Deprecate global type pointers in NetVar.h

There's analogous IntrusivePtrs in zeek::vars
2025-10-02 14:48:21 +00:00 · 2020-05-11 19:22:49 -07:00 · 2020-05-11 19:22:49 -07:00 · c0986f0739
commit c0986f0739
parent 4351a26710
51 changed files with 451 additions and 224 deletions
--- a/3
+++ b/3
@ -171,6 +171,9 @@ Deprecated Functionality
 - ``Val::Type()`` is deprecated, use ``Val::GetType``.
 - Most global type/value pointers in NetVar.h are deprecated, but there's
  analogous ``IntrusivePtr`` in ``zeek::vars``.
 Zeek 3.1.0
 ==========
--- a/src/BroString.cc
+++ b/src/BroString.cc
@ -11,6 +11,7 @@
 #include "Var.h"
 #include "Reporter.h"
 #include "util.h"
 #include "ZeekVars.h"
 #ifdef DEBUG
 #define DEBUG_STR(msg) DBG_LOG(DBG_STRING, msg)
@ -340,8 +341,7 @@ BroString::Vec* BroString::Split(const BroString::IdxVec& indices) const
 VectorVal* BroString:: VecToPolicy(Vec* vec)
 	{
-	auto result =
+	auto result = make_intrusive<VectorVal>(zeek::vars::string_vec);
 		make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
 	for ( unsigned int i = 0; i < vec->size(); ++i )
 		{
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -205,6 +205,9 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
 set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS
                            -fno-strict-aliasing)
 set_source_files_properties(ZeekVars.cc PROPERTIES COMPILE_FLAGS
                            -Wno-deprecated-declarations)
 set(MAIN_SRCS
    digest.cc
    net_util.cc
@ -286,6 +289,7 @@ set(MAIN_SRCS
    Var.cc
    WeirdState.cc
    ZeekArgs.cc
    ZeekVars.cc
    bsd-getopt-long.c
    bro_inet_ntop.c
    patricia.c
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -346,17 +346,17 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
 	{
 	if ( ! conn_val )
 		{
-		conn_val = make_intrusive<RecordVal>(connection_type);
+		conn_val = make_intrusive<RecordVal>(zeek::vars::connection_type);
 		TransportProto prot_type = ConnTransport();
-		auto id_val = make_intrusive<RecordVal>(conn_id);
+		auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
 		id_val->Assign(0, make_intrusive<AddrVal>(orig_addr));
 		id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
 		id_val->Assign(2, make_intrusive<AddrVal>(resp_addr));
 		id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
-		auto orig_endp = make_intrusive<RecordVal>(endpoint);
+		auto orig_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
 		orig_endp->Assign(0, val_mgr->Count(0));
 		orig_endp->Assign(1, val_mgr->Count(0));
 		orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
@ -367,7 +367,7 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
 		if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 )
 			orig_endp->Assign(5, make_intrusive<StringVal>(fmt_mac(orig_l2_addr, l2_len)));
-		auto resp_endp = make_intrusive<RecordVal>(endpoint);
+		auto resp_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
 		resp_endp->Assign(0, val_mgr->Count(0));
 		resp_endp->Assign(1, val_mgr->Count(0));
 		resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
@ -379,7 +379,7 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
 		conn_val->Assign(1, std::move(orig_endp));
 		conn_val->Assign(2, std::move(resp_endp));
 		// 3 and 4 are set below.
-		conn_val->Assign(5, make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set}));	// service
+		conn_val->Assign(5, make_intrusive<TableVal>(zeek::vars::string_set));	// service
 		conn_val->Assign(6, val_mgr->EmptyString());	// history
 		if ( ! uid )
--- a/src/EventHandler.cc
+++ b/src/EventHandler.cc
@ -127,7 +127,7 @@ void EventHandler::NewEvent(const zeek::Args& vl)
 		return;
 	RecordType* args = FType()->Args();
-	auto vargs = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, call_argument_vector});
+	auto vargs = make_intrusive<VectorVal>(zeek::vars::call_argument_vector);
 	for ( int i = 0; i < args->NumFields(); i++ )
 		{
@ -135,7 +135,7 @@ void EventHandler::NewEvent(const zeek::Args& vl)
 		const auto& ftype = args->GetFieldType(i);
 		auto fdefault = args->FieldDefault(i);
-		auto rec = make_intrusive<RecordVal>(call_argument);
+		auto rec = make_intrusive<RecordVal>(zeek::vars::call_argument);
 		rec->Assign(0, make_intrusive<StringVal>(fname));
 		ODesc d;
--- a/src/File.cc
+++ b/src/File.cc
@ -277,7 +277,7 @@ RecordVal* BroFile::Rotate()
 	if ( f == stdin || f == stdout || f == stderr )
 		return nullptr;
-	RecordVal* info = new RecordVal(rotate_info);
+	RecordVal* info = new RecordVal(zeek::vars::rotate_info);
 	FILE* newf = rotate_file(name, info);
 	if ( ! newf )
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@ -7,8 +7,6 @@
 #include "EventHandler.h"
 #include "Val.h"
 using namespace zeek;
 RecordType* conn_id;
 RecordType* endpoint;
 RecordType* endpoint_stats;
@ -207,7 +205,6 @@ void init_general_global_var()
 	table_expire_delay = opt_internal_double("table_expire_delay");
 	table_incremental_step = opt_internal_int("table_incremental_step");
 	rotate_info = lookup_type("rotate_info")->AsRecordType();
 	log_rotate_base_time = opt_internal_string("log_rotate_base_time");
 	peer_description =
@ -241,26 +238,7 @@ void init_net_var()
 #include "reporter.bif.netvar_init"
 #include "supervisor.bif.netvar_init"
-	conn_id = lookup_type("conn_id")->AsRecordType();
+	zeek::vars::detail::Init();
 	endpoint = lookup_type("endpoint")->AsRecordType();
 	endpoint_stats = lookup_type("endpoint_stats")->AsRecordType();
 	connection_type = lookup_type("connection")->AsRecordType();
 	fa_file_type = lookup_type("fa_file")->AsRecordType();
 	fa_metadata_type = lookup_type("fa_metadata")->AsRecordType();
 	icmp_conn = lookup_type("icmp_conn")->AsRecordType();
 	icmp_context = lookup_type("icmp_context")->AsRecordType();
 	signature_state = lookup_type("signature_state")->AsRecordType();
 	SYN_packet = lookup_type("SYN_packet")->AsRecordType();
 	pcap_packet = lookup_type("pcap_packet")->AsRecordType();
 	raw_pkt_hdr_type = lookup_type("raw_pkt_hdr")->AsRecordType();
 	l2_hdr_type = lookup_type("l2_hdr")->AsRecordType();
 	transport_proto = lookup_type("transport_proto")->AsEnumType();
 	string_set = lookup_type("string_set")->AsTableType();
 	string_array = lookup_type("string_array")->AsTableType();
 	string_vec = lookup_type("string_vec")->AsVectorType();
 	index_vec = lookup_type("index_vec")->AsVectorType();
 	mime_match = lookup_type("mime_match")->AsRecordType();
 	mime_matches = lookup_type("mime_matches")->AsVectorType();
 	ignore_checksums = opt_internal_int("ignore_checksums");
 	partial_connection_ok = opt_internal_int("partial_connection_ok");
@ -286,8 +264,6 @@ void init_net_var()
 		opt_internal_int("tcp_excessive_data_without_further_acks");
 	tcp_max_old_segments = opt_internal_int("tcp_max_old_segments");
 	socks_address = lookup_type("SOCKS::Address")->AsRecordType();
 	non_analyzed_lifetime = opt_internal_double("non_analyzed_lifetime");
 	tcp_inactivity_timeout = opt_internal_double("tcp_inactivity_timeout");
 	udp_inactivity_timeout = opt_internal_double("udp_inactivity_timeout");
@ -333,34 +309,10 @@ void init_net_var()
 	mime_segment_length = opt_internal_int("mime_segment_length");
 	mime_segment_overlap_length = opt_internal_int("mime_segment_overlap_length");
 	mime_header_rec = lookup_type("mime_header_rec")->AsRecordType();
 	mime_header_list = lookup_type("mime_header_list")->AsTableType();
 	http_entity_data_delivery_size = opt_internal_int("http_entity_data_delivery_size");
 	http_stats_rec = lookup_type("http_stats_rec")->AsRecordType();
 	http_message_stat = lookup_type("http_message_stat")->AsRecordType();
 	truncate_http_URI = opt_internal_int("truncate_http_URI");
 	pm_mapping = lookup_type("pm_mapping")->AsRecordType();
 	pm_mappings = lookup_type("pm_mappings")->AsTableType();
 	pm_port_request = lookup_type("pm_port_request")->AsRecordType();
 	pm_callit_request = lookup_type("pm_callit_request")->AsRecordType();
 	geo_location = lookup_type("geo_location")->AsRecordType();
 	entropy_test_result = lookup_type("entropy_test_result")->AsRecordType();
 	dns_msg = lookup_type("dns_msg")->AsRecordType();
 	dns_answer = lookup_type("dns_answer")->AsRecordType();
 	dns_soa = lookup_type("dns_soa")->AsRecordType();
 	dns_edns_additional =
 		lookup_type("dns_edns_additional")->AsRecordType();
 	dns_tsig_additional =
 		lookup_type("dns_tsig_additional")->AsRecordType();
 	dns_rrsig_rr = lookup_type("dns_rrsig_rr")->AsRecordType();
 	dns_dnskey_rr = lookup_type("dns_dnskey_rr")->AsRecordType();
 	dns_nsec3_rr = lookup_type("dns_nsec3_rr")->AsRecordType();
 	dns_ds_rr = lookup_type("dns_ds_rr")->AsRecordType();
 	dns_skip_auth = zeek::lookup_val("dns_skip_auth")->AsTableVal();
 	dns_skip_addl = zeek::lookup_val("dns_skip_addl")->AsTableVal();
 	dns_skip_all_auth = opt_internal_int("dns_skip_all_auth");
@ -396,9 +348,6 @@ void init_net_var()
 	gap_report_freq = opt_internal_double("gap_report_freq");
 	irc_join_info = lookup_type("irc_join_info")->AsRecordType();
 	irc_join_list = lookup_type("irc_join_list")->AsTableType();
 	dpd_reassemble_first_packets =
 		opt_internal_int("dpd_reassemble_first_packets");
 	dpd_buffer_size = opt_internal_int("dpd_buffer_size");
@ -410,11 +359,4 @@ void init_net_var()
 	timer_mgr_inactivity_timeout =
 		opt_internal_double("timer_mgr_inactivity_timeout");
 	script_id = lookup_type("script_id")->AsRecordType();
 	id_table = lookup_type("id_table")->AsTableType();
 	record_field = lookup_type("record_field")->AsRecordType();
 	record_field_table = lookup_type("record_field_table")->AsTableType();
 	call_argument_vector = lookup_type("call_argument_vector")->AsVectorType();
 	call_argument = lookup_type("call_argument")->AsRecordType();
 	}
--- a/src/NetVar.h
+++ b/src/NetVar.h
@ -6,27 +6,49 @@
 #include "Func.h"
 #include "EventRegistry.h"
 #include "Stats.h"
 #include "ZeekVars.h"
 [[deprecated("Remove in v4.1.  Use zeek::vars::conn_id.")]]
