Fix various documentation/typos; remove a few superfluous things.

doc/scripts/example.bro

@@ -57,8 +57,6 @@ global example_ports = {
 
 event bro_init()
 	{
-	# Registering a well-known port is self-documenting and
-	# goes into the generated doc's "Port Analysis" section.
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, example_ports);
 	}
 

scripts/base/frameworks/analyzer/main.bro

@@ -1,26 +1,25 @@
 ##! Framework for managing Bro's protocol analyzers.
 ##!
 ##! The analyzer framework allows to dynamically enable or disable analyzers, as
-##! well as to manage the well-known ports which automatically active a particular
+##! well as to manage the well-known ports which automatically activate a
-##! analyzer for new connections.
+##! particular analyzer for new connections.
 ##!
 ##! Protocol analyzers are identified by unique tags of type
 ##! :bro:type:`Analyzer::Tag`, such as :bro:enum:`Analyzer::ANALYZER_HTTP` and
-##! :bro:enum:`Analyzer::ANALYZER_HTTP`. These tags are defined internally by the
+##! :bro:enum:`Analyzer::ANALYZER_HTTP`. These tags are defined internally by
-##! analyzers themselves, and documented in their analyzer-specific description
+##! the analyzers themselves, and documented in their analyzer-specific
-##! along with the events that they generate.
+##! description along with the events that they generate.
-##!
+
-##! .. todo: ``The ANALYZER_*`` are in fact not yet documented, we need to add that
-##!    to Broxygen.
 module Analyzer;
 
 export {
-	## If true, all available analyzers are initially disabled at startup. One can
+	## If true, all available analyzers are initially disabled at startup. One
-	## then selectively enable them with :bro:id:`enable_analyzer`.
+	## can then selectively enable them with
+	## :bro:id:`Analyzer::enable_analyzer`.
 	global disable_all = F &redef;
 
-	## Enables an analyzer. Once enabled, the analyzer may be used for analysis of
+	## Enables an analyzer. Once enabled, the analyzer may be used for analysis
-	## future connections as decided by Bro's dynamic protocol detection.
+	## of future connections as decided by Bro's dynamic protocol detection.
 	##
 	## tag: The tag of the analyzer to enable.
 	##
@@ -35,10 +34,10 @@ export {
 	## Returns: True if the analyzer was successfully disabled.
 	global disable_analyzer: function(tag: Analyzer::Tag) : bool;
 
-	## Registers a set of well-known ports for an analyzer. If a future connection
+	## Registers a set of well-known ports for an analyzer. If a future
-	## on one of these ports is seen, the analyzer will be automatically assigned
+	## connection on one of these ports is seen, the analyzer will be
-	## to parsing it. The function *adds* to all ports already registered, it doesn't
+	## automatically assigned to parsing it. The function *adds* to all ports
-	## replace them .
+	## already registered, it doesn't replace them.
 	##
 	## tag: The tag of the analyzer.
 	##
@@ -47,10 +46,10 @@ export {
 	## Returns: True if the ports were sucessfully registered.
 	global register_for_ports: function(tag: Analyzer::Tag, ports: set[port]) : bool;
 
-	## Registers an individual well-known port for an analyzer. If a future connection
+	## Registers an individual well-known port for an analyzer. If a future
-	## on this ports is seen, the analyzer will be automatically assigned to parsing
+	## connection on this port is seen, the analyzer will be automatically
-	## it. The function *adds* to all ports already registered, it doesn't replace
+	## assigned to parsing it. The function *adds* to all ports already
-	## them.
+	## registered, it doesn't replace them.
 	##
 	## tag: The tag of the analyzer.
 	##
@@ -70,7 +69,7 @@ export {
 	## Returns a table of all ports-to-analyzer mappings currently registered.
 	##
 	## Returns: A table mapping each analyzer to the set of ports
-	## registered for it.
+	##          registered for it.
 	global all_registered_ports: function() : table[Analyzer::Tag] of set[port];
 
 	## Translates an analyzer type to a string with the analyzer's name.
@@ -84,7 +83,7 @@ export {
 	## address and port.
 	##
 	## orig: The IP address originating a connection in the future.
-	## 0.0.0.0 can be used as a wildcard to match any originator address.
+	##       0.0.0.0 can be used as a wildcard to match any originator address.
 	##
 	## resp: The IP address responding to a connection from *orig*.
 	##
@@ -93,22 +92,20 @@ export {
 	## analyzer: The analyzer ID.
 	##
 	## tout: A timeout interval after which the scheduling request will be
-	## discarded if the connection has not yet been seen.
+	##       discarded if the connection has not yet been seen.
 	##
 	## Returns: True if succesful.
 	global schedule_analyzer: function(orig: addr, resp: addr, resp_p: port,
 					   analyzer: Analyzer::Tag, tout: interval) : bool;
 
