Fix various documentation/typos; remove a few superfluous things.

2025-10-02 14:48:21 +00:00 · 2013-06-03 16:03:25 -05:00 · 2013-06-03 16:03:25 -05:00 · a5e1810aa8
commit a5e1810aa8
parent 8e7ef001b3
17 changed files with 110 additions and 103 deletions
--- a/doc/scripts/example.bro
+++ b/doc/scripts/example.bro
@ -57,8 +57,6 @@ global example_ports = {

 event bro_init()
 	{
-	# Registering a well-known port is self-documenting and
-	# goes into the generated doc's "Port Analysis" section.
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, example_ports);
 	}

--- a/scripts/base/frameworks/analyzer/main.bro
+++ b/scripts/base/frameworks/analyzer/main.bro
@ -1,26 +1,25 @@
 ##! Framework for managing Bro's protocol analyzers.
 ##!
 ##! The analyzer framework allows to dynamically enable or disable analyzers, as
-##! well as to manage the well-known ports which automatically active a particular
-##! analyzer for new connections.
+##! well as to manage the well-known ports which automatically activate a
+##! particular analyzer for new connections.
 ##!
 ##! Protocol analyzers are identified by unique tags of type
 ##! :bro:type:`Analyzer::Tag`, such as :bro:enum:`Analyzer::ANALYZER_HTTP` and
-##! :bro:enum:`Analyzer::ANALYZER_HTTP`. These tags are defined internally by the
-##! analyzers themselves, and documented in their analyzer-specific description
-##! along with the events that they generate.
-##!
-##! .. todo: ``The ANALYZER_*`` are in fact not yet documented, we need to add that
-##!    to Broxygen.
+##! :bro:enum:`Analyzer::ANALYZER_HTTP`. These tags are defined internally by
+##! the analyzers themselves, and documented in their analyzer-specific
+##! description along with the events that they generate.
+
 module Analyzer;

 export {
-	## If true, all available analyzers are initially disabled at startup. One can
-	## then selectively enable them with :bro:id:`enable_analyzer`.
+	## If true, all available analyzers are initially disabled at startup. One
+	## can then selectively enable them with
+	## :bro:id:`Analyzer::enable_analyzer`.
 	global disable_all = F &redef;

-	## Enables an analyzer. Once enabled, the analyzer may be used for analysis of
-	## future connections as decided by Bro's dynamic protocol detection.
+	## Enables an analyzer. Once enabled, the analyzer may be used for analysis
+	## of future connections as decided by Bro's dynamic protocol detection.
 	##
 	## tag: The tag of the analyzer to enable.
 	##
@ -35,10 +34,10 @@ export {
 	## Returns: True if the analyzer was successfully disabled.
 	global disable_analyzer: function(tag: Analyzer::Tag) : bool;

-	## Registers a set of well-known ports for an analyzer. If a future connection
-	## on one of these ports is seen, the analyzer will be automatically assigned
-	## to parsing it. The function *adds* to all ports already registered, it doesn't
-	## replace them .
+	## Registers a set of well-known ports for an analyzer. If a future
+	## connection on one of these ports is seen, the analyzer will be
+	## automatically assigned to parsing it. The function *adds* to all ports
+	## already registered, it doesn't replace them.
 	##
 	## tag: The tag of the analyzer.
 	##
@ -47,10 +46,10 @@ export {
 	## Returns: True if the ports were sucessfully registered.
 	global register_for_ports: function(tag: Analyzer::Tag, ports: set[port]) : bool;

-	## Registers an individual well-known port for an analyzer. If a future connection
-	## on this ports is seen, the analyzer will be automatically assigned to parsing
-	## it. The function *adds* to all ports already registered, it doesn't replace
-	## them.
+	## Registers an individual well-known port for an analyzer. If a future
+	## connection on this port is seen, the analyzer will be automatically
+	## assigned to parsing it. The function *adds* to all ports already
+	## registered, it doesn't replace them.
 	##
 	## tag: The tag of the analyzer.
 	##
@ -70,7 +69,7 @@ export {
 	## Returns a table of all ports-to-analyzer mappings currently registered.
 	##
 	## Returns: A table mapping each analyzer to the set of ports
-	## registered for it.
+	##          registered for it.
 	global all_registered_ports: function() : table[Analyzer::Tag] of set[port];

