Prefix #includes of .bif.h files with zeek/

This enables locating the headers within the install-tree using the dirs provided by `zeek-config --include_dir`. To enable locating these headers within the build-tree, this change also creates a 'build/src/include/zeek -> ..' symlink.
2025-10-02 14:48:21 +00:00 · 2021-02-02 19:13:51 -08:00 · 2021-02-02 19:13:51 -08:00 · c44cbe1feb
commit c44cbe1feb
parent c348ab7916
144 changed files with 239 additions and 231 deletions
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -1,8 +1,16 @@
 include_directories(BEFORE
                    ${CMAKE_CURRENT_SOURCE_DIR}
                    ${CMAKE_CURRENT_BINARY_DIR}
                    ${CMAKE_CURRENT_BINARY_DIR}/include
 )
 # Allows header file inclusion via zeek/ within the build tree
 execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
                "${CMAKE_CURRENT_BINARY_DIR}/include")
 execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
                ".."
                "${CMAKE_CURRENT_BINARY_DIR}/include/zeek")
 # This collects generated bif and pac files from subdirectories.
 set(bro_ALL_GENERATED_OUTPUTS  CACHE INTERNAL "automatically generated files" FORCE)
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -28,7 +28,7 @@
 #include "zeek/iosource/IOSource.h"
 #include "zeek/packet_analysis/Manager.h"
-#include "analyzer/protocol/stepping-stone/events.bif.h"
+#include "zeek/analyzer/protocol/stepping-stone/events.bif.h"
 // These represent NetBIOS services on ephemeral ports.  They're numbered
 // so that we can use a single int to hold either an actual TCP/UDP server
--- a/src/Stmt.cc
+++ b/src/Stmt.cc
@ -20,7 +20,7 @@
 #include "zeek/IntrusivePtr.h"
 #include "zeek/logging/Manager.h"
-#include "logging/logging.bif.h"
+#include "zeek/logging/logging.bif.h"
 namespace zeek::detail {
--- a/src/analyzer/Manager.cc
+++ b/src/analyzer/Manager.cc
@ -16,7 +16,7 @@
 #include "zeek/plugin/Manager.h"
-#include "analyzer/protocol/tcp/events.bif.h"
+#include "zeek/analyzer/protocol/tcp/events.bif.h"
 namespace zeek::analyzer {
--- a/src/analyzer/Manager.h
+++ b/src/analyzer/Manager.h
@ -32,7 +32,7 @@
 #include "zeek/net_util.h"
 #include "zeek/IP.h"
-#include "analyzer/analyzer.bif.h"
+#include "zeek/analyzer/analyzer.bif.h"
 namespace zeek {
 namespace analyzer {
--- a/src/analyzer/protocol/bittorrent/BitTorrent.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc
@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/bittorrent/BitTorrent.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/protocol/bittorrent/events.bif.h"
+#include "zeek/analyzer/protocol/bittorrent/events.bif.h"
 namespace zeek::analyzer::bittorrent {
--- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
@ -8,7 +8,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/protocol/bittorrent/events.bif.h"
+#include "zeek/analyzer/protocol/bittorrent/events.bif.h"
 # define FMT_INT "%" PRId64
 # define FMT_UINT "%" PRIu64
--- a/src/analyzer/protocol/bittorrent/bittorrent.pac
+++ b/src/analyzer/protocol/bittorrent/bittorrent.pac
@ -6,7 +6,7 @@
 %extern{
 #define MSGLEN_LIMIT 0x40000
-#include "analyzer/protocol/bittorrent/events.bif.h"
+#include "zeek/analyzer/protocol/bittorrent/events.bif.h"
 %}
 analyzer BitTorrent withcontext {
--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@ -9,7 +9,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/RunState.h"
-#include "analyzer/protocol/conn-size/events.bif.h"
+#include "zeek/analyzer/protocol/conn-size/events.bif.h"
 namespace zeek::analyzer::conn_size {
--- a/src/analyzer/protocol/dce-rpc/DCE_RPC.h
+++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.h
@ -6,8 +6,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/IPAddr.h"
-#include "analyzer/protocol/dce-rpc/events.bif.h"
+#include "zeek/analyzer/protocol/dce-rpc/events.bif.h"
-#include "analyzer/protocol/dce-rpc/dce_rpc_pac.h"
+#include "zeek/analyzer/protocol/dce-rpc/dce_rpc_pac.h"
 namespace zeek::analyzer::dce_rpc {
--- a/src/analyzer/protocol/dce-rpc/dce_rpc.pac
+++ b/src/analyzer/protocol/dce-rpc/dce_rpc.pac
@ -2,9 +2,9 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/dce-rpc/consts.bif.h"
+#include "zeek/analyzer/protocol/dce-rpc/consts.bif.h"
-#include "analyzer/protocol/dce-rpc/types.bif.h"
+#include "zeek/analyzer/protocol/dce-rpc/types.bif.h"
-#include "analyzer/protocol/dce-rpc/events.bif.h"
+#include "zeek/analyzer/protocol/dce-rpc/events.bif.h"
 %}
 analyzer DCE_RPC withcontext {
--- a/src/analyzer/protocol/dhcp/DHCP.cc
+++ b/src/analyzer/protocol/dhcp/DHCP.cc
@ -1,7 +1,7 @@
 #include "zeek/analyzer/protocol/dhcp/DHCP.h"
-#include "analyzer/protocol/dhcp/events.bif.h"
