian) ? \

src/analyzer/protocol/ncp/NCP.h

@@ -17,8 +17,8 @@
 //
 //	http://faydoc.tripod.com/structures/21/2149.htm
 
-#include "NetVar.h"
-#include "analyzer/protocol/tcp/TCP.h"
+#include "zeek/NetVar.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
 
 #include "ncp_pac.h"
 

src/analyzer/protocol/ncp/Plugin.cc

@@ -1,8 +1,8 @@
 // See the file  in the main distribution directory for copyright.
 
-#include "NCP.h"
-#include "plugin/Plugin.h"
-#include "analyzer/Component.h"
+#include "zeek/plugin/Plugin.h"
+#include "zeek/analyzer/Component.h"
+#include "zeek/analyzer/protocol/ncp/NCP.h"
 
 namespace zeek::plugin::detail::Zeek_NCP {