-	## A set of analyzers to disable by default at startup. The default set contains
+	## A set of analyzers to disable by default at startup. The default set
-	## legacy analyzers that are no longer supported.
+	## contains legacy analyzers that are no longer supported.
 	global disabled_analyzers: set[Analyzer::Tag] = {
 		ANALYZER_INTERCONN,
 		ANALYZER_STEPPINGSTONE,
 		ANALYZER_BACKDOOR,
 		ANALYZER_TCPSTATS,
-	}
+	} &redef;
-
-	&redef;
 }
 
 @load base/bif/analyzer.bif

scripts/base/frameworks/reporter/main.bro

@@ -9,7 +9,7 @@
 ##! Note that this framework deals with the handling of internally generated
 ##! reporter messages, for the interface in to actually creating interface
 ##! into actually creating reporter messages from the scripting layer, use
-##! the built-in functions in :doc:`/scripts/base/reporter.bif`.
+##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif`.
 
 module Reporter;
 

scripts/base/init-bare.bro

@@ -226,7 +226,7 @@ type endpoint_stats: record {
 ## for a connection, it assigns it a unique ID that can be used to reference
 ## that instance.
 ##
-## .. bro:see:: analyzer_name disable_analyzer protocol_confirmation
+## .. bro:see:: Analyzer::name Analyzer::disable_analyzer protocol_confirmation
 ##    protocol_violation
 ##
 ## .. todo::While we declare an alias for the type here, the events/functions still

src/IPAddr.h

@@ -451,11 +451,6 @@ inline void IPAddr::ConvertToThreadingValue(threading::Value::addr_t* v) const
   */
 HashKey* BuildConnIDHashKey(const ConnID& id);
 
-/**
-  * Returns a hash key for a given ExpectedConn instance. Passes ownership to caller.
-  */
-HashKey* BuildExpectedConnHashKey(const analyzer::ExpectedConn& c);
-
 /**
  * Class storing both IPv4 and IPv6 prefixes
  * (i.e., \c 192.168.1.1/16 and \c FD00::/8.

src/analyzer/Analyzer.h

@@ -509,31 +509,31 @@ public:
 	virtual void UpdateConnVal(RecordVal *conn_val);
 
 	/**
-	 * Convinience function that forwards directly to
+	 * Convenience function that forwards directly to
 	 * Connection::BuildConnVal().
 	 */
 	RecordVal* BuildConnVal();
 
 	/**
-	 * Convinience function that forwards directly to the corresponding
+	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Event().
 	 */
 	void Event(EventHandlerPtr f, const char* name = 0);
 
 	/**
-	 * Convinience function that forwards directly to the corresponding
+	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Event().
 	 */
 	void Event(EventHandlerPtr f, Val* v1, Val* v2 = 0);
 
 	/**
-	 * Convinience function that forwards directly to
+	 * Convenience function that forwards directly to
 	 * Connection::ConnectionEvent().
 	 */
 	void ConnectionEvent(EventHandlerPtr f, val_list* vl);
 
 	/**
-	 * Convinience function that forwards directly to the corresponding
+	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Weird().
 	 */
 	void Weird(const char* name, const char* addl = "");

src/analyzer/Component.h

@@ -40,10 +40,10 @@ public:
 	 * returns a new instance.
 	 *
 	 * @param subtype A subtype associated with this component that
-	 * further. The subtype will be integrated into the analyzer::Tag
+	 * further distinguishes it. The subtype will be integrated into
-	 * that the manager associates with this analyzer, and analyzer
+	 * the analyzer::Tag that the manager associates with this analyzer,
-	 * instances can accordingly access it via analyzer::Tag(). If not
+	 * and analyzer instances can accordingly access it via analyzer::Tag().
-	 * used, leave at zero.
+	 * If not used, leave at zero.
 	 *
 	 * @param enabled If false the analyzer starts out as disabled and
 	 * hence won't be used. It can still be enabled later via the

src/analyzer/Manager.h

@@ -91,7 +91,7 @@ public:
 	 *
 	 * @param tag The analyzer's tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool EnableAnalyzer(Tag tag);
 