+#include "zeek/analyzer/protocol/dhcp/events.bif.h"
-#include "analyzer/protocol/dhcp/types.bif.h"
+#include "zeek/analyzer/protocol/dhcp/types.bif.h"
 namespace zeek::analyzer::dhcp {
--- a/src/analyzer/protocol/dhcp/dhcp.pac
+++ b/src/analyzer/protocol/dhcp/dhcp.pac
@ -2,8 +2,8 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/dhcp/types.bif.h"
+#include "zeek/analyzer/protocol/dhcp/types.bif.h"
-#include "analyzer/protocol/dhcp/events.bif.h"
+#include "zeek/analyzer/protocol/dhcp/events.bif.h"
 %}
 analyzer DHCP withcontext {
--- a/src/analyzer/protocol/dnp3/DNP3.cc
+++ b/src/analyzer/protocol/dnp3/DNP3.cc
@ -99,7 +99,7 @@
 #include "zeek/analyzer/protocol/dnp3/DNP3.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/dnp3/events.bif.h"
+#include "zeek/analyzer/protocol/dnp3/events.bif.h"
 constexpr unsigned int PSEUDO_LENGTH_INDEX = 2;		// index of len field of DNP3 Pseudo Link Layer
 constexpr unsigned int PSEUDO_CONTROL_FIELD_INDEX = 3;	// index of ctrl field of DNP3 Pseudo Link Layer
--- a/src/analyzer/protocol/dnp3/dnp3.pac
+++ b/src/analyzer/protocol/dnp3/dnp3.pac
@ -3,7 +3,7 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/dnp3/events.bif.h"
+#include "zeek/analyzer/protocol/dnp3/events.bif.h"
 %}
 analyzer DNP3 withcontext {
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -15,7 +15,7 @@
 #include "zeek/Event.h"
 #include "zeek/RunState.h"
-#include "analyzer/protocol/dns/events.bif.h"
+#include "zeek/analyzer/protocol/dns/events.bif.h"
 namespace zeek::analyzer::dns {
--- a/src/analyzer/protocol/file/File.cc
+++ b/src/analyzer/protocol/file/File.cc
@ -7,7 +7,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/util.h"
-#include "analyzer/protocol/file/events.bif.h"
+#include "zeek/analyzer/protocol/file/events.bif.h"
 namespace zeek::analyzer::file {
--- a/src/analyzer/protocol/finger/Finger.cc
+++ b/src/analyzer/protocol/finger/Finger.cc
@ -9,7 +9,7 @@
 #include "zeek/Event.h"
 #include "zeek/analyzer/protocol/tcp/ContentLine.h"
-#include "analyzer/protocol/finger/events.bif.h"
+#include "zeek/analyzer/protocol/finger/events.bif.h"
 namespace zeek::analyzer::finger {
--- a/src/analyzer/protocol/ftp/FTP.cc
+++ b/src/analyzer/protocol/ftp/FTP.cc
@ -13,7 +13,7 @@
 #include "zeek/analyzer/protocol/login/NVT.h"
 #include "zeek/RuleMatcher.h"
-#include "analyzer/protocol/ftp/events.bif.h"
+#include "zeek/analyzer/protocol/ftp/events.bif.h"
 namespace zeek::analyzer::ftp {
--- a/src/analyzer/protocol/gnutella/Gnutella.cc
+++ b/src/analyzer/protocol/gnutella/Gnutella.cc
@ -12,7 +12,7 @@
 #include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/analyzer/Manager.h"
-#include "analyzer/protocol/gnutella/events.bif.h"
+#include "zeek/analyzer/protocol/gnutella/events.bif.h"
 namespace zeek::analyzer::gnutella {
--- a/src/analyzer/protocol/gssapi/GSSAPI.cc
+++ b/src/analyzer/protocol/gssapi/GSSAPI.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/gssapi/events.bif.h"
+#include "zeek/analyzer/protocol/gssapi/events.bif.h"
 namespace zeek::analyzer::gssapi {
--- a/src/analyzer/protocol/gssapi/GSSAPI.h
+++ b/src/analyzer/protocol/gssapi/GSSAPI.h
@ -4,8 +4,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/gssapi/events.bif.h"
+#include "zeek/analyzer/protocol/gssapi/events.bif.h"
-#include "analyzer/protocol/gssapi/gssapi_pac.h"
+#include "zeek/analyzer/protocol/gssapi/gssapi_pac.h"
 namespace zeek::analyzer::gssapi {
--- a/src/analyzer/protocol/gssapi/gssapi.pac
+++ b/src/analyzer/protocol/gssapi/gssapi.pac
@ -5,7 +5,7 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/Analyzer.h"
-#include "analyzer/protocol/gssapi/events.bif.h"
+#include "zeek/analyzer/protocol/gssapi/events.bif.h"
 %}
 analyzer GSSAPI withcontext {
--- a/src/analyzer/protocol/gtpv1/GTPv1.cc
+++ b/src/analyzer/protocol/gtpv1/GTPv1.cc
@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/gtpv1/GTPv1.h"
 #include "zeek/packet_analysis/protocol/iptunnel/IPTunnel.h"
-#include "analyzer/protocol/gtpv1/events.bif.h"
+#include "zeek/analyzer/protocol/gtpv1/events.bif.h"
 namespace zeek::analyzer::gtpv1 {
--- a/src/analyzer/protocol/gtpv1/gtpv1.pac
+++ b/src/analyzer/protocol/gtpv1/gtpv1.pac
@ -6,7 +6,7 @@
 #include "zeek/TunnelEncapsulation.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/gtpv1/events.bif.h"
+#include "zeek/analyzer/protocol/gtpv1/events.bif.h"
 %}
 analyzer GTPv1 withcontext {
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -14,7 +14,7 @@
 #include "zeek/analyzer/protocol/mime/MIME.h"
 #include "zeek/file_analysis/Manager.h"
-#include "analyzer/protocol/http/events.bif.h"
+#include "zeek/analyzer/protocol/http/events.bif.h"