 	## Translates an analyzer type to a string with the analyzer's name.
@ -84,7 +83,7 @@ export {
 	## address and port.
 	##
 	## orig: The IP address originating a connection in the future.
-	## 0.0.0.0 can be used as a wildcard to match any originator address.
+	##       0.0.0.0 can be used as a wildcard to match any originator address.
 	##
 	## resp: The IP address responding to a connection from *orig*.
 	##
@ -93,22 +92,20 @@ export {
 	## analyzer: The analyzer ID.
 	##
 	## tout: A timeout interval after which the scheduling request will be
-	## discarded if the connection has not yet been seen.
+	##       discarded if the connection has not yet been seen.
 	##
 	## Returns: True if succesful.
 	global schedule_analyzer: function(orig: addr, resp: addr, resp_p: port,
 					   analyzer: Analyzer::Tag, tout: interval) : bool;

-	## A set of analyzers to disable by default at startup. The default set contains
-	## legacy analyzers that are no longer supported.
+	## A set of analyzers to disable by default at startup. The default set
+	## contains legacy analyzers that are no longer supported.
 	global disabled_analyzers: set[Analyzer::Tag] = {
 		ANALYZER_INTERCONN,
 		ANALYZER_STEPPINGSTONE,
 		ANALYZER_BACKDOOR,
 		ANALYZER_TCPSTATS,
-	}
-
-	&redef;
+	} &redef;
 }

@load base/bif/analyzer.bif
--- a/scripts/base/frameworks/reporter/main.bro
+++ b/scripts/base/frameworks/reporter/main.bro
@ -9,7 +9,7 @@
 ##! Note that this framework deals with the handling of internally generated
 ##! reporter messages, for the interface in to actually creating interface
 ##! into actually creating reporter messages from the scripting layer, use
-##! the built-in functions in :doc:`/scripts/base/reporter.bif`.
+##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif`.

 module Reporter;

--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -226,7 +226,7 @@ type endpoint_stats: record {
 ## for a connection, it assigns it a unique ID that can be used to reference
 ## that instance.
 ##
-## .. bro:see:: analyzer_name disable_analyzer protocol_confirmation
+## .. bro:see:: Analyzer::name Analyzer::disable_analyzer protocol_confirmation
 ##    protocol_violation
 ##
 ## .. todo::While we declare an alias for the type here, the events/functions still
--- a/src/IPAddr.h
+++ b/src/IPAddr.h
@ -451,11 +451,6 @@ inline void IPAddr::ConvertToThreadingValue(threading::Value::addr_t* v) const
  */
 HashKey* BuildConnIDHashKey(const ConnID& id);

-/**
-  * Returns a hash key for a given ExpectedConn instance. Passes ownership to caller.
-  */
-HashKey* BuildExpectedConnHashKey(const analyzer::ExpectedConn& c);
-
 /**
 * Class storing both IPv4 and IPv6 prefixes
 * (i.e., \c 192.168.1.1/16 and \c FD00::/8.
--- a/src/analyzer/Analyzer.h
+++ b/src/analyzer/Analyzer.h
@ -509,31 +509,31 @@ public:
 	virtual void UpdateConnVal(RecordVal *conn_val);

 	/**
-	 * Convinience function that forwards directly to
+	 * Convenience function that forwards directly to
 	 * Connection::BuildConnVal().
 	 */
 	RecordVal* BuildConnVal();

 	/**
-	 * Convinience function that forwards directly to the corresponding
+	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Event().
 	 */
 	void Event(EventHandlerPtr f, const char* name = 0);