@@ -102,7 +102,7 @@ public:
 	 * @param tag The analyzer's tag as an enum of script type \c
 	 * Analyzer::Tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool EnableAnalyzer(EnumVal* tag);
 
@@ -112,7 +112,7 @@ public:
 	 *
 	 * @param tag The analyzer's tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool DisableAnalyzer(Tag tag);
 
@@ -123,7 +123,7 @@ public:
 	 * @param tag The analyzer's tag as an enum of script type \c
 	 * Analyzer::Tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool DisableAnalyzer(EnumVal* tag);
 
@@ -157,7 +157,7 @@ public:
 	 *
 	 * @param port The well-known port.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool RegisterAnalyzerForPort(EnumVal* tag, PortVal* port);
 
@@ -172,7 +172,7 @@ public:
 	 *
 	 * @param port The port's number.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool RegisterAnalyzerForPort(Tag tag, TransportProto proto, uint32 port);
 
@@ -184,7 +184,7 @@ public:
 	 *
 	 * @param port The well-known port.
 	 *
-	 * @return True if sucessful (incl. when the port wasn't actually
+	 * @return True if successful (incl. when the port wasn't actually
 	 * registered for the analyzer).
 	 *
 	 */
@@ -215,7 +215,7 @@ public:
 	 * have been added to the connection's analyzer tree yet. Returns
 	 * null if tag is invalid or the requested analyzer is disabled.
 	 */
-	Analyzer* InstantiateAnalyzer(Tag tag, Connection* c); // Null if disabled or not available.
+	Analyzer* InstantiateAnalyzer(Tag tag, Connection* c);
 
 	/**
 	 * Instantiates a new analyzer instance for a connection.
@@ -229,7 +229,7 @@ public:
 	 * null if the name is not known or if the requested analyzer that is
 	 * disabled.
 	 */
-	Analyzer* InstantiateAnalyzer(const char* name, Connection* c); // Null if disabled or not available.
+	Analyzer* InstantiateAnalyzer(const char* name, Connection* c);
 
 	/**
 	 * Translates an analyzer tag into corresponding analyzer name.

src/analyzer/Tag.h

@@ -28,7 +28,7 @@ class Component;
  * assigns them their main types), and analyzer::Component creates new
  * tags.
  *
- * The Tag class supports all operations necessary to act at the index in a
+ * The Tag class supports all operations necessary to act as an index in a
  * \c std::map.
  */
 class Tag  {
@@ -90,7 +90,7 @@ public:
 	/**
 	 * Assignment operator.
 	 */
-        Tag& operator=(const Tag& other);
+	Tag& operator=(const Tag& other);
 
 	/**
 	 * Compares two tags for equality.

src/analyzer/protocol/http/events.bif

@@ -18,7 +18,7 @@
 ## version: The version number specified in the request (e.g., ``1.1``).
 ##
 ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity
-##    http_entity_data http_event http_header http_message_done ply http_stats
+##    http_entity_data http_event http_header http_message_done http_reply http_stats
 ##    truncate_http_URI
 event http_request%(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string%);
 

src/analyzer/protocol/login/events.bif

@@ -87,7 +87,8 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_failure%(c: connection, user: string, client_user: string, password: string, line: string%);
 
 ## Generated for successful Telnet/Rlogin logins. The *login* analyzer inspects
@@ -121,7 +122,8 @@ event login_failure%(c: connection, user: string, client_user: string, password:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_success%(c: connection, user: string, client_user: string, password: string, line: string%);
 
 ## Generated for lines of input on Telnet/Rlogin sessions. The line will have
@@ -137,7 +139,8 @@ event login_success%(c: connection, user: string, client_user: string, password:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_input_line%(c: connection, line: string%);
 
 ## Generated for lines of output on Telnet/Rlogin sessions. The line will have
@@ -153,7 +156,8 @@ event login_input_line%(c: connection, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_output_line%(c: connection, line: string%);
 
 ## Generated when tracking of Telnet/Rlogin authentication failed. As Bro's
@@ -179,7 +183,8 @@ event login_output_line%(c: connection, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_confused%(c: connection, msg: string, line: string%);
 
 ## Generated after getting confused while tracking a Telnet/Rlogin
@@ -199,7 +204,8 @@ event login_confused%(c: connection, msg: string, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_confused_text%(c: connection, line: string%);
 