 namespace zeek::analyzer::http {
--- a/src/analyzer/protocol/http/HTTP.h
+++ b/src/analyzer/protocol/http/HTTP.h
@ -10,7 +10,7 @@
 #include "zeek/binpac_zeek.h"
 #include "zeek/IPAddr.h"
-#include "analyzer/protocol/http/events.bif.h"
+#include "zeek/analyzer/protocol/http/events.bif.h"
 namespace zeek::analyzer::http {
--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@ -14,7 +14,7 @@
 #include "zeek/Desc.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/icmp/events.bif.h"
+#include "zeek/analyzer/protocol/icmp/events.bif.h"
 namespace zeek::analyzer::icmp {
--- a/src/analyzer/protocol/ident/Ident.cc
+++ b/src/analyzer/protocol/ident/Ident.cc
@ -9,7 +9,7 @@
 #include "zeek/NetVar.h"
 #include "zeek/Event.h"
-#include "analyzer/protocol/ident/events.bif.h"
+#include "zeek/analyzer/protocol/ident/events.bif.h"
 namespace zeek::analyzer::ident {
--- a/src/analyzer/protocol/imap/imap.pac
+++ b/src/analyzer/protocol/imap/imap.pac
@ -16,7 +16,7 @@ using IMAPAnalyzer = zeek::analyzer::imap::IMAP_Analyzer*;
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/imap/IMAP.h"
-#include "analyzer/protocol/imap/events.bif.h"
+#include "zeek/analyzer/protocol/imap/events.bif.h"
 %}
--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@ -9,7 +9,7 @@
 #include "zeek/analyzer/protocol/zip/ZIP.h"
 #include "zeek/analyzer/Manager.h"
-#include "analyzer/protocol/irc/events.bif.h"
+#include "zeek/analyzer/protocol/irc/events.bif.h"
 using namespace std;
--- a/src/analyzer/protocol/krb/KRB.cc
+++ b/src/analyzer/protocol/krb/KRB.cc
@ -4,8 +4,8 @@
 #include <unistd.h>
-#include "analyzer/protocol/krb/types.bif.h"
+#include "zeek/analyzer/protocol/krb/types.bif.h"
-#include "analyzer/protocol/krb/events.bif.h"
+#include "zeek/analyzer/protocol/krb/events.bif.h"
 namespace zeek::analyzer::krb {
--- a/src/analyzer/protocol/krb/KRB_TCP.cc
+++ b/src/analyzer/protocol/krb/KRB_TCP.cc
@ -3,8 +3,8 @@
 #include "zeek/analyzer/protocol/krb/KRB_TCP.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/protocol/krb/types.bif.h"
+#include "zeek/analyzer/protocol/krb/types.bif.h"
-#include "analyzer/protocol/krb/events.bif.h"
+#include "zeek/analyzer/protocol/krb/events.bif.h"
 namespace zeek::analyzer::krb_tcp {
--- a/src/analyzer/protocol/krb/krb.pac
+++ b/src/analyzer/protocol/krb/krb.pac
@ -9,8 +9,8 @@ using KRBAnalyzer = zeek::analyzer::krb::KRB_Analyzer*;
 #include "zeek/zeek-config.h"
 #include "zeek/analyzer/protocol/krb/KRB.h"
-#include "analyzer/protocol/krb/types.bif.h"
+#include "zeek/analyzer/protocol/krb/types.bif.h"
-#include "analyzer/protocol/krb/events.bif.h"
+#include "zeek/analyzer/protocol/krb/events.bif.h"
 %}
 extern type KRBAnalyzer;
--- a/src/analyzer/protocol/krb/krb_TCP.pac
+++ b/src/analyzer/protocol/krb/krb_TCP.pac
@ -9,8 +9,8 @@ using KRBTCPAnalyzer = zeek::analyzer::krb_tcp::KRB_Analyzer*;
 #include "zeek/zeek-config.h"
 #include "zeek/analyzer/protocol/krb/KRB_TCP.h"
-#include "analyzer/protocol/krb/types.bif.h"
+#include "zeek/analyzer/protocol/krb/types.bif.h"
-#include "analyzer/protocol/krb/events.bif.h"
+#include "zeek/analyzer/protocol/krb/events.bif.h"
 %}
 extern type KRBTCPAnalyzer;
--- a/src/analyzer/protocol/login/Login.cc
+++ b/src/analyzer/protocol/login/Login.cc
@ -13,7 +13,7 @@
 #include "zeek/Event.h"
 #include "zeek/Var.h"
-#include "analyzer/protocol/login/events.bif.h"
+#include "zeek/analyzer/protocol/login/events.bif.h"
 namespace zeek::analyzer::login {
--- a/src/analyzer/protocol/login/NVT.cc
+++ b/src/analyzer/protocol/login/NVT.cc
@ -11,7 +11,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/login/events.bif.h"
+#include "zeek/analyzer/protocol/login/events.bif.h"
 #define IS_3_BYTE_OPTION(c) (c >= 251 && c <= 254)
--- a/src/analyzer/protocol/login/RSH.cc
+++ b/src/analyzer/protocol/login/RSH.cc
@ -7,7 +7,7 @@
 #include "zeek/Event.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/login/events.bif.h"
+#include "zeek/analyzer/protocol/login/events.bif.h"
 namespace zeek::analyzer::login {
--- a/src/analyzer/protocol/login/Rlogin.cc
+++ b/src/analyzer/protocol/login/Rlogin.cc
@ -7,7 +7,7 @@
 #include "zeek/Event.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/login/events.bif.h"
+#include "zeek/analyzer/protocol/login/events.bif.h"
 namespace zeek::analyzer::login {
--- a/src/analyzer/protocol/login/Telnet.cc
+++ b/src/analyzer/protocol/login/Telnet.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/login/Telnet.h"
 #include "zeek/analyzer/protocol/login/NVT.h"
-#include "analyzer/protocol/login/events.bif.h"
+#include "zeek/analyzer/protocol/login/events.bif.h"
 namespace zeek::analyzer::login {
--- a/src/analyzer/protocol/mime/MIME.cc