 extern RecordType* conn_id;
 [[deprecated("Remove in v4.1.  Use zeek::vars::endpoint.")]]
 extern RecordType* endpoint;
 [[deprecated("Remove in v4.1.  Use zeek::vars::endpoint_stats.")]]
 extern RecordType* endpoint_stats;
 [[deprecated("Remove in v4.1.  Use zeek::vars::connection_type.")]]
 extern RecordType* connection_type;
 [[deprecated("Remove in v4.1.  Use zeek::vars::fa_file_type.")]]
 extern RecordType* fa_file_type;
 [[deprecated("Remove in v4.1.  Use zeek::vars::fa_metadata_type.")]]
 extern RecordType* fa_metadata_type;
 [[deprecated("Remove in v4.1.  Use zeek::vars::icmp_conn.")]]
 extern RecordType* icmp_conn;
 [[deprecated("Remove in v4.1.  Use zeek::vars::icmp_context.")]]
 extern RecordType* icmp_context;
 [[deprecated("Remove in v4.1.  Use zeek::vars::signature_state.")]]
 extern RecordType* signature_state;
 [[deprecated("Remove in v4.1.  Use zeek::vars::SYN_packet.")]]
 extern RecordType* SYN_packet;
 [[deprecated("Remove in v4.1.  Use zeek::vars::pcap_packet.")]]
 extern RecordType* pcap_packet;
 [[deprecated("Remove in v4.1.  Use zeek::vars::raw_pkt_hdr_type.")]]
 extern RecordType* raw_pkt_hdr_type;
 [[deprecated("Remove in v4.1.  Use zeek::vars::l2_hdr_type.")]]
 extern RecordType* l2_hdr_type;
 [[deprecated("Remove in v4.1.  Use zeek::vars::transport_proto.")]]
 extern EnumType* transport_proto;
 [[deprecated("Remove in v4.1.  Use zeek::vars::string_set.")]]
 extern TableType* string_set;
 [[deprecated("Remove in v4.1.  Use zeek::vars::string_array.")]]
 extern TableType* string_array;
 [[deprecated("Remove in v4.1.  Use zeek::vars::count_set.")]]
 extern TableType* count_set;
 [[deprecated("Remove in v4.1.  Use zeek::vars::string_vec.")]]
 extern VectorType* string_vec;
 [[deprecated("Remove in v4.1.  Use zeek::vars::index_vec.")]]
 extern VectorType* index_vec;
 [[deprecated("Remove in v4.1.  Use zeek::vars::mime_matches.")]]
 extern VectorType* mime_matches;
 [[deprecated("Remove in v4.1.  Use zeek::vars::mime_match.")]]
 extern RecordType* mime_match;
 extern int watchdog_interval;
@ -55,6 +77,7 @@ extern int tcp_max_above_hole_without_any_acks;
 extern int tcp_excessive_data_without_further_acks;
 extern int tcp_max_old_segments;
 [[deprecated("Remove in v4.1.  Use zeek::vars::socks_address.")]]
 extern RecordType* socks_address;
 extern double non_analyzed_lifetime;
@ -85,31 +108,50 @@ extern double rpc_timeout;
 extern int mime_segment_length;
 extern int mime_segment_overlap_length;
 [[deprecated("Remove in v4.1.  Use zeek::vars::mime_header_rec.")]]
 extern RecordType* mime_header_rec;
 [[deprecated("Remove in v4.1.  Use zeek::vars::mime_header_list.")]]
 extern TableType* mime_header_list;
 extern int http_entity_data_delivery_size;
 [[deprecated("Remove in v4.1.  Use zeek::vars::http_stats_rec.")]]
 extern RecordType* http_stats_rec;
 [[deprecated("Remove in v4.1.  Use zeek::vars::http_message_stat.")]]
 extern RecordType* http_message_stat;
 extern int truncate_http_URI;
 [[deprecated("Remove in v4.1.  Use zeek::vars::pm_mapping.")]]
 extern RecordType* pm_mapping;
 [[deprecated("Remove in v4.1.  Use zeek::vars::pm_mappings.")]]
 extern TableType* pm_mappings;
 [[deprecated("Remove in v4.1.  Use zeek::vars::pm_port_request.")]]
 extern RecordType* pm_port_request;
 [[deprecated("Remove in v4.1.  Use zeek::vars::pm_callit_request.")]]
 extern RecordType* pm_callit_request;
 [[deprecated("Remove in v4.1.  Use zeek::vars::geo_location.")]]
 extern RecordType* geo_location;
 [[deprecated("Remove in v4.1.  Use zeek::vars::entropy_test_result.")]]
 extern RecordType* entropy_test_result;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_msg.")]]
 extern RecordType* dns_msg;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_answer.")]]
 extern RecordType* dns_answer;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_soa.")]]
 extern RecordType* dns_soa;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_edns_additional.")]]
 extern RecordType* dns_edns_additional;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_tsig_additional.")]]
 extern RecordType* dns_tsig_additional;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_rrsig_rr.")]]
 extern RecordType* dns_rrsig_rr;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_dnskey_rr.")]]
 extern RecordType* dns_dnskey_rr;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_nsec3_rr.")]]
 extern RecordType* dns_nsec3_rr;
 [[deprecated("Remove in v4.1.  Use zeek::vars::dns_ds_rr.")]]
 extern RecordType* dns_ds_rr;
 extern TableVal* dns_skip_auth;
 extern TableVal* dns_skip_addl;
@ -133,6 +175,7 @@ extern TableVal* preserve_other_addr;
 extern double connection_status_update_interval;
 [[deprecated("Remove in v4.1.  Use zeek::vars::rotate_info.")]]
 extern RecordType* rotate_info;
 extern StringVal* log_rotate_base_time;
@ -153,7 +196,9 @@ extern int packet_filter_default;
 extern int sig_max_group_size;
 [[deprecated("Remove in v4.1.  Use zeek::vars::irc_join_list.")]]
 extern TableType* irc_join_list;
 [[deprecated("Remove in v4.1.  Use zeek::vars::irc_join_info.")]]
 extern RecordType* irc_join_info;
 extern int dpd_reassemble_first_packets;
@ -174,11 +219,17 @@ extern StringVal* trace_output_file;
 extern int record_all_packets;
 [[deprecated("Remove in v4.1.  Use zeek::vars::script_id.")]]
 extern RecordType* script_id;
 [[deprecated("Remove in v4.1.  Use zeek::vars::id_table.")]]
 extern TableType* id_table;
 [[deprecated("Remove in v4.1.  Use zeek::vars::record_field.")]]
 extern RecordType* record_field;
 [[deprecated("Remove in v4.1.  Use zeek::vars::record_field_table.")]]
 extern TableType* record_field_table;
 [[deprecated("Remove in v4.1.  Use zeek::vars::call_argument.")]]
 extern RecordType* call_argument;
 [[deprecated("Remove in v4.1.  Use zeek::vars::call_argument_vector.")]]