 ## Generated for clients transmitting a terminal type in a Telnet session.  This
@@ -215,7 +221,8 @@ event login_confused_text%(c: connection, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_terminal%(c: connection, terminal: string%);
 
 ## Generated for clients transmitting an X11 DISPLAY in a Telnet session. This
@@ -231,7 +238,8 @@ event login_terminal%(c: connection, terminal: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_display%(c: connection, display: string%);
 
 ## Generated when a Telnet authentication has been successful. The Telnet
@@ -255,7 +263,8 @@ event login_display%(c: connection, display: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event authentication_accepted%(name: string, c: connection%);
 
 ## Generated when a Telnet authentication has been unsuccessful. The Telnet
@@ -279,7 +288,8 @@ event authentication_accepted%(name: string, c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event authentication_rejected%(name: string, c: connection%);
 
 ## Generated for Telnet/Rlogin sessions when a pattern match indicates
@@ -302,7 +312,8 @@ event authentication_rejected%(name: string, c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event authentication_skipped%(c: connection%);
 
 ## Generated for clients transmitting a terminal prompt in a Telnet session.
@@ -322,7 +333,8 @@ event authentication_skipped%(c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_prompt%(c: connection, prompt: string%);
 
 ## Generated for Telnet sessions when encryption is activated. The Telnet
@@ -373,7 +385,8 @@ event inconsistent_option%(c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event bad_option%(c: connection%);
 
 ## Generated for a Telnet option that's incorrectly terminated.
@@ -391,5 +404,6 @@ event bad_option%(c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event bad_option_termination%(c: connection%);

src/analyzer/protocol/rpc/events.bif

@@ -675,7 +675,8 @@ event pm_bad_port%(r: connection, bad_p: count%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: rpc_status, start_time: time, call_len: count, reply_len: count%);
 
 ## Generated for RPC *call* messages.
@@ -701,7 +702,8 @@ event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, call_len: count%);
 
 ## Generated for RPC *reply* messages.
@@ -724,5 +726,6 @@ event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count,
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count%);

src/analyzer/protocol/tcp/events.bif

@@ -10,7 +10,7 @@
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected connection_reset connection_reused
 ##    connection_state_remove connection_status_update connection_timeout
-##    expected_connection_seen new_connection partial_connection
+##    scheduled_analyzer_applied new_connection partial_connection
 event new_connection_contents%(c: connection%);
 
 ## Generated for an unsuccessful connection attempt. This event is raised when
@@ -25,7 +25,7 @@ event new_connection_contents%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_attempt%(c: connection%);
 
@@ -41,7 +41,7 @@ event connection_attempt%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_established%(c: connection%);
 
@@ -57,7 +57,7 @@ event connection_established%(c: connection%);
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected connection_reset connection_reused
 ##    connection_state_remove connection_status_update connection_timeout
-##    expected_connection_seen new_connection new_connection_contents
+##    scheduled_analyzer_applied new_connection new_connection_contents
 ##
 event partial_connection%(c: connection%);
 
@@ -73,7 +73,7 @@ event partial_connection%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_partial_close%(c: connection%);
 
@@ -86,7 +86,7 @@ event connection_partial_close%(c: connection%);
 ##    connection_established connection_external connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_finished%(c: connection%);
 
@@ -100,7 +100,7 @@ event connection_finished%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK  connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_half_finished%(c: connection%);
 
@@ -112,7 +112,7 @@ event connection_half_finished%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending  connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
 ## c: The connection.
@@ -136,7 +136,7 @@ event connection_rejected%(c: connection%);
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected  connection_reused
 ##    connection_state_remove connection_status_update connection_timeout
-##    expected_connection_seen new_connection new_connection_contents
+##    scheduled_analyzer_applied new_connection new_connection_contents
 ##    partial_connection
 event connection_reset%(c: connection%);
 
@@ -148,7 +148,7 @@ event connection_reset%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection bro_done
 event connection_pending%(c: connection%);
 