+++ b/src/analyzer/protocol/mime/MIME.cc
@ -7,7 +7,7 @@
 #include "zeek/digest.h"
 #include "zeek/file_analysis/Manager.h"
-#include "analyzer/protocol/mime/events.bif.h"
+#include "zeek/analyzer/protocol/mime/events.bif.h"
 // Here are a few things to do:
 //
--- a/src/analyzer/protocol/modbus/Modbus.cc
+++ b/src/analyzer/protocol/modbus/Modbus.cc
@ -1,7 +1,7 @@
 #include "zeek/analyzer/protocol/modbus/Modbus.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/protocol/modbus/events.bif.h"
+#include "zeek/analyzer/protocol/modbus/events.bif.h"
 namespace zeek::analyzer::modbus {
--- a/src/analyzer/protocol/modbus/modbus.pac
+++ b/src/analyzer/protocol/modbus/modbus.pac
@ -10,7 +10,7 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/modbus/events.bif.h"
+#include "zeek/analyzer/protocol/modbus/events.bif.h"
 %}
 analyzer ModbusTCP withcontext {
--- a/src/analyzer/protocol/mqtt/mqtt.pac
+++ b/src/analyzer/protocol/mqtt/mqtt.pac
@ -5,8 +5,8 @@
 %extern{
 	#include "zeek/analyzer/protocol/mqtt/MQTT.h"
-	#include "analyzer/protocol/mqtt/events.bif.h"
+	#include "zeek/analyzer/protocol/mqtt/events.bif.h"
-	#include "analyzer/protocol/mqtt/types.bif.h"
+	#include "zeek/analyzer/protocol/mqtt/types.bif.h"
 %}
 analyzer MQTT withcontext {
--- a/src/analyzer/protocol/mysql/MySQL.cc
+++ b/src/analyzer/protocol/mysql/MySQL.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/mysql/events.bif.h"
+#include "zeek/analyzer/protocol/mysql/events.bif.h"
 namespace zeek::analyzer::mysql {
--- a/src/analyzer/protocol/mysql/MySQL.h
+++ b/src/analyzer/protocol/mysql/MySQL.h
@ -4,8 +4,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/mysql/events.bif.h"
+#include "zeek/analyzer/protocol/mysql/events.bif.h"
-#include "analyzer/protocol/mysql/mysql_pac.h"
+#include "zeek/analyzer/protocol/mysql/mysql_pac.h"
 namespace zeek::analyzer::mysql {
--- a/src/analyzer/protocol/mysql/mysql.pac
+++ b/src/analyzer/protocol/mysql/mysql.pac
@ -8,7 +8,7 @@
 %include zeek.pac
 %extern{
-	#include "analyzer/protocol/mysql/events.bif.h"
+	#include "zeek/analyzer/protocol/mysql/events.bif.h"
 %}
 analyzer MySQL withcontext {
--- a/src/analyzer/protocol/ncp/NCP.cc
+++ b/src/analyzer/protocol/ncp/NCP.cc
@ -9,8 +9,8 @@
 #include "zeek/Sessions.h"
-#include "analyzer/protocol/ncp/events.bif.h"
+#include "zeek/analyzer/protocol/ncp/events.bif.h"
-#include "analyzer/protocol/ncp/consts.bif.h"
+#include "zeek/analyzer/protocol/ncp/consts.bif.h"
 using namespace std;
--- a/src/analyzer/protocol/ncp/ncp.pac
+++ b/src/analyzer/protocol/ncp/ncp.pac
@ -3,7 +3,7 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/ncp/events.bif.h"
+#include "zeek/analyzer/protocol/ncp/events.bif.h"
 %}
 analyzer NCP withcontext {};
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -11,7 +11,7 @@
 #include "zeek/Event.h"
 #include "zeek/RunState.h"
-#include "analyzer/protocol/netbios/events.bif.h"
+#include "zeek/analyzer/protocol/netbios/events.bif.h"
 constexpr double netbios_ssn_session_timeout = 15.0;
--- a/src/analyzer/protocol/ntlm/NTLM.cc
+++ b/src/analyzer/protocol/ntlm/NTLM.cc
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/ntlm/events.bif.h"
+#include "zeek/analyzer/protocol/ntlm/events.bif.h"
 namespace zeek::analyzer::ntlm {
--- a/src/analyzer/protocol/ntlm/NTLM.h
+++ b/src/analyzer/protocol/ntlm/NTLM.h
@ -4,8 +4,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/ntlm/events.bif.h"
+#include "zeek/analyzer/protocol/ntlm/events.bif.h"
-#include "analyzer/protocol/ntlm/ntlm_pac.h"
+#include "zeek/analyzer/protocol/ntlm/ntlm_pac.h"
 namespace zeek::analyzer::ntlm {
--- a/src/analyzer/protocol/ntlm/ntlm.pac
+++ b/src/analyzer/protocol/ntlm/ntlm.pac
@ -5,8 +5,8 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/Analyzer.h"
-#include "analyzer/protocol/ntlm/types.bif.h"
+#include "zeek/analyzer/protocol/ntlm/types.bif.h"
-#include "analyzer/protocol/ntlm/events.bif.h"
+#include "zeek/analyzer/protocol/ntlm/events.bif.h"
 %}
 analyzer NTLM withcontext {
--- a/src/analyzer/protocol/ntp/NTP.cc
+++ b/src/analyzer/protocol/ntp/NTP.cc
@ -2,7 +2,7 @@
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/ntp/events.bif.h"
+#include "zeek/analyzer/protocol/ntp/events.bif.h"
 namespace zeek::analyzer::ntp {
--- a/src/analyzer/protocol/ntp/NTP.h
+++ b/src/analyzer/protocol/ntp/NTP.h
@ -2,9 +2,9 @@
 #include "zeek/analyzer/protocol/udp/UDP.h"
-#include "analyzer/protocol/ntp/events.bif.h"
+#include "zeek/analyzer/protocol/ntp/events.bif.h"
-#include "analyzer/protocol/ntp/types.bif.h"
+#include "zeek/analyzer/protocol/ntp/types.bif.h"
-#include "analyzer/protocol/ntp/ntp_pac.h"
+#include "zeek/analyzer/protocol/ntp/ntp_pac.h"