 extern VectorType* call_argument_vector;
 extern StringVal* cmd_line_bpf_filter;
--- a/src/OpaqueVal.cc
+++ b/src/OpaqueVal.cc
@ -981,7 +981,7 @@ ParaglobVal::ParaglobVal(std::unique_ptr<paraglob::Paraglob> p)
 IntrusivePtr<VectorVal> ParaglobVal::Get(StringVal* &pattern)
 	{
-	auto rval = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
+	auto rval = make_intrusive<VectorVal>(zeek::vars::string_vec);
 	std::string string_pattern (reinterpret_cast<const char*>(pattern->Bytes()), pattern->Len());
 	std::vector<std::string> matches = this->internal_paraglob->get(string_pattern);
--- a/src/RuleCondition.cc
+++ b/src/RuleCondition.cc
@ -8,6 +8,7 @@
 #include "Func.h"
 #include "Val.h"
 #include "Var.h"
 #include "ZeekVars.h"
 static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e)
 	{
@ -145,7 +146,7 @@ RuleConditionEval::RuleConditionEval(const char* func)
 			rules_error("eval function type must yield a 'bool'", func);
 		TypeList tl;
-		tl.Append(zeek::lookup_type("signature_state"));
+		tl.Append(zeek::vars::signature_state);
 		tl.Append(base_type(TYPE_STRING));
 		if ( ! f->CheckArgs(tl.Types()) )
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -79,7 +79,7 @@ RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector<IPPrefix> arg_v)
 Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
 					const RuleEndpointState* state) const
 	{
-	RecordVal* val = new RecordVal(signature_state);
+	RecordVal* val = new RecordVal(zeek::vars::signature_state);
 	val->Assign(0, make_intrusive<StringVal>(rule->ID()));
 	val->Assign(1, state->GetAnalyzer()->ConnVal());
 	val->Assign(2, val_mgr->Bool(state->is_orig));
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -914,7 +914,7 @@ Connection* NetSessions::FindConnection(Val* v)
 	int orig_h, orig_p;	// indices into record's value list
 	int resp_h, resp_p;
-	if ( vr == conn_id )
+	if ( vr == zeek::vars::conn_id )
 		{
 		orig_h = 0;
 		orig_p = 1;
--- a/src/Stmt.cc
+++ b/src/Stmt.cc
@ -202,7 +202,7 @@ static void print_log(const std::vector<IntrusivePtr<Val>>& vals)
 	{
 	auto plval = lookup_enum_val("Log", "PRINTLOG");
 	auto record = make_intrusive<RecordVal>(zeek::lookup_type("Log::PrintLogInfo")->AsRecordType());
-	auto vec = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
+	auto vec = make_intrusive<VectorVal>(zeek::vars::string_vec);
 	for ( const auto& val : vals )
 		{
--- a/src/TunnelEncapsulation.cc
+++ b/src/TunnelEncapsulation.cc
@ -20,7 +20,7 @@ IntrusivePtr<RecordVal> EncapsulatingConn::ToVal() const
 	{
 	auto rv = make_intrusive<RecordVal>(BifType::Record::Tunnel::EncapsulatingConn);
-	auto id_val = make_intrusive<RecordVal>(conn_id);
+	auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
 	id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
 	id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
 	id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));
--- a/src/ZeekVars.cc
+++ b/src/ZeekVars.cc
@ -0,0 +1,165 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 #include "ZeekVars.h"
 #include "Var.h"
 #include "NetVar.h"
 IntrusivePtr<RecordType> zeek::vars::conn_id;
 IntrusivePtr<RecordType> zeek::vars::endpoint;
 IntrusivePtr<RecordType> zeek::vars::endpoint_stats;
 IntrusivePtr<RecordType> zeek::vars::connection_type;
 IntrusivePtr<RecordType> zeek::vars::fa_file_type;
 IntrusivePtr<RecordType> zeek::vars::fa_metadata_type;
 IntrusivePtr<RecordType> zeek::vars::icmp_conn;
 IntrusivePtr<RecordType> zeek::vars::icmp_context;
 IntrusivePtr<RecordType> zeek::vars::signature_state;
 IntrusivePtr<RecordType> zeek::vars::SYN_packet;
 IntrusivePtr<RecordType> zeek::vars::pcap_packet;
 IntrusivePtr<RecordType> zeek::vars::raw_pkt_hdr_type;
 IntrusivePtr<RecordType> zeek::vars::l2_hdr_type;
 IntrusivePtr<EnumType> zeek::vars::transport_proto;
 IntrusivePtr<TableType> zeek::vars::string_set;
 IntrusivePtr<TableType> zeek::vars::string_array;
 IntrusivePtr<TableType> zeek::vars::count_set;
 IntrusivePtr<VectorType> zeek::vars::string_vec;
 IntrusivePtr<VectorType> zeek::vars::index_vec;
 IntrusivePtr<VectorType> zeek::vars::mime_matches;
 IntrusivePtr<RecordType> zeek::vars::mime_match;
 IntrusivePtr<RecordType> zeek::vars::socks_address;
 IntrusivePtr<RecordType> zeek::vars::mime_header_rec;
 IntrusivePtr<TableType> zeek::vars::mime_header_list;
 IntrusivePtr<RecordType> zeek::vars::http_stats_rec;
 IntrusivePtr<RecordType> zeek::vars::http_message_stat;
 IntrusivePtr<RecordType> zeek::vars::pm_mapping;
 IntrusivePtr<TableType> zeek::vars::pm_mappings;
 IntrusivePtr<RecordType> zeek::vars::pm_port_request;
 IntrusivePtr<RecordType> zeek::vars::pm_callit_request;
 IntrusivePtr<RecordType> zeek::vars::geo_location;
 IntrusivePtr<RecordType> zeek::vars::entropy_test_result;
 IntrusivePtr<RecordType> zeek::vars::dns_msg;
 IntrusivePtr<RecordType> zeek::vars::dns_answer;
 IntrusivePtr<RecordType> zeek::vars::dns_soa;
 IntrusivePtr<RecordType> zeek::vars::dns_edns_additional;
 IntrusivePtr<RecordType> zeek::vars::dns_tsig_additional;
 IntrusivePtr<RecordType> zeek::vars::dns_rrsig_rr;
 IntrusivePtr<RecordType> zeek::vars::dns_dnskey_rr;
 IntrusivePtr<RecordType> zeek::vars::dns_nsec3_rr;
 IntrusivePtr<RecordType> zeek::vars::dns_ds_rr;
 IntrusivePtr<RecordType> zeek::vars::rotate_info;
 IntrusivePtr<TableType> zeek::vars::irc_join_list;
 IntrusivePtr<RecordType> zeek::vars::irc_join_info;
 IntrusivePtr<RecordType> zeek::vars::script_id;
 IntrusivePtr<TableType> zeek::vars::id_table;
 IntrusivePtr<RecordType> zeek::vars::record_field;
 IntrusivePtr<TableType> zeek::vars::record_field_table;
 IntrusivePtr<RecordType> zeek::vars::call_argument;
 IntrusivePtr<VectorType> zeek::vars::call_argument_vector;
 void zeek::vars::detail::Init()
 	{
 	// Types
 	conn_id = zeek::lookup_type<RecordType>("conn_id");
 	endpoint = zeek::lookup_type<RecordType>("endpoint");
 	endpoint_stats = zeek::lookup_type<RecordType>("endpoint_stats");
 	connection_type = zeek::lookup_type<RecordType>("connection");
 	fa_file_type = zeek::lookup_type<RecordType>("fa_file");
 	fa_metadata_type = zeek::lookup_type<RecordType>("fa_metadata");
 	icmp_conn = zeek::lookup_type<RecordType>("icmp_conn");
 	icmp_context = zeek::lookup_type<RecordType>("icmp_context");
 	signature_state = zeek::lookup_type<RecordType>("signature_state");
 	SYN_packet = zeek::lookup_type<RecordType>("SYN_packet");
 	pcap_packet = zeek::lookup_type<RecordType>("pcap_packet");
 	raw_pkt_hdr_type = zeek::lookup_type<RecordType>("raw_pkt_hdr");
 	l2_hdr_type = zeek::lookup_type<RecordType>("l2_hdr");
 	transport_proto = zeek::lookup_type<EnumType>("transport_proto");
 	string_set = zeek::lookup_type<TableType>("string_set");
 	string_array = zeek::lookup_type<TableType>("string_array");
 	count_set = zeek::lookup_type<TableType>("count_set");
 	string_vec = zeek::lookup_type<VectorType>("string_vec");
 	index_vec = zeek::lookup_type<VectorType>("index_vec");
 	mime_matches = zeek::lookup_type<VectorType>("mime_matches");
 	mime_match = zeek::lookup_type<RecordType>("mime_match");
 	socks_address = zeek::lookup_type<RecordType>("SOCKS::Address");
 	mime_header_rec = zeek::lookup_type<RecordType>("mime_header_rec");
 	mime_header_list = zeek::lookup_type<TableType>("mime_header_list");
 	http_stats_rec = zeek::lookup_type<RecordType>("http_stats_rec");
 	http_message_stat = zeek::lookup_type<RecordType>("http_message_stat");
 	pm_mapping = zeek::lookup_type<RecordType>("pm_mapping");
 	pm_mappings = zeek::lookup_type<TableType>("pm_mappings");
 	pm_port_request = zeek::lookup_type<RecordType>("pm_port_request");
 	pm_callit_request = zeek::lookup_type<RecordType>("pm_callit_request");
 	geo_location = zeek::lookup_type<RecordType>("geo_location");
 	entropy_test_result = zeek::lookup_type<RecordType>("entropy_test_result");
 	dns_msg = zeek::lookup_type<RecordType>("dns_msg");
 	dns_answer = zeek::lookup_type<RecordType>("dns_answer");
 	dns_soa = zeek::lookup_type<RecordType>("dns_soa");
 	dns_edns_additional = zeek::lookup_type<RecordType>("dns_edns_additional");
 	dns_tsig_additional = zeek::lookup_type<RecordType>("dns_tsig_additional");
 	dns_rrsig_rr = zeek::lookup_type<RecordType>("dns_rrsig_rr");
 	dns_dnskey_rr = zeek::lookup_type<RecordType>("dns_dnskey_rr");
 	dns_nsec3_rr = zeek::lookup_type<RecordType>("dns_nsec3_rr");
 	dns_ds_rr = zeek::lookup_type<RecordType>("dns_ds_rr");
 	rotate_info = zeek::lookup_type<RecordType>("rotate_info");
 	irc_join_list = zeek::lookup_type<TableType>("irc_join_list");
 	irc_join_info = zeek::lookup_type<RecordType>("irc_join_info");
 	script_id = zeek::lookup_type<RecordType>("script_id");
 	id_table = zeek::lookup_type<TableType>("id_table");
 	record_field = zeek::lookup_type<RecordType>("record_field");
 	record_field_table = zeek::lookup_type<TableType>("record_field_table");
 	call_argument = zeek::lookup_type<RecordType>("call_argument");
 	call_argument_vector = zeek::lookup_type<VectorType>("call_argument_vector");
 	// Note: to bypass deprecation warnings on setting the legacy globals,
 	// CMake was told to compile this file with -Wno-deprecated-declarations.
 	// Once the legacy globals are removed, that compile flag can go also.