 	/**
-	 * Convinience function that forwards directly to the corresponding
+	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Event().
 	 */
 	void Event(EventHandlerPtr f, Val* v1, Val* v2 = 0);

 	/**
-	 * Convinience function that forwards directly to
+	 * Convenience function that forwards directly to
 	 * Connection::ConnectionEvent().
 	 */
 	void ConnectionEvent(EventHandlerPtr f, val_list* vl);

 	/**
-	 * Convinience function that forwards directly to the corresponding
+	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Weird().
 	 */
 	void Weird(const char* name, const char* addl = "");
--- a/src/analyzer/Component.h
+++ b/src/analyzer/Component.h
@ -40,10 +40,10 @@ public:
 	 * returns a new instance.
 	 *
 	 * @param subtype A subtype associated with this component that
-	 * further. The subtype will be integrated into the analyzer::Tag
-	 * that the manager associates with this analyzer, and analyzer
-	 * instances can accordingly access it via analyzer::Tag(). If not
-	 * used, leave at zero.
+	 * further distinguishes it. The subtype will be integrated into
+	 * the analyzer::Tag that the manager associates with this analyzer,
+	 * and analyzer instances can accordingly access it via analyzer::Tag().
+	 * If not used, leave at zero.
 	 *
 	 * @param enabled If false the analyzer starts out as disabled and
 	 * hence won't be used. It can still be enabled later via the
--- a/src/analyzer/Manager.h
+++ b/src/analyzer/Manager.h
@ -91,7 +91,7 @@ public:
 	 *
 	 * @param tag The analyzer's tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool EnableAnalyzer(Tag tag);

@ -102,7 +102,7 @@ public:
 	 * @param tag The analyzer's tag as an enum of script type \c
 	 * Analyzer::Tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool EnableAnalyzer(EnumVal* tag);

@ -112,7 +112,7 @@ public:
 	 *
 	 * @param tag The analyzer's tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool DisableAnalyzer(Tag tag);

@ -123,7 +123,7 @@ public:
 	 * @param tag The analyzer's tag as an enum of script type \c
 	 * Analyzer::Tag.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool DisableAnalyzer(EnumVal* tag);

@ -157,7 +157,7 @@ public:
 	 *
 	 * @param port The well-known port.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool RegisterAnalyzerForPort(EnumVal* tag, PortVal* port);

@ -172,7 +172,7 @@ public:
 	 *
 	 * @param port The port's number.
 	 *
-	 * @return True if sucessful.
+	 * @return True if successful.
 	 */
 	bool RegisterAnalyzerForPort(Tag tag, TransportProto proto, uint32 port);

@ -184,7 +184,7 @@ public:
 	 *
 	 * @param port The well-known port.
 	 *
-	 * @return True if sucessful (incl. when the port wasn't actually
+	 * @return True if successful (incl. when the port wasn't actually
 	 * registered for the analyzer).
 	 *
 	 */
@ -215,7 +215,7 @@ public:
 	 * have been added to the connection's analyzer tree yet. Returns
 	 * null if tag is invalid or the requested analyzer is disabled.
 	 */
-	Analyzer* InstantiateAnalyzer(Tag tag, Connection* c); // Null if disabled or not available.
+	Analyzer* InstantiateAnalyzer(Tag tag, Connection* c);

 	/**
 	 * Instantiates a new analyzer instance for a connection.
@ -229,7 +229,7 @@ public:
 	 * null if the name is not known or if the requested analyzer that is
 	 * disabled.
 	 */
-	Analyzer* InstantiateAnalyzer(const char* name, Connection* c); // Null if disabled or not available.
+	Analyzer* InstantiateAnalyzer(const char* name, Connection* c);