 namespace zeek::analyzer::ntp {
--- a/src/analyzer/protocol/ntp/ntp.pac
+++ b/src/analyzer/protocol/ntp/ntp.pac
@ -3,8 +3,8 @@
 %include zeek.pac
 %extern{
-	#include "analyzer/protocol/ntp/types.bif.h"
+	#include "zeek/analyzer/protocol/ntp/types.bif.h"
-	#include "analyzer/protocol/ntp/events.bif.h"
+	#include "zeek/analyzer/protocol/ntp/events.bif.h"
 %}
 analyzer NTP withcontext {
--- a/src/analyzer/protocol/pop3/POP3.cc
+++ b/src/analyzer/protocol/pop3/POP3.cc
@ -12,7 +12,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"
-#include "analyzer/protocol/pop3/events.bif.h"
+#include "zeek/analyzer/protocol/pop3/events.bif.h"
 namespace zeek::analyzer::pop3 {
--- a/src/analyzer/protocol/radius/RADIUS.cc
+++ b/src/analyzer/protocol/radius/RADIUS.cc
@ -2,7 +2,7 @@
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/radius/events.bif.h"
+#include "zeek/analyzer/protocol/radius/events.bif.h"
 namespace zeek::analyzer::radius {
--- a/src/analyzer/protocol/radius/RADIUS.h
+++ b/src/analyzer/protocol/radius/RADIUS.h
@ -2,8 +2,8 @@
 #include "zeek/analyzer/protocol/udp/UDP.h"
-#include "analyzer/protocol/radius/events.bif.h"
+#include "zeek/analyzer/protocol/radius/events.bif.h"
-#include "analyzer/protocol/radius/radius_pac.h"
+#include "zeek/analyzer/protocol/radius/radius_pac.h"
 namespace zeek::analyzer::radius {
--- a/src/analyzer/protocol/radius/radius.pac
+++ b/src/analyzer/protocol/radius/radius.pac
@ -6,7 +6,7 @@
 %include zeek.pac
 %extern{
-	#include "analyzer/protocol/radius/events.bif.h"
+	#include "zeek/analyzer/protocol/radius/events.bif.h"
 %}
 analyzer RADIUS withcontext {
--- a/src/analyzer/protocol/rdp/RDP.cc
+++ b/src/analyzer/protocol/rdp/RDP.cc
@ -2,8 +2,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/rdp/events.bif.h"
+#include "zeek/analyzer/protocol/rdp/events.bif.h"
-#include "analyzer/protocol/rdp/types.bif.h"
+#include "zeek/analyzer/protocol/rdp/types.bif.h"
 namespace zeek::analyzer::rdp {
--- a/src/analyzer/protocol/rdp/RDP.h
+++ b/src/analyzer/protocol/rdp/RDP.h
@ -3,8 +3,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"
-#include "analyzer/protocol/rdp/events.bif.h"
+#include "zeek/analyzer/protocol/rdp/events.bif.h"
-#include "analyzer/protocol/rdp/rdp_pac.h"
+#include "zeek/analyzer/protocol/rdp/rdp_pac.h"
 namespace zeek::analyzer::rdp {
--- a/src/analyzer/protocol/rdp/RDPEUDP.cc
+++ b/src/analyzer/protocol/rdp/RDPEUDP.cc
@ -2,8 +2,8 @@
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/rdp/events.bif.h"
+#include "zeek/analyzer/protocol/rdp/events.bif.h"
-#include "analyzer/protocol/rdp/rdpeudp_pac.h"
+#include "zeek/analyzer/protocol/rdp/rdpeudp_pac.h"
 namespace zeek::analyzer::rdpeudp {
--- a/src/analyzer/protocol/rdp/RDPEUDP.h
+++ b/src/analyzer/protocol/rdp/RDPEUDP.h
@ -2,8 +2,8 @@
 #include "zeek/analyzer/protocol/udp/UDP.h"
-#include "analyzer/protocol/rdp/events.bif.h"
+#include "zeek/analyzer/protocol/rdp/events.bif.h"
-#include "analyzer/protocol/rdp/rdpeudp_pac.h"
+#include "zeek/analyzer/protocol/rdp/rdpeudp_pac.h"
 namespace zeek::analyzer::rdpeudp {
--- a/src/analyzer/protocol/rdp/rdp-analyzer.pac
+++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac
@ -2,7 +2,7 @@
 #include "zeek/Desc.h"
 #include "zeek/file_analysis/Manager.h"
-#include "analyzer/protocol/rdp/types.bif.h"
+#include "zeek/analyzer/protocol/rdp/types.bif.h"
 %}
 refine flow RDP_Flow += {
--- a/src/analyzer/protocol/rdp/rdp.pac
+++ b/src/analyzer/protocol/rdp/rdp.pac
@ -2,7 +2,7 @@
 %include zeek.pac
 %extern{
-	#include "analyzer/protocol/rdp/events.bif.h"
+	#include "zeek/analyzer/protocol/rdp/events.bif.h"
 %}
 analyzer RDP withcontext {
--- a/src/analyzer/protocol/rdp/rdpeudp.pac
+++ b/src/analyzer/protocol/rdp/rdpeudp.pac
@ -2,7 +2,7 @@
 %include zeek.pac
 %extern{
-	#include "analyzer/protocol/rdp/events.bif.h"
+	#include "zeek/analyzer/protocol/rdp/events.bif.h"
 %}
 analyzer RDPEUDP withcontext {
--- a/src/analyzer/protocol/rfb/RFB.cc
+++ b/src/analyzer/protocol/rfb/RFB.cc
@ -3,7 +3,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/rfb/events.bif.h"
+#include "zeek/analyzer/protocol/rfb/events.bif.h"
 namespace zeek::analyzer::rfb {
--- a/src/analyzer/protocol/rfb/RFB.h
+++ b/src/analyzer/protocol/rfb/RFB.h
@ -2,8 +2,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/rfb/events.bif.h"
+#include "zeek/analyzer/protocol/rfb/events.bif.h"
-#include "analyzer/protocol/rfb/rfb_pac.h"
+#include "zeek/analyzer/protocol/rfb/rfb_pac.h"
 namespace zeek::analyzer::rfb {
--- a/src/analyzer/protocol/rfb/rfb.pac
+++ b/src/analyzer/protocol/rfb/rfb.pac
@ -6,7 +6,7 @@
 %include zeek.pac
 %extern{