 	::conn_id = conn_id.get();
 	::endpoint = endpoint.get();
 	::endpoint_stats = endpoint_stats.get();
 	::connection_type = connection_type.get();
 	::fa_file_type = fa_file_type.get();
 	::fa_metadata_type = fa_metadata_type.get();
 	::icmp_conn = icmp_conn.get();
 	::icmp_context = icmp_context.get();
 	::signature_state = signature_state.get();
 	::SYN_packet = SYN_packet.get();
 	::pcap_packet = pcap_packet.get();
 	::raw_pkt_hdr_type = raw_pkt_hdr_type.get();
 	::l2_hdr_type = l2_hdr_type.get();
 	::transport_proto = transport_proto.get();
 	::string_set = string_set.get();
 	::string_array = string_array.get();
 	::count_set = count_set.get();
 	::string_vec = string_vec.get();
 	::index_vec = index_vec.get();
 	::mime_matches = mime_matches.get();
 	::mime_match = mime_match.get();
 	::socks_address = socks_address.get();
 	::mime_header_rec = mime_header_rec.get();
 	::mime_header_list = mime_header_list.get();
 	::http_stats_rec = http_stats_rec.get();
 	::http_message_stat = http_message_stat.get();
 	::pm_mapping = pm_mapping.get();
 	::pm_mappings = pm_mappings.get();
 	::pm_port_request = pm_port_request.get();
 	::pm_callit_request = pm_callit_request.get();
 	::geo_location = geo_location.get();
 	::entropy_test_result = entropy_test_result.get();
 	::dns_msg = dns_msg.get();
 	::dns_answer = dns_answer.get();
 	::dns_soa = dns_soa.get();
 	::dns_edns_additional = dns_edns_additional.get();
 	::dns_tsig_additional = dns_tsig_additional.get();
 	::dns_rrsig_rr = dns_rrsig_rr.get();
 	::dns_dnskey_rr = dns_dnskey_rr.get();
 	::dns_nsec3_rr = dns_nsec3_rr.get();
 	::dns_ds_rr = dns_ds_rr.get();
 	::rotate_info = rotate_info.get();
 	::irc_join_list = irc_join_list.get();
 	::irc_join_info = irc_join_info.get();
 	::script_id = script_id.get();
 	::id_table = id_table.get();
 	::record_field = record_field.get();
 	::record_field_table = record_field_table.get();
 	::call_argument = call_argument.get();
 	::call_argument_vector = call_argument_vector.get();
 	}
--- a/src/ZeekVars.h
+++ b/src/ZeekVars.h
@ -0,0 +1,67 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 #pragma once
 #include "Val.h"
 #include "Type.h"
 #include "IntrusivePtr.h"
 namespace zeek { namespace vars { namespace detail {
 void Init();
 }}}
 namespace zeek { namespace vars {
 // Types
 extern IntrusivePtr<RecordType> conn_id;
 extern IntrusivePtr<RecordType> endpoint;
 extern IntrusivePtr<RecordType> endpoint_stats;
 extern IntrusivePtr<RecordType> connection_type;
 extern IntrusivePtr<RecordType> fa_file_type;
 extern IntrusivePtr<RecordType> fa_metadata_type;
 extern IntrusivePtr<RecordType> icmp_conn;
 extern IntrusivePtr<RecordType> icmp_context;
 extern IntrusivePtr<RecordType> signature_state;
 extern IntrusivePtr<RecordType> SYN_packet;
 extern IntrusivePtr<RecordType> pcap_packet;
 extern IntrusivePtr<RecordType> raw_pkt_hdr_type;
 extern IntrusivePtr<RecordType> l2_hdr_type;
 extern IntrusivePtr<EnumType> transport_proto;
 extern IntrusivePtr<TableType> string_set;
 extern IntrusivePtr<TableType> string_array;
 extern IntrusivePtr<TableType> count_set;
 extern IntrusivePtr<VectorType> string_vec;
 extern IntrusivePtr<VectorType> index_vec;
 extern IntrusivePtr<VectorType> mime_matches;
 extern IntrusivePtr<RecordType> mime_match;
 extern IntrusivePtr<RecordType> socks_address;
 extern IntrusivePtr<RecordType> mime_header_rec;
 extern IntrusivePtr<TableType> mime_header_list;
 extern IntrusivePtr<RecordType> http_stats_rec;
 extern IntrusivePtr<RecordType> http_message_stat;
 extern IntrusivePtr<RecordType> pm_mapping;
 extern IntrusivePtr<TableType> pm_mappings;
 extern IntrusivePtr<RecordType> pm_port_request;
 extern IntrusivePtr<RecordType> pm_callit_request;
 extern IntrusivePtr<RecordType> geo_location;
 extern IntrusivePtr<RecordType> entropy_test_result;
 extern IntrusivePtr<RecordType> dns_msg;
 extern IntrusivePtr<RecordType> dns_answer;
 extern IntrusivePtr<RecordType> dns_soa;
 extern IntrusivePtr<RecordType> dns_edns_additional;
 extern IntrusivePtr<RecordType> dns_tsig_additional;
 extern IntrusivePtr<RecordType> dns_rrsig_rr;
 extern IntrusivePtr<RecordType> dns_dnskey_rr;
 extern IntrusivePtr<RecordType> dns_nsec3_rr;
 extern IntrusivePtr<RecordType> dns_ds_rr;
 extern IntrusivePtr<RecordType> rotate_info;
 extern IntrusivePtr<TableType> irc_join_list;
 extern IntrusivePtr<RecordType> irc_join_info;
 extern IntrusivePtr<RecordType> script_id;
 extern IntrusivePtr<TableType> id_table;
 extern IntrusivePtr<RecordType> record_field;
 extern IntrusivePtr<TableType> record_field_table;
 extern IntrusivePtr<RecordType> call_argument;
 extern IntrusivePtr<VectorType> call_argument_vector;
 }} // namespace zeek::vars
--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@ -174,8 +174,8 @@ void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
 	RecordVal *resp_endp = conn_val->Lookup("resp")->AsRecordVal();
 	// endpoint is the RecordType from NetVar.h
-	int pktidx = endpoint->FieldOffset("num_pkts");
+	int pktidx = zeek::vars::endpoint->FieldOffset("num_pkts");
-	int bytesidx = endpoint->FieldOffset("num_bytes_ip");
+	int bytesidx = zeek::vars::endpoint->FieldOffset("num_bytes_ip");
 	if ( pktidx < 0 )
 		reporter->InternalError("'endpoint' record missing 'num_pkts' field");
--- a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac
+++ b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac
@ -20,7 +20,7 @@ refine flow DHCP_Flow += {
 		if ( ! options )
 			{
 			options = make_intrusive<RecordVal>(BifType::Record::DHCP::Options);
-			all_options = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
+			all_options = make_intrusive<VectorVal>(zeek::vars::index_vec);
 			options->Assign(0, all_options);
 			}
--- a/src/analyzer/protocol/dhcp/dhcp-options.pac
+++ b/src/analyzer/protocol/dhcp/dhcp-options.pac
@ -462,7 +462,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_par_req_list_option(v: OptionValue): bool
 		%{
-		auto params = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
+		auto params = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		int num_parms = ${v.par_req_list}->size();
 		vector<uint8>* plist = ${v.par_req_list};
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -592,7 +592,7 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
 	if ( dns_SOA_reply && ! msg->skip_event )
 		{
-		auto r = make_intrusive<RecordVal>(dns_soa);
+		auto r = make_intrusive<RecordVal>(zeek::vars::dns_soa);
 		r->Assign(0, make_intrusive<StringVal>(new BroString(mname, mname_end - mname, true)));
 		r->Assign(1, make_intrusive<StringVal>(new BroString(rname, rname_end - rname, true)));
 		r->Assign(2, val_mgr->Count(serial));
@ -998,7 +998,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
 	int typebitmaps_len = rdlength - (data - data_start);
-	auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
+	auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
 	while ( typebitmaps_len > 0 && len > 0 )
 		{
@ -1073,7 +1073,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
 	int typebitmaps_len = rdlength - (data - data_start);
-	auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
+	auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
 	while ( typebitmaps_len > 0 && len > 0 )
 		{
@ -1288,7 +1288,7 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg,
 		return true;
 		}
-	auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
+	auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
 	IntrusivePtr<StringVal> char_string;
 	while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
@ -1316,7 +1316,7 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg,
 		return true;
 		}
-	auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
+	auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
 	IntrusivePtr<StringVal> char_string;
 	while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
@ -1435,7 +1435,7 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query)
 IntrusivePtr<RecordVal> DNS_MsgInfo::BuildHdrVal()
 	{
-	auto r = make_intrusive<RecordVal>(dns_msg);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_msg);
 	r->Assign(0, val_mgr->Count(id));
 	r->Assign(1, val_mgr->Count(opcode));
@ -1456,7 +1456,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildHdrVal()
 IntrusivePtr<RecordVal> DNS_MsgInfo::BuildAnswerVal()
 	{
-	auto r = make_intrusive<RecordVal>(dns_answer);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_answer);
 	r->Assign(0, val_mgr->Count(int(answer_type)));
 	r->Assign(1, query_name);
@ -1471,7 +1471,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildEDNS_Val()
 	{
 	// We have to treat the additional record type in EDNS differently
 	// than a regular resource record.