 	/**
 	 * Translates an analyzer tag into corresponding analyzer name.
--- a/src/analyzer/Tag.h
+++ b/src/analyzer/Tag.h
@ -28,7 +28,7 @@ class Component;
 * assigns them their main types), and analyzer::Component creates new
 * tags.
 *
- * The Tag class supports all operations necessary to act at the index in a
+ * The Tag class supports all operations necessary to act as an index in a
 * \c std::map.
 */
 class Tag  {
@ -90,7 +90,7 @@ public:
 	/**
 	 * Assignment operator.
 	 */
-        Tag& operator=(const Tag& other);
+	Tag& operator=(const Tag& other);

 	/**
 	 * Compares two tags for equality.
--- a/src/analyzer/protocol/http/events.bif
+++ b/src/analyzer/protocol/http/events.bif
@ -18,7 +18,7 @@
 ## version: The version number specified in the request (e.g., ``1.1``).
 ##
 ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity
-##    http_entity_data http_event http_header http_message_done ply http_stats
+##    http_entity_data http_event http_header http_message_done http_reply http_stats
 ##    truncate_http_URI
 event http_request%(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string%);

--- a/src/analyzer/protocol/login/events.bif
+++ b/src/analyzer/protocol/login/events.bif
@ -87,7 +87,8 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_failure%(c: connection, user: string, client_user: string, password: string, line: string%);

 ## Generated for successful Telnet/Rlogin logins. The *login* analyzer inspects
@ -121,7 +122,8 @@ event login_failure%(c: connection, user: string, client_user: string, password:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_success%(c: connection, user: string, client_user: string, password: string, line: string%);

 ## Generated for lines of input on Telnet/Rlogin sessions. The line will have
@ -137,7 +139,8 @@ event login_success%(c: connection, user: string, client_user: string, password:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_input_line%(c: connection, line: string%);

 ## Generated for lines of output on Telnet/Rlogin sessions. The line will have
@ -153,7 +156,8 @@ event login_input_line%(c: connection, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_output_line%(c: connection, line: string%);

 ## Generated when tracking of Telnet/Rlogin authentication failed. As Bro's
@ -179,7 +183,8 @@ event login_output_line%(c: connection, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_confused%(c: connection, msg: string, line: string%);

 ## Generated after getting confused while tracking a Telnet/Rlogin
@ -199,7 +204,8 @@ event login_confused%(c: connection, msg: string, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_confused_text%(c: connection, line: string%);

 ## Generated for clients transmitting a terminal type in a Telnet session.  This
@ -215,7 +221,8 @@ event login_confused_text%(c: connection, line: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_terminal%(c: connection, terminal: string%);

 ## Generated for clients transmitting an X11 DISPLAY in a Telnet session. This
@ -231,7 +238,8 @@ event login_terminal%(c: connection, terminal: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_display%(c: connection, display: string%);

 ## Generated when a Telnet authentication has been successful. The Telnet
@ -255,7 +263,8 @@ event login_display%(c: connection, display: string%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event authentication_accepted%(name: string, c: connection%);

 ## Generated when a Telnet authentication has been unsuccessful. The Telnet
@ -279,7 +288,8 @@ event authentication_accepted%(name: string, c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event authentication_rejected%(name: string, c: connection%);

 ## Generated for Telnet/Rlogin sessions when a pattern match indicates
@ -302,7 +312,8 @@ event authentication_rejected%(name: string, c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event authentication_skipped%(c: connection%);

 ## Generated for clients transmitting a terminal prompt in a Telnet session.
@ -322,7 +333,8 @@ event authentication_skipped%(c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event login_prompt%(c: connection, prompt: string%);

 ## Generated for Telnet sessions when encryption is activated. The Telnet
@ -373,7 +385,8 @@ event inconsistent_option%(c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event bad_option%(c: connection%);

 ## Generated for a Telnet option that's incorrectly terminated.
@ -391,5 +404,6 @@ event bad_option%(c: connection%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event bad_option_termination%(c: connection%);
--- a/src/analyzer/protocol/rpc/events.bif
+++ b/src/analyzer/protocol/rpc/events.bif
@ -675,7 +675,8 @@ event pm_bad_port%(r: connection, bad_p: count%);
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: rpc_status, start_time: time, call_len: count, reply_len: count%);