-	#include "analyzer/protocol/rfb/events.bif.h"
+	#include "zeek/analyzer/protocol/rfb/events.bif.h"
 %}
 analyzer RFB withcontext {
--- a/src/analyzer/protocol/rpc/MOUNT.cc
+++ b/src/analyzer/protocol/rpc/MOUNT.cc
@ -11,7 +11,7 @@
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/Event.h"
-#include "analyzer/protocol/rpc/events.bif.h"
+#include "zeek/analyzer/protocol/rpc/events.bif.h"
 namespace zeek::analyzer::rpc {
 namespace detail {
--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -11,7 +11,7 @@
 #include "zeek/analyzer/protocol/rpc/XDR.h"
 #include "zeek/Event.h"
-#include "analyzer/protocol/rpc/events.bif.h"
+#include "zeek/analyzer/protocol/rpc/events.bif.h"
 namespace zeek::analyzer::rpc {
 namespace detail {
--- a/src/analyzer/protocol/rpc/Portmap.cc
+++ b/src/analyzer/protocol/rpc/Portmap.cc
@ -7,7 +7,7 @@
 #include "zeek/Event.h"
 #include "zeek/analyzer/protocol/rpc/XDR.h"
-#include "analyzer/protocol/rpc/events.bif.h"
+#include "zeek/analyzer/protocol/rpc/events.bif.h"
 #define PMAPPROC_NULL 0
 #define PMAPPROC_SET 1
--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -12,7 +12,7 @@
 #include "zeek/Sessions.h"
 #include "zeek/RunState.h"
-#include "analyzer/protocol/rpc/events.bif.h"
+#include "zeek/analyzer/protocol/rpc/events.bif.h"
 namespace { // local namespace
 	const bool DEBUG_rpc_resync = false;
--- a/src/analyzer/protocol/rpc/XDR.cc
+++ b/src/analyzer/protocol/rpc/XDR.cc
@ -6,7 +6,7 @@
 #include <string.h>
 #include <algorithm>
-#include "analyzer/protocol/rpc/events.bif.h"
+#include "zeek/analyzer/protocol/rpc/events.bif.h"
 uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len)
 	{
--- a/src/analyzer/protocol/sip/SIP.cc
+++ b/src/analyzer/protocol/sip/SIP.cc
@ -1,6 +1,6 @@
 #include "zeek/analyzer/protocol/sip/SIP.h"
-#include "analyzer/protocol/sip/events.bif.h"
+#include "zeek/analyzer/protocol/sip/events.bif.h"
 namespace zeek::analyzer::sip {
--- a/src/analyzer/protocol/sip/SIP.h
+++ b/src/analyzer/protocol/sip/SIP.h
@ -2,8 +2,8 @@
 #include "zeek/analyzer/protocol/udp/UDP.h"
-#include "analyzer/protocol/sip/events.bif.h"
+#include "zeek/analyzer/protocol/sip/events.bif.h"
-#include "analyzer/protocol/sip/sip_pac.h"
+#include "zeek/analyzer/protocol/sip/sip_pac.h"
 namespace zeek::analyzer::sip{
--- a/src/analyzer/protocol/sip/SIP_TCP.cc
+++ b/src/analyzer/protocol/sip/SIP_TCP.cc
@ -6,7 +6,7 @@
 #include "zeek/analyzer/protocol/sip/SIP_TCP.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/protocol/sip/events.bif.h"
+#include "zeek/analyzer/protocol/sip/events.bif.h"
 namespace zeek::analyzer::sip_tcp {
--- a/src/analyzer/protocol/sip/sip.pac
+++ b/src/analyzer/protocol/sip/sip.pac
@ -5,7 +5,7 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/sip/events.bif.h"
+#include "zeek/analyzer/protocol/sip/events.bif.h"
 %}
 analyzer SIP withcontext {
--- a/src/analyzer/protocol/sip/sip_TCP.pac
+++ b/src/analyzer/protocol/sip/sip_TCP.pac
@ -8,7 +8,7 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/sip/events.bif.h"
+#include "zeek/analyzer/protocol/sip/events.bif.h"
 %}
 analyzer SIP_TCP withcontext {
--- a/src/analyzer/protocol/smb/smb.pac
+++ b/src/analyzer/protocol/smb/smb.pac
@ -5,42 +5,42 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/Analyzer.h"
-#include "analyzer/protocol/smb/smb1_events.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_events.bif.h"
-#include "analyzer/protocol/smb/smb2_events.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_events.bif.h"
-#include "analyzer/protocol/smb/types.bif.h"
+#include "zeek/analyzer/protocol/smb/types.bif.h"
-#include "analyzer/protocol/smb/events.bif.h"
+#include "zeek/analyzer/protocol/smb/events.bif.h"
-#include "analyzer/protocol/smb/consts.bif.h"
+#include "zeek/analyzer/protocol/smb/consts.bif.h"
-#include "analyzer/protocol/smb/smb1_com_check_directory.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_check_directory.bif.h"
-#include "analyzer/protocol/smb/smb1_com_close.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_close.bif.h"
-#include "analyzer/protocol/smb/smb1_com_create_directory.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_create_directory.bif.h"
-#include "analyzer/protocol/smb/smb1_com_echo.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_echo.bif.h"
-#include "analyzer/protocol/smb/smb1_com_logoff_andx.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_logoff_andx.bif.h"
-#include "analyzer/protocol/smb/smb1_com_negotiate.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_negotiate.bif.h"
-#include "analyzer/protocol/smb/smb1_com_nt_cancel.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_nt_cancel.bif.h"