-	auto r = make_intrusive<RecordVal>(dns_edns_additional);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_edns_additional);
 	r->Assign(0, val_mgr->Count(int(answer_type)));
 	r->Assign(1, query_name);
@ -1504,7 +1504,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildEDNS_Val()
 IntrusivePtr<RecordVal> DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
 	{
-	auto r = make_intrusive<RecordVal>(dns_tsig_additional);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_tsig_additional);
 	double rtime = tsig->time_s + tsig->time_ms / 1000.0;
 	// r->Assign(0, val_mgr->Count(int(answer_type)));
@ -1523,7 +1523,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
 IntrusivePtr<RecordVal> DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
 	{
-	auto r = make_intrusive<RecordVal>(dns_rrsig_rr);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_rrsig_rr);
 	r->Assign(0, query_name);
 	r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1543,7 +1543,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
 IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
 	{
-	auto r = make_intrusive<RecordVal>(dns_dnskey_rr);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_dnskey_rr);
 	r->Assign(0, query_name);
 	r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1558,7 +1558,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
 IntrusivePtr<RecordVal> DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
 	{
-	auto r = make_intrusive<RecordVal>(dns_nsec3_rr);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_nsec3_rr);
 	r->Assign(0, query_name);
 	r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1577,7 +1577,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
 IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
 	{
-	auto r = make_intrusive<RecordVal>(dns_ds_rr);
+	auto r = make_intrusive<RecordVal>(zeek::vars::dns_ds_rr);
 	r->Assign(0, query_name);
 	r->Assign(1, val_mgr->Count(int(answer_type)));
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -615,7 +615,7 @@ HTTP_Message::~HTTP_Message()
 IntrusivePtr<RecordVal> HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
 	{
-	auto stat = make_intrusive<RecordVal>(http_message_stat);
+	auto stat = make_intrusive<RecordVal>(zeek::vars::http_message_stat);
 	int field = 0;
 	stat->Assign(field++, make_intrusive<Val>(start_time, TYPE_TIME));
 	stat->Assign(field++, val_mgr->Bool(interrupted));
@ -1151,7 +1151,7 @@ void HTTP_Analyzer::GenStats()
 	{
 	if ( http_stats )
 		{
-		auto r = make_intrusive<RecordVal>(http_stats_rec);
+		auto r = make_intrusive<RecordVal>(zeek::vars::http_stats_rec);
 		r->Assign(0, val_mgr->Count(num_requests));
 		r->Assign(1, val_mgr->Count(num_replies));
 		r->Assign(2, make_intrusive<Val>(request_version.ToDouble(), TYPE_DOUBLE));
--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@ -225,7 +225,7 @@ ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
 	{
 	if ( ! icmp_conn_val )
 		{
-		icmp_conn_val = make_intrusive<RecordVal>(icmp_conn);
+		icmp_conn_val = make_intrusive<RecordVal>(zeek::vars::icmp_conn);
 		icmp_conn_val->Assign(0, make_intrusive<AddrVal>(Conn()->OrigAddr()));
 		icmp_conn_val->Assign(1, make_intrusive<AddrVal>(Conn()->RespAddr()));
@ -350,8 +350,8 @@ IntrusivePtr<RecordVal> ICMP_Analyzer::ExtractICMP4Context(int len, const u_char
 			}
 		}
-	auto iprec = make_intrusive<RecordVal>(icmp_context);
+	auto iprec = make_intrusive<RecordVal>(zeek::vars::icmp_context);
-	auto id_val = make_intrusive<RecordVal>(conn_id);
+	auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
 	id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
 	id_val->Assign(1, val_mgr->Port(src_port, proto));
@ -409,8 +409,8 @@ IntrusivePtr<RecordVal> ICMP_Analyzer::ExtractICMP6Context(int len, const u_char
 			}
 		}
-	auto iprec = make_intrusive<RecordVal>(icmp_context);
+	auto iprec = make_intrusive<RecordVal>(zeek::vars::icmp_context);
-	auto id_val = make_intrusive<RecordVal>(conn_id);
+	auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
 	id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
 	id_val->Assign(1, val_mgr->Port(src_port, proto));
--- a/src/analyzer/protocol/imap/imap-analyzer.pac
+++ b/src/analyzer/protocol/imap/imap-analyzer.pac
@ -59,7 +59,7 @@ refine connection IMAP_Conn += {
 		if ( ! imap_capabilities )
 			return true;
-		auto capv = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
+		auto capv = make_intrusive<VectorVal>(zeek::vars::string_vec);
 		for ( unsigned int i = 0; i< capabilities->size(); i++ )
 			{
--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@ -271,7 +271,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			if ( parts.size() > 0 && parts[0][0] == ':' )
 				parts[0] = parts[0].substr(1);
-			auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
+			auto set = make_intrusive<TableVal>(zeek::vars::string_set);
 			for ( unsigned int i = 0; i < parts.size(); ++i )
 				{
@ -464,7 +464,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			if ( parts.size() > 0 && parts[0][0] == ':' )
 				parts[0] = parts[0].substr(1);
-			auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
+			auto set = make_intrusive<TableVal>(zeek::vars::string_set);
 			for ( unsigned int i = 0; i < parts.size(); ++i )
 				{
@ -836,7 +836,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				nickname = prefix.substr(0, pos);
 			}
-		auto list = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, irc_join_list});
+		auto list = make_intrusive<TableVal>(zeek::vars::irc_join_list);
 		vector<string> channels = SplitWords(parts[0], ',');
 		vector<string> passwords;
@ -847,7 +847,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		string empty_string = "";
 		for ( unsigned int i = 0; i < channels.size(); ++i )
 			{
-			RecordVal* info = new RecordVal(irc_join_info);
+			RecordVal* info = new RecordVal(zeek::vars::irc_join_info);
 			info->Assign(0, make_intrusive<StringVal>(nickname.c_str()));
 			info->Assign(1, make_intrusive<StringVal>(channels[i].c_str()));
 			if ( i < passwords.size() )
@ -881,13 +881,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			parts[1] = parts[1].substr(1);
 		vector<string> users = SplitWords(parts[1], ',');
-		auto list = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, irc_join_list});
+		auto list = make_intrusive<TableVal>(zeek::vars::irc_join_list);
 		string empty_string = "";
 		for ( unsigned int i = 0; i < users.size(); ++i )
 			{
-			auto info = make_intrusive<RecordVal>(irc_join_info);
+			auto info = make_intrusive<RecordVal>(zeek::vars::irc_join_info);
 			string nick = users[i];
 			string mode = "none";
@ -951,7 +951,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			nick = nick.substr(0, pos);
 		vector<string> channelList = SplitWords(channels, ',');
-		auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
+		auto set = make_intrusive<TableVal>(zeek::vars::string_set);
 		for ( unsigned int i = 0; i < channelList.size(); ++i )
 			{
--- a/src/analyzer/protocol/krb/krb-types.pac
+++ b/src/analyzer/protocol/krb/krb-types.pac
@ -27,7 +27,7 @@ IntrusivePtr<Val> GetStringFromPrincipalName(const KRB_Principal_Name* pname)
 VectorVal* proc_cipher_list(const Array* list)
 {
-	auto ciphers = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+	auto ciphers = make_intrusive<VectorVal>(zeek::vars::index_vec);
 	for ( uint i = 0; i < list->data()->size(); ++i )
 		ciphers->Assign(ciphers->Size(), asn1_integer_to_val((*list->data())[i], TYPE_COUNT));
 	return ciphers.release();
--- a/src/analyzer/protocol/mime/MIME.cc
+++ b/src/analyzer/protocol/mime/MIME.cc
@ -1289,7 +1289,7 @@ void MIME_Entity::DebugPrintHeaders()
 IntrusivePtr<RecordVal> MIME_Message::BuildHeaderVal(MIME_Header* h)
 	{
-	auto header_record = make_intrusive<RecordVal>(mime_header_rec);
+	auto header_record = make_intrusive<RecordVal>(zeek::vars::mime_header_rec);
 	header_record->Assign(0, new_string_val(h->get_name()));
 	auto upper_hn = new_string_val(h->get_name());
 	upper_hn->ToUpper();
@ -1300,7 +1300,7 @@ IntrusivePtr<RecordVal> MIME_Message::BuildHeaderVal(MIME_Header* h)
 IntrusivePtr<TableVal> MIME_Message::BuildHeaderTable(MIME_HeaderList& hlist)
 	{
-	auto t = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, mime_header_list});
+	auto t = make_intrusive<TableVal>(zeek::vars::mime_header_list);
 	for ( unsigned int i = 0; i < hlist.size(); ++i )
 		{
--- a/src/analyzer/protocol/mqtt/commands/subscribe.pac
+++ b/src/analyzer/protocol/mqtt/commands/subscribe.pac
@ -19,8 +19,8 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_subscribe )
 			{
-			auto topics = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
+			auto topics = make_intrusive<VectorVal>(zeek::vars::string_vec);
-			auto qos_levels = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
+			auto qos_levels = make_intrusive<VectorVal>(zeek::vars::index_vec);
 			for ( auto topic: *${msg.topics} )
 				{
--- a/src/analyzer/protocol/mqtt/commands/unsubscribe.pac
+++ b/src/analyzer/protocol/mqtt/commands/unsubscribe.pac
@ -14,7 +14,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_unsubscribe )
 			{
-			auto topics = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
+			auto topics = make_intrusive<VectorVal>(zeek::vars::string_vec);
 			for ( auto topic: *${msg.topics} )
 				{
--- a/src/analyzer/protocol/mysql/mysql-analyzer.pac
+++ b/src/analyzer/protocol/mysql/mysql-analyzer.pac
@ -82,7 +82,7 @@ refine flow MySQL_Flow += {
 		if ( ! mysql_result_row )
 			return true;
-		auto vt = zeek::lookup_type<VectorType>("string_vec");
+		auto vt = zeek::vars::string_vec;
 		auto vv = make_intrusive<VectorVal>(std::move(vt));
 		auto& bstring = ${msg.row.first_field.val};
--- a/src/analyzer/protocol/rpc/MOUNT.cc
+++ b/src/analyzer/protocol/rpc/MOUNT.cc
@ -192,7 +192,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
 	zeek::Args vl;
 	vl.reserve(2 + extra_elements);
 	vl.emplace_back(analyzer->ConnVal());
-	auto auxgids = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+	auto auxgids = make_intrusive<VectorVal>(zeek::vars::index_vec);
 	for (size_t i = 0; i < c->AuxGIDs().size(); ++i)
 		{
--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -328,7 +328,7 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
 	zeek::Args vl;
 	vl.reserve(2 + extra_elements);
 	vl.emplace_back(analyzer->ConnVal());
-	auto auxgids = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+	auto auxgids = make_intrusive<VectorVal>(zeek::vars::index_vec);
 	for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )
 		auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
--- a/src/analyzer/protocol/rpc/Portmap.cc
+++ b/src/analyzer/protocol/rpc/Portmap.cc
@ -138,7 +138,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
 		event = success ? pm_request_dump : pm_attempt_dump;
 		if ( success )
 			{
-			TableVal* mappings = new TableVal({NewRef{}, pm_mappings});
+			TableVal* mappings = new TableVal(zeek::vars::pm_mappings);
 			uint32_t nmap = 0;
 			// Each call in the loop test pulls the next "opted"