 ## Generated for RPC *call* messages.
@ -701,7 +702,8 @@ event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status:
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, call_len: count%);

 ## Generated for RPC *reply* messages.
@ -724,5 +726,6 @@ event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count,
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
 ##    been ported to Bro 2.x. To still enable this event, one needs to add a
-##    corresponding entry to :bro:see:`dpd_config` or a DPD payload signature.
+##    call to :bro:see:`Analyzer::register_for_ports` or a DPD payload
+##    signature.
 event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count%);
--- a/src/analyzer/protocol/tcp/events.bif
+++ b/src/analyzer/protocol/tcp/events.bif
@ -10,7 +10,7 @@
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected connection_reset connection_reused
 ##    connection_state_remove connection_status_update connection_timeout
-##    expected_connection_seen new_connection partial_connection
+##    scheduled_analyzer_applied new_connection partial_connection
 event new_connection_contents%(c: connection%);

 ## Generated for an unsuccessful connection attempt. This event is raised when
@ -25,7 +25,7 @@ event new_connection_contents%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_attempt%(c: connection%);

@ -41,7 +41,7 @@ event connection_attempt%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_established%(c: connection%);

@ -57,7 +57,7 @@ event connection_established%(c: connection%);
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected connection_reset connection_reused
 ##    connection_state_remove connection_status_update connection_timeout
-##    expected_connection_seen new_connection new_connection_contents
+##    scheduled_analyzer_applied new_connection new_connection_contents
 ##
 event partial_connection%(c: connection%);

@ -73,7 +73,7 @@ event partial_connection%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_partial_close%(c: connection%);

@ -86,7 +86,7 @@ event connection_partial_close%(c: connection%);
 ##    connection_established connection_external connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_finished%(c: connection%);

@ -100,7 +100,7 @@ event connection_finished%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK  connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_half_finished%(c: connection%);

@ -112,7 +112,7 @@ event connection_half_finished%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending  connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
 ## c: The connection.
@ -136,7 +136,7 @@ event connection_rejected%(c: connection%);
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected  connection_reused
 ##    connection_state_remove connection_status_update connection_timeout
-##    expected_connection_seen new_connection new_connection_contents
+##    scheduled_analyzer_applied new_connection new_connection_contents
 ##    partial_connection
 event connection_reset%(c: connection%);

@ -148,7 +148,7 @@ event connection_reset%(c: connection%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection bro_done
 event connection_pending%(c: connection%);

@ -163,7 +163,7 @@ event connection_pending%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
 ## .. note::
@ -184,7 +184,7 @@ event connection_SYN_packet%(c: connection, pkt: SYN_packet%);
 ##    connection_established connection_external connection_finished
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
 ## .. note::
@ -204,7 +204,7 @@ event connection_first_ACK%(c: connection%);
 ##    connection_external connection_finished connection_first_ACK
 ##    connection_half_finished connection_partial_close connection_pending
 ##    connection_rejected connection_reset connection_reused connection_state_remove
-##    connection_status_update connection_timeout expected_connection_seen
+##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 event connection_EOF%(c: connection, is_orig: bool%);

--- a/src/bro.bif
+++ b/src/bro.bif
@ -3699,7 +3699,7 @@ function file_mode%(mode: count%): string
 ## Returns: True if the connection identified by *cid* exists and has analyzer
 ##          *aid*.
 ##
-## .. bro:see:: expect_connection analyzer_name
+## .. bro:see:: Analyzer::schedule_analyzer Analyzer::name
 function disable_analyzer%(cid: conn_id, aid: count%) : bool
 	%{
 	Connection* c = sessions->FindConnection(cid);
--- a/src/event.bif
+++ b/src/event.bif
@ -107,8 +107,9 @@ event tunnel_changed%(c: connection, e: EncapsulatingConnVector%);
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
 ##    connection_pending connection_rejected connection_reset connection_reused
-##    connection_state_remove connection_status_update expected_connection_seen
-##    new_connection new_connection_contents partial_connection
+##    connection_state_remove connection_status_update
+##    scheduled_analyzer_applied new_connection new_connection_contents
+##    partial_connection
 ##
 ## .. note::
 ##
@ -201,14 +202,15 @@ event connection_external%(c: connection, tag: string%);
 event udp_session_done%(u: connection%);