@@ -163,7 +163,7 @@ event connection_pending%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
 ## .. note::
@@ -184,7 +184,7 @@ event connection_SYN_packet%(c: connection, pkt: SYN_packet%);
 ##    connection_established connection_external connection_finished
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
 ## .. note::
@@ -204,7 +204,7 @@ event connection_first_ACK%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_EOF%(c: connection, is_orig: bool%);
 

src/bro.bif

@@ -3699,7 +3699,7 @@ function file_mode%(mode: count%): string
 ## Returns: True if the connection identified by *cid* exists and has analyzer
 ##          *aid*.
 ##
-## .. bro:see:: expect_connection analyzer_name
+## .. bro:see:: Analyzer::schedule_analyzer Analyzer::name
 function disable_analyzer%(cid: conn_id, aid: count%) : bool
 	%{
 	Connection* c = sessions->FindConnection(cid);

src/event.bif

@@ -107,8 +107,9 @@ event tunnel_changed%(c: connection, e: EncapsulatingConnVector%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected connection_reset connection_reused
-##    connection_state_remove connection_status_update expected_connection_seen
+##    connection_state_remove connection_status_update
-##    new_connection new_connection_contents partial_connection
+##    scheduled_analyzer_applied new_connection new_connection_contents
+##    partial_connection
 ##
 ## .. note::
 ##
@@ -201,14 +202,15 @@ event connection_external%(c: connection, tag: string%);
 event udp_session_done%(u: connection%);
 
 ## Generated when a connection is seen that is marked as being expected.
-## The function :bro:id:`expect_connection` tells Bro to expect a particular
+## The function :bro:id:`Analyzer::schedule_analyzer` tells Bro to expect a
-## connection to come up, and which analyzer to associate with it. Once the
+## particular connection to come up, and which analyzer to associate with it.
-## first packet of such a connection is indeed seen, this event is raised.
+## Once the first packet of such a connection is indeed seen, this event is
+## raised.
 ##
 ## c: The connection.
 ##
 ## a: The analyzer that was scheduled for the connection with the
-##    :bro:id:`expect_connection` call. When the event is raised, that
+##    :bro:id:`Analyzer::schedule_analyzer` call. When the event is raised, that
 ##    analyzer will already have been activated to process the connection. The
 ##    ``count`` is one of the ``ANALYZER_*`` constants, e.g., ``ANALYZER_HTTP``.
 ##

src/plugin/Macros.h

@@ -70,10 +70,10 @@
 #define BRO_PLUGIN_VERSION(v) SetVersion(v)
 
 /**
- * Adds scrip-level items defined in a \c *.bif file to what the plugin
+ * Adds script-level items defined in a \c *.bif file to what the plugin
  * provides.
  *
- * @param file A string with the name of \c *.bif file. When loaded, the the
+ * @param file A string with the name of \c *.bif file. When loaded, the
  * plugin will make all items defined in the file available to Bro's script
  * interpreter.
  */
@@ -82,7 +82,7 @@
 		AddBifInitFunction(&__bif_##file##_init);
 
 /**
- * Defines a component implementating a protocol analyzer.
+ * Defines a component implementing a protocol analyzer.
  *
  * @param tag A string with the analyzer's tag. This must be unique across
  * all loaded analyzers and will translate into a corresponding \c ANALYZER_*
@@ -95,11 +95,11 @@
 	AddComponent(new ::analyzer::Component(tag, ::analyzer::cls::InstantiateAnalyzer));
 
 /**
- * Defines a component implementating an protocol analyzer class that will
+ * Defines a component implementing a protocol analyzer class that will
  * not be instantiated dynamically. This is for two use-cases: (1) abstract
  * analyzer base classes that aren't instantiated directly; and (2) analyzers
  * that are only instantiated explicitly by other Bro components, but not
- * dynmically by the manager based on their tag (e.g., the ZIP analyzer is
+ * dynamically by the manager based on their tag (e.g., the ZIP analyzer is
  * attached by the HTTP analyzer when corresponding content is found). 
  *
  * @param tag A string with the analyzer's tag. This must be unique across

src/plugin/Plugin.h

@@ -80,7 +80,7 @@ private:
  * components, a plugin can also provide of script-level elements defined in
  * *.bif files.
  *
- * Currently, all plugins ard compiled statically into the final Bro binary.
+ * Currently, all plugins are compiled statically into the final Bro binary.
  * Later, we will extend the infrastructure to also support plugins loaded
  * dynamically as shared libraries.
  */
@@ -124,8 +124,6 @@ public:
 
 	/**
 	 * Returns a list of all components the plugin provides.
-	 * BRO_PLUGIN_VERSION_BUILTIN indiciates that it's a plugin compiled
-	 * in statically.
 	 */
 	component_list Components();