@ -193,7 +193,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
 Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
 	{
-	RecordVal* mapping = new RecordVal(pm_mapping);
+	RecordVal* mapping = new RecordVal(zeek::vars::pm_mapping);
 	mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
 	mapping->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -213,7 +213,7 @@ Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
 Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
 	{
-	RecordVal* pr = new RecordVal(pm_port_request);
+	RecordVal* pr = new RecordVal(zeek::vars::pm_port_request);
 	pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
 	pr->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -233,7 +233,7 @@ Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
 Val* PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
 	{
-	RecordVal* c = new RecordVal(pm_callit_request);
+	RecordVal* c = new RecordVal(zeek::vars::pm_callit_request);
 	c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
 	c->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
--- a/src/analyzer/protocol/sip/sip-analyzer.pac
+++ b/src/analyzer/protocol/sip/sip-analyzer.pac
@ -67,7 +67,7 @@ refine flow SIP_Flow += {
 	function build_sip_headers_val(): BroVal
 		%{
-		TableVal* t = new TableVal({NewRef{}, mime_header_list});
+		TableVal* t = new TableVal(zeek::vars::mime_header_list);
 		for ( unsigned int i = 0; i < headers.size(); ++i )
 			{ // index starting from 1
@ -101,7 +101,7 @@ refine flow SIP_Flow += {
 	function build_sip_header_val(name: const_bytestring, value: const_bytestring): BroVal
 		%{
-		RecordVal* header_record = new RecordVal(mime_header_rec);
+		RecordVal* header_record = new RecordVal(zeek::vars::mime_header_rec);
 		IntrusivePtr<StringVal> name_val;
 		if ( name.length() > 0 )
--- a/src/analyzer/protocol/smb/smb1-com-negotiate.pac
+++ b/src/analyzer/protocol/smb/smb1-com-negotiate.pac
@ -15,7 +15,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_negotiate_request )
 			{
-			auto dialects = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
+			auto dialects = make_intrusive<VectorVal>(zeek::vars::string_vec);
 			for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
 				{
--- a/src/analyzer/protocol/smb/smb2-com-negotiate.pac
+++ b/src/analyzer/protocol/smb/smb2-com-negotiate.pac
@ -22,7 +22,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_negotiate_request )
 			{
-			auto dialects = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
+			auto dialects = make_intrusive<VectorVal>(zeek::vars::index_vec);
 			for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
 				dialects->Assign(i, val_mgr->Count((*${val.dialects})[i]));
--- a/src/analyzer/protocol/smb/smb2-protocol.pac
+++ b/src/analyzer/protocol/smb/smb2-protocol.pac
@ -68,7 +68,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 		rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
 		rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
-		auto ha = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto ha = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		for ( int i = 0; i < ${ncv.preauth_integrity_capabilities.hash_alg_count}; ++i )
 			{
@ -87,7 +87,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 		auto rencr = make_intrusive<RecordVal>(BifType::Record::SMB2::EncryptionCapabilities);
 		rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
-		auto c = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto c = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		for ( int i = 0; i < ${ncv.encryption_capabilities.cipher_count}; ++i )
 			{
@ -105,7 +105,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 		auto rcomp = make_intrusive<RecordVal>(BifType::Record::SMB2::CompressionCapabilities);
 		rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count}));
-		auto c = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto c = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		for ( int i = 0; i < ${ncv.compression_capabilities.alg_count}; ++i )
 			{
--- a/src/analyzer/protocol/socks/socks-analyzer.pac
+++ b/src/analyzer/protocol/socks/socks-analyzer.pac
@ -24,7 +24,7 @@ refine connection SOCKS_Conn += {
 		%{
 		if ( socks_request )
 			{
-			auto sa = make_intrusive<RecordVal>(socks_address);
+			auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
 			sa->Assign(0, make_intrusive<AddrVal>(htonl(${request.addr})));
 			if ( ${request.v4a} )
@ -48,7 +48,7 @@ refine connection SOCKS_Conn += {
 		%{
 		if ( socks_reply )
 			{
-			auto sa = make_intrusive<RecordVal>(socks_address);
+			auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
 			sa->Assign(0, make_intrusive<AddrVal>(htonl(${reply.addr})));
 			BifEvent::enqueue_socks_reply(bro_analyzer(),
@ -80,7 +80,7 @@ refine connection SOCKS_Conn += {
 			return false;
 			}
-		auto sa = make_intrusive<RecordVal>(socks_address);
+		auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
 		// This is dumb and there must be a better way (checking for presence of a field)...
 		switch ( ${request.remote_name.addr_type} )
@ -119,7 +119,7 @@ refine connection SOCKS_Conn += {
 	function socks5_reply(reply: SOCKS5_Reply): bool
 		%{
-		auto sa = make_intrusive<RecordVal>(socks_address);
+		auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
 		// This is dumb and there must be a better way (checking for presence of a field)...
 		switch ( ${reply.bound.addr_type} )
--- a/src/analyzer/protocol/ssh/ssh-analyzer.pac
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@ -12,7 +12,7 @@ VectorVal* name_list_to_vector(const bytestring& nl);
 // Copied from IRC_Analyzer::SplitWords
 VectorVal* name_list_to_vector(const bytestring& nl)
 	{
-	VectorVal* vv = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
+	VectorVal* vv = new VectorVal(zeek::vars::string_vec);
 	string name_list = std_str(nl);
 	if ( name_list.size() < 1 )
--- a/src/analyzer/protocol/ssl/proc-client-hello.pac
+++ b/src/analyzer/protocol/ssl/proc-client-hello.pac
@ -23,7 +23,7 @@
 			else
 				std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(cipher_suites), to_int());
-			auto cipher_vec = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+			auto cipher_vec = make_intrusive<VectorVal>(zeek::vars::index_vec);
 			for ( unsigned int i = 0; i < cipher_suites.size(); ++i )
 				{
@ -31,7 +31,7 @@
 				cipher_vec->Assign(i, ciph);
 				}
-			auto comp_vec = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+			auto comp_vec = make_intrusive<VectorVal>(zeek::vars::index_vec);
 			if ( compression_methods )
 				{
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@ -75,7 +75,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_ec_point_formats )
 			return true;
-		auto points = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto points = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		if ( point_format_list )
 			{
@ -94,7 +94,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_elliptic_curves )
 			return true;
-		auto curves = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto curves = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		if ( list )
 			{
@ -113,7 +113,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_key_share )
 			return true;
-		auto nglist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		if ( keyshare )
 			{
@ -131,7 +131,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_key_share )
 			return true;
-		auto nglist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup()));
 		BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
@ -143,7 +143,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_key_share )
 			return true;
-		auto nglist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		nglist->Assign(0u, val_mgr->Count(namedgroup));
 		BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
@ -178,7 +178,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_application_layer_protocol_negotiation )
 			return true;
-		auto plist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
+		auto plist = make_intrusive<VectorVal>(zeek::vars::string_vec);
 		if ( protocols )
 			{
@ -194,7 +194,7 @@ refine connection Handshake_Conn += {
 	function proc_server_name(rec: HandshakeRecord, list: ServerName[]) : bool
 		%{
-		auto servers = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
+		auto servers = make_intrusive<VectorVal>(zeek::vars::string_vec);
 		if ( list )
 			{
@ -226,7 +226,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_supported_versions )
 			return true;
-		auto versions = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto versions = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		if ( versions_list )
 			{
@ -245,7 +245,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_supported_versions )
 			return true;
-		auto versions = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto versions = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		versions->Assign(0u, val_mgr->Count(version));
 		BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
@ -259,7 +259,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_psk_key_exchange_modes )
 			return true;
-		auto modes = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+		auto modes = make_intrusive<VectorVal>(zeek::vars::index_vec);
 		if ( mode_list )
 			{
@ -505,7 +505,7 @@ refine connection Handshake_Conn += {
 				}
 			}
-		auto blist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
+		auto blist = make_intrusive<VectorVal>(zeek::vars::string_vec);
 		if ( binders && binders->binders() )
 			{
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@ -107,7 +107,7 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
 		options += opt_len;
 		}
-	RecordVal* v = new RecordVal(SYN_packet);
+	RecordVal* v = new RecordVal(zeek::vars::SYN_packet);
 	v->Assign(0, val_mgr->Bool(is_orig));
 	v->Assign(1, val_mgr->Bool(int(ip->DF())));
@ -1421,7 +1421,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 					{
 					auto p = reinterpret_cast<const uint32_t*>(o + 2);
 					auto num_pointers = (length - 2) / 4;
-					auto vt = zeek::lookup_type<VectorType>("index_vec");
+					auto vt = zeek::vars::index_vec;
 					auto sack = make_intrusive<VectorVal>(std::move(vt));
 					for ( auto i = 0; i < num_pointers; ++i )
@ -2077,7 +2077,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl
 RecordVal* TCPStats_Endpoint::BuildStats()
 	{
-	RecordVal* stats = new RecordVal(endpoint_stats);
+	RecordVal* stats = new RecordVal(zeek::vars::endpoint_stats);
 	stats->Assign(0, val_mgr->Count(num_pkts));
 	stats->Assign(1, val_mgr->Count(num_rxmit));
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -23,16 +23,16 @@ using namespace file_analysis;
 static Val* empty_connection_table()
 	{
-	auto tbl_index = make_intrusive<TypeList>(IntrusivePtr{NewRef{}, conn_id});
+	auto tbl_index = make_intrusive<TypeList>(zeek::vars::conn_id);
-	tbl_index->Append({NewRef{}, conn_id});
+	tbl_index->Append(zeek::vars::conn_id);
 	auto tbl_type = make_intrusive<TableType>(std::move(tbl_index),