-#include "analyzer/protocol/smb/smb1_com_nt_create_andx.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_nt_create_andx.bif.h"
-#include "analyzer/protocol/smb/smb1_com_query_information.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_query_information.bif.h"
-#include "analyzer/protocol/smb/smb1_com_read_andx.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_read_andx.bif.h"
-#include "analyzer/protocol/smb/smb1_com_session_setup_andx.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_session_setup_andx.bif.h"
-#include "analyzer/protocol/smb/smb1_com_transaction.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_transaction.bif.h"
-#include "analyzer/protocol/smb/smb1_com_transaction_secondary.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_transaction_secondary.bif.h"
-#include "analyzer/protocol/smb/smb1_com_transaction2.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_transaction2.bif.h"
-#include "analyzer/protocol/smb/smb1_com_transaction2_secondary.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_transaction2_secondary.bif.h"
-#include "analyzer/protocol/smb/smb1_com_tree_connect_andx.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif.h"
-#include "analyzer/protocol/smb/smb1_com_tree_disconnect.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_tree_disconnect.bif.h"
-#include "analyzer/protocol/smb/smb1_com_write_andx.bif.h"
+#include "zeek/analyzer/protocol/smb/smb1_com_write_andx.bif.h"
-#include "analyzer/protocol/smb/smb2_com_close.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_close.bif.h"
-#include "analyzer/protocol/smb/smb2_com_create.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_create.bif.h"
-#include "analyzer/protocol/smb/smb2_com_negotiate.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_negotiate.bif.h"
-#include "analyzer/protocol/smb/smb2_com_read.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_read.bif.h"
-#include "analyzer/protocol/smb/smb2_com_session_setup.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_session_setup.bif.h"
-#include "analyzer/protocol/smb/smb2_com_set_info.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_set_info.bif.h"
-#include "analyzer/protocol/smb/smb2_com_tree_connect.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_tree_connect.bif.h"
-#include "analyzer/protocol/smb/smb2_com_tree_disconnect.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_tree_disconnect.bif.h"
-#include "analyzer/protocol/smb/smb2_com_write.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_write.bif.h"
-#include "analyzer/protocol/smb/smb2_com_transform_header.bif.h"
+#include "zeek/analyzer/protocol/smb/smb2_com_transform_header.bif.h"
 %}
 analyzer SMB withcontext {
--- a/src/analyzer/protocol/smtp/SMTP.cc
+++ b/src/analyzer/protocol/smtp/SMTP.cc
@ -10,7 +10,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"
-#include "analyzer/protocol/smtp/events.bif.h"
+#include "zeek/analyzer/protocol/smtp/events.bif.h"
 #undef SMTP_CMD_DEF
 #define SMTP_CMD_DEF(cmd)	#cmd,
--- a/src/analyzer/protocol/snmp/SNMP.cc
+++ b/src/analyzer/protocol/snmp/SNMP.cc
@ -4,8 +4,8 @@
 #include "zeek/Func.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/snmp/types.bif.h"
+#include "zeek/analyzer/protocol/snmp/types.bif.h"
-#include "analyzer/protocol/snmp/events.bif.h"
+#include "zeek/analyzer/protocol/snmp/events.bif.h"
 namespace zeek::analyzer::snmp {
--- a/src/analyzer/protocol/snmp/snmp.pac
+++ b/src/analyzer/protocol/snmp/snmp.pac
@ -3,8 +3,8 @@
 %extern{
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/snmp/types.bif.h"
+#include "zeek/analyzer/protocol/snmp/types.bif.h"
-#include "analyzer/protocol/snmp/events.bif.h"
+#include "zeek/analyzer/protocol/snmp/events.bif.h"
 %}
 analyzer SNMP withcontext {
--- a/src/analyzer/protocol/socks/SOCKS.cc
+++ b/src/analyzer/protocol/socks/SOCKS.cc
@ -2,8 +2,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/protocol/socks/socks_pac.h"
+#include "zeek/analyzer/protocol/socks/socks_pac.h"
-#include "analyzer/protocol/socks/events.bif.h"
+#include "zeek/analyzer/protocol/socks/events.bif.h"
 namespace zeek::analyzer::socks {
--- a/src/analyzer/protocol/socks/socks.pac
+++ b/src/analyzer/protocol/socks/socks.pac
@ -5,7 +5,7 @@
 #include "zeek/analyzer/protocol/socks/SOCKS.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/socks/events.bif.h"
+#include "zeek/analyzer/protocol/socks/events.bif.h"
 %}
 analyzer SOCKS withcontext {
--- a/src/analyzer/protocol/ssh/SSH.cc
+++ b/src/analyzer/protocol/ssh/SSH.cc
@ -5,8 +5,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 #include "zeek/Reporter.h"