 ## Generated when a connection is seen that is marked as being expected.
-## The function :bro:id:`expect_connection` tells Bro to expect a particular
-## connection to come up, and which analyzer to associate with it. Once the
-## first packet of such a connection is indeed seen, this event is raised.
+## The function :bro:id:`Analyzer::schedule_analyzer` tells Bro to expect a
+## particular connection to come up, and which analyzer to associate with it.
+## Once the first packet of such a connection is indeed seen, this event is
+## raised.
 ##
 ## c: The connection.
 ##
 ## a: The analyzer that was scheduled for the connection with the
-##    :bro:id:`expect_connection` call. When the event is raised, that
+##    :bro:id:`Analyzer::schedule_analyzer` call. When the event is raised, that
 ##    analyzer will already have been activated to process the connection. The
 ##    ``count`` is one of the ``ANALYZER_*`` constants, e.g., ``ANALYZER_HTTP``.
 ##
--- a/src/plugin/Macros.h
+++ b/src/plugin/Macros.h
@ -70,10 +70,10 @@
 #define BRO_PLUGIN_VERSION(v) SetVersion(v)

 /**
- * Adds scrip-level items defined in a \c *.bif file to what the plugin
+ * Adds script-level items defined in a \c *.bif file to what the plugin
 * provides.
 *
- * @param file A string with the name of \c *.bif file. When loaded, the the
+ * @param file A string with the name of \c *.bif file. When loaded, the
 * plugin will make all items defined in the file available to Bro's script
 * interpreter.
 */
@ -82,7 +82,7 @@
 		AddBifInitFunction(&__bif_##file##_init);

 /**
- * Defines a component implementating a protocol analyzer.
+ * Defines a component implementing a protocol analyzer.
 *
 * @param tag A string with the analyzer's tag. This must be unique across
 * all loaded analyzers and will translate into a corresponding \c ANALYZER_*
@ -95,11 +95,11 @@
 	AddComponent(new ::analyzer::Component(tag, ::analyzer::cls::InstantiateAnalyzer));

 /**
- * Defines a component implementating an protocol analyzer class that will
+ * Defines a component implementing a protocol analyzer class that will
 * not be instantiated dynamically. This is for two use-cases: (1) abstract
 * analyzer base classes that aren't instantiated directly; and (2) analyzers
 * that are only instantiated explicitly by other Bro components, but not
- * dynmically by the manager based on their tag (e.g., the ZIP analyzer is
+ * dynamically by the manager based on their tag (e.g., the ZIP analyzer is
 * attached by the HTTP analyzer when corresponding content is found). 
 *
 * @param tag A string with the analyzer's tag. This must be unique across
--- a/src/plugin/Plugin.h
+++ b/src/plugin/Plugin.h
@ -80,7 +80,7 @@ private:
 * components, a plugin can also provide of script-level elements defined in
 * *.bif files.
 *
- * Currently, all plugins ard compiled statically into the final Bro binary.
+ * Currently, all plugins are compiled statically into the final Bro binary.
 * Later, we will extend the infrastructure to also support plugins loaded
 * dynamically as shared libraries.
 */
@ -124,8 +124,6 @@ public:

 	/**
 	 * Returns a list of all components the plugin provides.
-	 * BRO_PLUGIN_VERSION_BUILTIN indiciates that it's a plugin compiled
-	 * in statically.
 	 */
 	component_list Components();