-	                                          IntrusivePtr{NewRef{}, connection_type});
+	                                          zeek::vars::connection_type);
 	return new TableVal(std::move(tbl_type));
 	}
-static RecordVal* get_conn_id_val(const Connection* conn)
+static IntrusivePtr<RecordVal> get_conn_id_val(const Connection* conn)
 	{
-	RecordVal* v = new RecordVal(conn_id);
+	auto v = make_intrusive<RecordVal>(zeek::vars::conn_id);
 	v->Assign(0, make_intrusive<AddrVal>(conn->OrigAddr()));
 	v->Assign(1, val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
 	v->Assign(2, make_intrusive<AddrVal>(conn->RespAddr()));
@ -62,22 +62,22 @@ void File::StaticInit()
 	if ( id_idx != -1 )
 		return;
-	id_idx = Idx("id", fa_file_type);
+	id_idx = Idx("id", zeek::vars::fa_file_type);
-	parent_id_idx = Idx("parent_id", fa_file_type);
+	parent_id_idx = Idx("parent_id", zeek::vars::fa_file_type);
-	source_idx = Idx("source", fa_file_type);
+	source_idx = Idx("source", zeek::vars::fa_file_type);
-	is_orig_idx = Idx("is_orig", fa_file_type);
+	is_orig_idx = Idx("is_orig", zeek::vars::fa_file_type);
-	conns_idx = Idx("conns", fa_file_type);
+	conns_idx = Idx("conns", zeek::vars::fa_file_type);
-	last_active_idx = Idx("last_active", fa_file_type);
+	last_active_idx = Idx("last_active", zeek::vars::fa_file_type);
-	seen_bytes_idx = Idx("seen_bytes", fa_file_type);
+	seen_bytes_idx = Idx("seen_bytes", zeek::vars::fa_file_type);
-	total_bytes_idx = Idx("total_bytes", fa_file_type);
+	total_bytes_idx = Idx("total_bytes", zeek::vars::fa_file_type);
-	missing_bytes_idx = Idx("missing_bytes", fa_file_type);
+	missing_bytes_idx = Idx("missing_bytes", zeek::vars::fa_file_type);
-	overflow_bytes_idx = Idx("overflow_bytes", fa_file_type);
+	overflow_bytes_idx = Idx("overflow_bytes", zeek::vars::fa_file_type);
-	timeout_interval_idx = Idx("timeout_interval", fa_file_type);
+	timeout_interval_idx = Idx("timeout_interval", zeek::vars::fa_file_type);
-	bof_buffer_size_idx = Idx("bof_buffer_size", fa_file_type);
+	bof_buffer_size_idx = Idx("bof_buffer_size", zeek::vars::fa_file_type);
-	bof_buffer_idx = Idx("bof_buffer", fa_file_type);
+	bof_buffer_idx = Idx("bof_buffer", zeek::vars::fa_file_type);
-	meta_mime_type_idx = Idx("mime_type", fa_metadata_type);
+	meta_mime_type_idx = Idx("mime_type", zeek::vars::fa_metadata_type);
-	meta_mime_types_idx = Idx("mime_types", fa_metadata_type);
+	meta_mime_types_idx = Idx("mime_types", zeek::vars::fa_metadata_type);
-	meta_inferred_idx = Idx("inferred", fa_metadata_type);
+	meta_inferred_idx = Idx("inferred", zeek::vars::fa_metadata_type);
 	}
 File::File(const std::string& file_id, const std::string& source_name, Connection* conn,
@ -91,7 +91,7 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str());
-	val = new RecordVal(fa_file_type);
+	val = new RecordVal(zeek::vars::fa_file_type);
 	val->Assign(id_idx, make_intrusive<StringVal>(file_id.c_str()));
 	SetSource(source_name);
@ -137,16 +137,12 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig)
 		val->Assign(conns_idx, conns);
 		}
-	Val* idx = get_conn_id_val(conn);
+	auto idx = get_conn_id_val(conn);
-	if ( conns->AsTableVal()->Lookup(idx) )
+	if ( conns->AsTableVal()->Lookup(idx.get()) )
 		{
 		Unref(idx);
 		return false;
 		}
-	conns->AsTableVal()->Assign(idx, conn->ConnVal());
+	conns->AsTableVal()->Assign(idx.get(), conn->ConnVal());
 	Unref(idx);
 	return true;
 	}
@ -299,7 +295,7 @@ bool File::SetMime(const std::string& mime_type)
 	if ( ! FileEventAvailable(file_sniff) )
 		return false;
-	auto meta = make_intrusive<RecordVal>(fa_metadata_type);
+	auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata_type);
 	meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
 	meta->Assign(meta_inferred_idx, val_mgr->False());
@ -332,7 +328,7 @@ void File::InferMetadata()
 	len = std::min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
 	file_mgr->DetectMIME(data, len, &matches);
-	auto meta = make_intrusive<RecordVal>(fa_metadata_type);
+	auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata_type);
 	if ( ! matches.empty() )
 		{
--- a/src/file_analysis/File.h
+++ b/src/file_analysis/File.h
@ -323,6 +323,8 @@ protected:
 	 * @return the field offset in #val record corresponding to \a field_name.
 	 */
 	static int Idx(const std::string& field_name, const RecordType* type);
 	static int Idx(const std::string& field_name, const IntrusivePtr<RecordType>& type)
 		{ return Idx(field_name, type.get()); }
 	/**
 	 * Initializes static member.
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -499,12 +499,12 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const
 IntrusivePtr<VectorVal> file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
 	{
-	auto rval = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, mime_matches});
+	auto rval = make_intrusive<VectorVal>(zeek::vars::mime_matches);
 	for ( RuleMatcher::MIME_Matches::const_iterator it = m.begin();
 	      it != m.end(); ++it )
 		{
-		auto element = make_intrusive<RecordVal>(mime_match);
+		auto element = make_intrusive<RecordVal>(zeek::vars::mime_match);
 		for ( set<string>::const_iterator it2 = it->second.begin();
 		      it2 != it->second.end(); ++it2 )
--- a/src/file_analysis/analyzer/entropy/Entropy.cc
+++ b/src/file_analysis/analyzer/entropy/Entropy.cc
@ -60,7 +60,7 @@ void Entropy::Finalize()
 	montepi = scc = ent = mean = chisq = 0.0;
 	entropy->Get(&ent, &chisq, &mean, &montepi, &scc);
-	auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
+	auto ent_result = make_intrusive<RecordVal>(zeek::vars::entropy_test_result);
 	ent_result->Assign(0, make_intrusive<Val>(ent,     TYPE_DOUBLE));
 	ent_result->Assign(1, make_intrusive<Val>(chisq,   TYPE_DOUBLE));
 	ent_result->Assign(2, make_intrusive<Val>(mean,    TYPE_DOUBLE));
--- a/src/file_analysis/analyzer/pe/pe-analyzer.pac
+++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac
@ -11,7 +11,7 @@ VectorVal* process_rvas(const RVAS* rvas);
 %code{
 VectorVal* process_rvas(const RVAS* rva_table)
 	{
-	auto rvas = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
+	auto rvas = make_intrusive<VectorVal>(zeek::vars::index_vec);
 	for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
 		rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
@ -26,7 +26,7 @@ refine flow File += {
 	function characteristics_to_bro(c: uint32, len: uint8): TableVal
 		%{
 		uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
-		TableVal* char_set = new TableVal(zeek::lookup_type<TableType>("count_set"));
+		TableVal* char_set = new TableVal(zeek::vars::count_set);
 		for ( uint16 i=0; i < len; ++i )
 			{
 			if ( ((c >> i) & 0x1) == 1 )
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@ -367,21 +367,21 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 				{
 				case GEN_DNS:
 					if ( names == nullptr )
-						names = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
+						names = new VectorVal(zeek::vars::string_vec);
 					names->Assign(names->Size(), bs);
 					break;
 				case GEN_URI:
 					if ( uris == nullptr )
-						uris = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
+						uris = new VectorVal(zeek::vars::string_vec);
 					uris->Assign(uris->Size(), bs);
 					break;
 				case GEN_EMAIL:
 					if ( emails == nullptr )
-						emails = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
+						emails = new VectorVal(zeek::vars::string_vec);
 					emails->Assign(emails->Size(), bs);
 					break;
--- a/src/iosource/Packet.cc
+++ b/src/iosource/Packet.cc
@ -593,8 +593,8 @@ void Packet::ProcessLayer2()
 IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
 	{
-	auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
+	auto pkt_hdr = make_intrusive<RecordVal>(zeek::vars::raw_pkt_hdr_type);
-	RecordVal* l2_hdr = new RecordVal(l2_hdr_type);
+	RecordVal* l2_hdr = new RecordVal(zeek::vars::l2_hdr_type);
 	bool is_ethernet = link_type == DLT_EN10MB;
--- a/src/reporter.bif
+++ b/src/reporter.bif
@ -153,7 +153,7 @@ function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="
 ## Returns: Current weird sampling whitelist
 function Reporter::get_weird_sampling_whitelist%(%): string_set
 	%{
-	auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
+	auto set = make_intrusive<TableVal>(zeek::vars::string_set);
 	for ( auto el : reporter->GetWeirdSamplingWhitelist() )
 		{
 		auto idx = make_intrusive<StringVal>(el);
--- a/src/strings.bif
+++ b/src/strings.bif
@ -259,7 +259,7 @@ static IntrusivePtr<VectorVal> do_split_string(StringVal* str_val,
 Val* do_split(StringVal* str_val, RE_Matcher* re, int incl_sep, int max_num_sep)
 	{
-	TableVal* a = new TableVal({NewRef{}, string_array});
+	TableVal* a = new TableVal(zeek::vars::string_array);
 	const u_char* s = str_val->Bytes();
 	int n = str_val->Len();
 	const u_char* end_of_s = s + n;
@ -713,8 +713,7 @@ function str_split%(s: string, idx: index_vec%): string_vec
 		indices[i] = (*idx_v)[i]->AsCount();
 	BroString::Vec* result = s->AsString()->Split(indices);
-	auto result_v = make_intrusive<VectorVal>(
+	auto result_v = make_intrusive<VectorVal>(zeek::vars::string_vec);
 	    zeek::lookup_type<VectorType>("string_vec"));
 	if ( result )
 		{
@ -909,7 +908,7 @@ function safe_shell_quote%(source: string%): string
 ## .. zeek:see: find_last strstr
 function find_all%(str: string, re: pattern%) : string_set
 	%{
-	auto a = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
+	auto a = make_intrusive<TableVal>(zeek::vars::string_set);
 	const u_char* s = str->Bytes();
 	const u_char* e = s + str->Len();
--- a/src/zeek.bif
+++ b/src/zeek.bif
@ -30,7 +30,6 @@
 #include "Hash.h"
 using namespace std;
 using namespace zeek;
 TableType* var_sizes;
@ -1052,7 +1051,7 @@ function find_entropy%(data: string%): entropy_test_result
 	e.Feed(data->Bytes(), data->Len());
 	e.Get(&ent, &chisq, &mean, &montepi, &scc);
-	auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
+	auto ent_result = make_intrusive<RecordVal>(zeek::vars::entropy_test_result);
 	ent_result->Assign(0, make_intrusive<Val>(ent,     TYPE_DOUBLE));
 	ent_result->Assign(1, make_intrusive<Val>(chisq,   TYPE_DOUBLE));
 	ent_result->Assign(2, make_intrusive<Val>(mean,    TYPE_DOUBLE));
@ -1103,7 +1102,7 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result
 	montepi = scc = ent = mean = chisq = 0.0;
 	static_cast<EntropyVal*>(handle)->Get(&ent, &chisq, &mean, &montepi, &scc);
-	auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
+	auto ent_result = make_intrusive<RecordVal>(zeek::vars::entropy_test_result);
 	ent_result->Assign(0, make_intrusive<Val>(ent,     TYPE_DOUBLE));
 	ent_result->Assign(1, make_intrusive<Val>(chisq,   TYPE_DOUBLE));
 	ent_result->Assign(2, make_intrusive<Val>(mean,    TYPE_DOUBLE));
@ -1470,7 +1469,7 @@ function sort%(v: any, ...%) : any
 ## .. zeek:see:: sort
 function order%(v: any, ...%) : index_vec
 	%{
-	auto result_v = make_intrusive<VectorVal>(lookup_type<VectorType>("index_vec"));
+	auto result_v = make_intrusive<VectorVal>(zeek::vars::index_vec);
 	if ( v->GetType()->Tag() != TYPE_VECTOR )