-#include "analyzer/protocol/ssh/types.bif.h"
+#include "zeek/analyzer/protocol/ssh/types.bif.h"
-#include "analyzer/protocol/ssh/events.bif.h"
+#include "zeek/analyzer/protocol/ssh/events.bif.h"
 namespace zeek::analyzer::ssh {
--- a/src/analyzer/protocol/ssh/SSH.h
+++ b/src/analyzer/protocol/ssh/SSH.h
@ -4,8 +4,8 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/ssh/events.bif.h"
+#include "zeek/analyzer/protocol/ssh/events.bif.h"
-#include "analyzer/protocol/ssh/ssh_pac.h"
+#include "zeek/analyzer/protocol/ssh/ssh_pac.h"
 namespace zeek::analyzer::ssh {
--- a/src/analyzer/protocol/ssh/ssh.pac
+++ b/src/analyzer/protocol/ssh/ssh.pac
@ -8,8 +8,8 @@
 %include zeek.pac
 %extern{
-	#include "analyzer/protocol/ssh/types.bif.h"
+	#include "zeek/analyzer/protocol/ssh/types.bif.h"
-	#include "analyzer/protocol/ssh/events.bif.h"
+	#include "zeek/analyzer/protocol/ssh/events.bif.h"
 %}
 analyzer SSH withcontext {
--- a/src/analyzer/protocol/ssl/DTLS.cc
+++ b/src/analyzer/protocol/ssl/DTLS.cc
@ -2,9 +2,9 @@
 #include "zeek/Reporter.h"
 #include "zeek/util.h"
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
-#include "analyzer/protocol/ssl/dtls_pac.h"
+#include "zeek/analyzer/protocol/ssl/dtls_pac.h"
-#include "analyzer/protocol/ssl/tls-handshake_pac.h"
+#include "zeek/analyzer/protocol/ssl/tls-handshake_pac.h"
 namespace zeek::analyzer::dtls {
--- a/src/analyzer/protocol/ssl/DTLS.h
+++ b/src/analyzer/protocol/ssl/DTLS.h
@ -2,7 +2,7 @@
 #include "zeek/analyzer/protocol/udp/UDP.h"
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
 namespace binpac { namespace DTLS { class SSL_Conn; } }
 namespace binpac { namespace TLSHandshake { class Handshake_Conn; } }
--- a/src/analyzer/protocol/ssl/SSL.cc
+++ b/src/analyzer/protocol/ssl/SSL.cc
@ -4,9 +4,9 @@
 #include "zeek/Reporter.h"
 #include "zeek/util.h"
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
-#include "analyzer/protocol/ssl/ssl_pac.h"
+#include "zeek/analyzer/protocol/ssl/ssl_pac.h"
-#include "analyzer/protocol/ssl/tls-handshake_pac.h"
+#include "zeek/analyzer/protocol/ssl/tls-handshake_pac.h"
 namespace zeek::analyzer::ssl {
--- a/src/analyzer/protocol/ssl/SSL.h
+++ b/src/analyzer/protocol/ssl/SSL.h
@ -2,7 +2,7 @@
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
 namespace binpac { namespace SSL { class SSL_Conn; } }
--- a/src/analyzer/protocol/ssl/dtls.pac
+++ b/src/analyzer/protocol/ssl/dtls.pac
@ -10,8 +10,8 @@ using DTLSAnalyzer = zeek::analyzer::dtls::DTLS_Analyzer*;
 #include "zeek/analyzer/protocol/ssl/DTLS.h"
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
-#include "analyzer/protocol/ssl/consts.bif.h"
+#include "zeek/analyzer/protocol/ssl/consts.bif.h"
 %}
 extern type DTLSAnalyzer;
--- a/src/analyzer/protocol/ssl/ssl-defs.pac
+++ b/src/analyzer/protocol/ssl/ssl-defs.pac
@ -87,7 +87,7 @@ function version_ok(vers : uint16) : bool
 %extern{
 #include <string>
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
 using std::string;
 %}
--- a/src/analyzer/protocol/ssl/ssl.pac
+++ b/src/analyzer/protocol/ssl/ssl.pac
@ -16,7 +16,7 @@ using SSLAnalyzer = zeek::analyzer::ssl::SSL_Analyzer*;
 #include "zeek/Desc.h"
 #include "zeek/analyzer/protocol/ssl/SSL.h"
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
 %}
 extern type SSLAnalyzer;
--- a/src/analyzer/protocol/ssl/tls-handshake.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake.pac
@ -6,8 +6,8 @@
 %extern{
 #include "zeek/Desc.h"
-#include "analyzer/protocol/ssl/types.bif.h"
+#include "zeek/analyzer/protocol/ssl/types.bif.h"
-#include "analyzer/protocol/ssl/events.bif.h"
+#include "zeek/analyzer/protocol/ssl/events.bif.h"
 %}
 analyzer TLSHandshake withcontext {
--- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc
+++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc
@ -12,7 +12,7 @@
 #include "zeek/Sessions.h"
 #include "zeek/util.h"
-#include "analyzer/protocol/stepping-stone/events.bif.h"
+#include "zeek/analyzer/protocol/stepping-stone/events.bif.h"
 namespace zeek::analyzer::stepping_stone {
--- a/src/analyzer/protocol/syslog/Syslog.cc
+++ b/src/analyzer/protocol/syslog/Syslog.cc
@ -1,7 +1,7 @@
 #include "zeek/analyzer/protocol/syslog/Syslog.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
-#include "analyzer/protocol/syslog/events.bif.h"
+#include "zeek/analyzer/protocol/syslog/events.bif.h"
 namespace zeek::analyzer::syslog {
--- a/src/analyzer/protocol/syslog/syslog.pac
+++ b/src/analyzer/protocol/syslog/syslog.pac
@ -3,7 +3,7 @@
 %include zeek.pac
 %extern{
-#include "analyzer/protocol/syslog/events.bif.h"
+#include "zeek/analyzer/protocol/syslog/events.bif.h"
 %}
 analyzer Syslog withcontext {
--- a/Show more
+++ b/Show more