 		{
@ -1823,10 +1822,9 @@ function zeek_version%(%): string
 ## Returns: A string vector with the field names of *rt*.
 function record_type_to_vector%(rt: string%): string_vec
 	%{
-	auto result =
+	auto result = make_intrusive<VectorVal>(zeek::vars::string_vec);
 		make_intrusive<VectorVal>(lookup_type<VectorType>("string_vec"));
-	RecordType* type = lookup_type(rt->CheckString())->AsRecordType();
+	RecordType* type = zeek::lookup_type(rt->CheckString())->AsRecordType();
 	for ( int i = 0; i < type->NumFields(); ++i )
 		result->Assign(i+1, make_intrusive<StringVal>(type->FieldName(i)));
@ -1853,7 +1851,7 @@ function type_name%(t: any%): string
 ## Returns: list of command-line arguments (``argv``) used to run Zeek.
 function zeek_args%(%): string_vec
 	%{
-	auto sv = lookup_type<VectorType>("string_vec");
+	auto sv = zeek::vars::string_vec;
 	auto rval = make_intrusive<VectorVal>(std::move(sv));
 	for ( auto i = 0; i < bro_argc; ++i )
@ -1891,7 +1889,7 @@ function reading_traces%(%): bool
 ## .. zeek:see:: reading_live_traffic reading_traces
 function packet_source%(%): PacketSource
 	%{
-	auto ps_type = lookup_type("PacketSource")->AsRecordType();
+	auto ps_type = zeek::lookup_type("PacketSource")->AsRecordType();
 	auto ps = iosource_mgr->GetPktSrc();
 	auto r = make_intrusive<RecordVal>(ps_type);
@ -1941,13 +1939,13 @@ function global_sizes%(%): var_sizes
 ## .. zeek:see:: global_sizes
 function global_ids%(%): id_table
 	%{
-	auto ids = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, id_table});
+	auto ids = make_intrusive<TableVal>(zeek::vars::id_table);
 	const auto& globals = global_scope()->Vars();
 	for ( const auto& global : globals )
 		{
 		ID* id = global.second.get();
-		auto rec = make_intrusive<RecordVal>(script_id);
+		auto rec = make_intrusive<RecordVal>(zeek::vars::script_id);
 		rec->Assign(0, make_intrusive<StringVal>(type_name(id->GetType()->Tag())));
 		rec->Assign(1, val_mgr->Bool(id->IsExport()));
 		rec->Assign(2, val_mgr->Bool(id->IsConst()));
@ -1999,8 +1997,7 @@ function record_fields%(rec: any%): record_field_table
 		if ( ! id || ! id->IsType() || id->GetType()->Tag() != TYPE_RECORD )
 			{
 			reporter->Error("record_fields string argument does not name a record type");
-			auto tt = lookup_type<TableType>("record_field_table");
+			return make_intrusive<TableVal>(zeek::vars::record_field_table);
 			return make_intrusive<TableVal>(std::move(tt));
 			}
 		return id->GetType()->AsRecordType()->GetRecordFieldsVal();
@ -2186,7 +2183,7 @@ function is_v6_subnet%(s: subnet%): bool
 ## Returns: The vector of addresses contained in the routing header data.
 function routing0_data_to_addrs%(s: string%): addr_vec
 	%{
-	auto rval = make_intrusive<VectorVal>(lookup_type<VectorType>("addr_vec"));
+	auto rval = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("addr_vec"));
 	int len = s->Len();
 	const u_char* bytes = s->Bytes();
@ -2217,7 +2214,7 @@ function routing0_data_to_addrs%(s: string%): addr_vec
 ## .. zeek:see:: counts_to_addr
 function addr_to_counts%(a: addr%): index_vec
 	%{
-	auto rval = make_intrusive<VectorVal>(lookup_type<VectorType>("index_vec"));
+	auto rval = make_intrusive<VectorVal>(zeek::vars::index_vec);
 	const uint32_t* bytes;
 	int len = a->AsAddr().GetBytes(&bytes);
@ -3211,16 +3208,16 @@ static IntrusivePtr<EnumVal> map_conn_type(TransportProto tp)
 	{
 	switch ( tp ) {
 	case TRANSPORT_UNKNOWN:
-		return transport_proto->GetVal(0);
+		return zeek::vars::transport_proto->GetVal(0);
 	case TRANSPORT_TCP:
-		return transport_proto->GetVal(1);
+		return zeek::vars::transport_proto->GetVal(1);
 	case TRANSPORT_UDP:
-		return transport_proto->GetVal(2);
+		return zeek::vars::transport_proto->GetVal(2);
 	case TRANSPORT_ICMP:
-		return transport_proto->GetVal(3);
+		return zeek::vars::transport_proto->GetVal(3);
 	default:
 		reporter->InternalError("bad connection type in map_conn_type()");
@ -3246,7 +3243,7 @@ function get_conn_transport_proto%(cid: conn_id%): transport_proto
 	if ( ! c )
 		{
 		builtin_error("unknown connection id in get_conn_transport_proto()", cid);
-		return transport_proto->GetVal(0);
+		return zeek::vars::transport_proto->GetVal(0);
 		}
 	return map_conn_type(c->ConnTransport());
@ -3298,20 +3295,20 @@ function lookup_connection%(cid: conn_id%): connection
 	builtin_error("connection ID not a known connection", cid);
 	// Return a dummy connection record.
-	auto c = make_intrusive<RecordVal>(connection_type);
+	auto c = make_intrusive<RecordVal>(zeek::vars::connection_type);
-	auto id_val = make_intrusive<RecordVal>(conn_id);
+	auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
 	id_val->Assign(0, make_intrusive<AddrVal>((unsigned int) 0));
 	id_val->Assign(1, val_mgr->Port(ntohs(0), TRANSPORT_UDP));
 	id_val->Assign(2, make_intrusive<AddrVal>((unsigned int) 0));
 	id_val->Assign(3, val_mgr->Port(ntohs(0), TRANSPORT_UDP));
 	c->Assign(0, std::move(id_val));
-	auto orig_endp = make_intrusive<RecordVal>(endpoint);
+	auto orig_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
 	orig_endp->Assign(0, val_mgr->Count(0));
 	orig_endp->Assign(1, val_mgr->Count(int(0)));
-	auto resp_endp = make_intrusive<RecordVal>(endpoint);
+	auto resp_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
 	resp_endp->Assign(0, val_mgr->Count(0));
 	resp_endp->Assign(1, val_mgr->Count(int(0)));
@ -3320,7 +3317,7 @@ function lookup_connection%(cid: conn_id%): connection
 	c->Assign(3, make_intrusive<Val>(network_time, TYPE_TIME));
 	c->Assign(4, make_intrusive<Val>(0.0, TYPE_INTERVAL));
-	c->Assign(5, make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set}));	// service
+	c->Assign(5, make_intrusive<TableVal>(zeek::vars::string_set));	// service
 	c->Assign(6, val_mgr->EmptyString());	// history
 	return c;
@ -3383,7 +3380,7 @@ function dump_current_packet%(file_name: string%) : bool
 function get_current_packet%(%) : pcap_packet
 	%{
 	const Packet* p;
-	auto pkt = make_intrusive<RecordVal>(pcap_packet);
+	auto pkt = make_intrusive<RecordVal>(zeek::vars::pcap_packet);
 	if ( ! current_pktsrc ||
 	     ! current_pktsrc->GetCurrentPacket(&p) )
@ -3423,7 +3420,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr
 		return p->ToRawPktHdrVal();
 		}
-	auto hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
+	auto hdr = make_intrusive<RecordVal>(zeek::vars::raw_pkt_hdr_type);
 	return hdr;
 	%}
@ -3993,7 +3990,7 @@ function mmdb_open_asn_db%(f: string%) : bool
 ## .. zeek:see:: lookup_asn
 function lookup_location%(a: addr%) : geo_location
 	%{
-	auto location = make_intrusive<RecordVal>(geo_location);
+	auto location = make_intrusive<RecordVal>(zeek::vars::geo_location);
 #ifdef USE_GEOIP
 	mmdb_check_loc();
@ -4624,7 +4621,7 @@ function rotate_file%(f: file%): rotate_info
 		return info;
 	// Record indicating error.
-	info = make_intrusive<RecordVal>(rotate_info);
+	info = make_intrusive<RecordVal>(zeek::vars::rotate_info);
 	info->Assign(0, val_mgr->EmptyString());
 	info->Assign(1, val_mgr->EmptyString());
 	info->Assign(2, make_intrusive<Val>(0.0, TYPE_TIME));
@ -4643,7 +4640,7 @@ function rotate_file%(f: file%): rotate_info
 ## .. zeek:see:: rotate_file calc_next_rotate
 function rotate_file_by_name%(f: string%): rotate_info
 	%{
-	auto info = make_intrusive<RecordVal>(rotate_info);
+	auto info = make_intrusive<RecordVal>(zeek::vars::rotate_info);
 	bool is_pkt_dumper = false;
 	bool is_addl_pkt_dumper = false;