Move a few low-use classes to namespaces

auxil/bifcl

@@ -1 +1 @@
-Subproject commit dd076490debfa2071861eaa24715432f14b9d801
+Subproject commit 5bf9f9b478d8927333753c77ced5af1a91b719df

src/Base64.cc

@@ -6,6 +6,8 @@
 
 #include <math.h>
 
+namespace zeek::detail {
+
 int Base64Converter::default_base64_table[256];
 const std::string Base64Converter::default_alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
@@ -278,3 +280,15 @@ zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connec
 
 	return new zeek::String(true, (u_char*)outbuf, outlen);
 	}
+
+} // namespace zeek::detail
+
+zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, Connection* conn)
+	{
+	return zeek::detail::decode_base64(s, a, conn);
+	}
+
+zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connection* conn)
+	{
+	return zeek::detail::encode_base64(s ,a ,conn);
+	}

src/Base64.h

@@ -8,6 +8,8 @@ using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = ze
 
 class Connection;
 
+namespace zeek::detail {
+
 // Maybe we should have a base class for generic decoders?
 class Base64Converter {
 public:
@@ -62,3 +64,13 @@ protected:
 
 zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);
 zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);
+
+} // namespace zeek::detail
+
+using Base64Converter [[deprecated("Remove in v4.1. Use zeek::detail::Base64Converter.")]] = zeek::detail::Base64Converter;
+
+// These can't be constexpr auto definitions due to the default parameters.
+[[deprecated("Remove in v4.1. Use zeek::detail::decode_base64.")]]
+zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);
+[[deprecated("Remove in v4.1. Use zeek::detail::encode_base64.")]]
+zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr);

src/BifReturnVal.cc

@@ -3,9 +3,13 @@
 #include "BifReturnVal.h"
 #include "Val.h"
 
+namespace zeek::detail {
+
 BifReturnVal::BifReturnVal(std::nullptr_t) noexcept
 	{}
 
 BifReturnVal::BifReturnVal(zeek::Val* v) noexcept
 	: rval(zeek::AdoptRef{}, v)
 	{}
+
+} // namespace zeek::detail

src/BifReturnVal.h

@@ -10,6 +10,8 @@ namespace zeek {
 using ValPtr = zeek::IntrusivePtr<zeek::Val>;
 }
 
+namespace zeek::detail {
+
 /**
  * A simple wrapper class to use for the return value of BIFs so that
  * they may return either a Val* or IntrusivePtr<Val> (the former could
@@ -30,3 +32,7 @@ public:
 
 	zeek::ValPtr rval;
 };
+
+} // namespace zeek::detail
+
+using BifReturnVal [[deprecated("Remove in v4.1. Use zeek::detail::BifReturnVal.")]] = zeek::detail::BifReturnVal;

src/Conn.cc

@@ -57,9 +57,9 @@ void ConnectionTimer::Dispatch(double t, bool is_expire)
 uint64_t Connection::total_connections = 0;
 uint64_t Connection::current_connections = 0;
 
-Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
+Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t,
-                       uint32_t flow, const zeek::Packet* pkt,
+                       const ConnID* id, uint32_t flow, const zeek::Packet* pkt,
-                       const EncapsulationStack* arg_encap)
+                       const zeek::EncapsulationStack* arg_encap)
 	{
 	sessions = s;
 	key = k;
@@ -117,7 +117,7 @@ Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double
 	++total_connections;
 
 	if ( arg_encap )
-		encapsulation = new EncapsulationStack(*arg_encap);
+		encapsulation = new zeek::EncapsulationStack(*arg_encap);
 	else
 		encapsulation = nullptr;
 	}
@@ -138,7 +138,7 @@ Connection::~Connection()
 	--current_connections;
 	}
 
-void Connection::CheckEncapsulation(const EncapsulationStack* arg_encap)
+void Connection::CheckEncapsulation(const zeek::EncapsulationStack* arg_encap)
 	{
 	if ( encapsulation && arg_encap )
 		{
@@ -149,7 +149,7 @@ void Connection::CheckEncapsulation(const EncapsulationStack* arg_encap)
 				             arg_encap->ToVal());
 
 			delete encapsulation;
-			encapsulation = new EncapsulationStack(*arg_encap);
+			encapsulation = new zeek::EncapsulationStack(*arg_encap);
 			}
 		}
 
@@ -157,7 +157,7 @@ void Connection::CheckEncapsulation(const EncapsulationStack* arg_encap)
 		{
 		if ( tunnel_changed )
 			{
-			EncapsulationStack empty;
+			zeek::EncapsulationStack empty;
 			EnqueueEvent(tunnel_changed, nullptr, ConnVal(), empty.ToVal());
 			}
 
@@ -170,7 +170,7 @@ void Connection::CheckEncapsulation(const EncapsulationStack* arg_encap)
 		if ( tunnel_changed )
 			EnqueueEvent(tunnel_changed, nullptr, ConnVal(), arg_encap->ToVal());
 
-		encapsulation = new EncapsulationStack(*arg_encap);
+		encapsulation = new zeek::EncapsulationStack(*arg_encap);
 		}
 	}
 
@@ -726,5 +726,5 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
 bool Connection::PermitWeird(const char* name, uint64_t threshold, uint64_t rate,
                              double duration)
 	{
-	return ::PermitWeird(weird_state, name, threshold, rate, duration);
+	return zeek::detail::PermitWeird(weird_state, name, threshold, rate, duration);
 	}

src/Conn.h

@@ -25,7 +25,7 @@ class Connection;
 class ConnectionTimer;
 class NetSessions;
 class LoginConn;
-class EncapsulationStack;
+ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek);
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(Specific_RE_Matcher, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(RuleEndpointState, zeek::detail);
@@ -66,7 +66,7 @@ static inline int addr_port_canon_lt(const zeek::IPAddr& addr1, uint32_t p1,
 class Connection final : public zeek::Obj {
 public:
 	Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
-	           uint32_t flow, const zeek::Packet* pkt, const EncapsulationStack* arg_encap);
+	           uint32_t flow, const zeek::Packet* pkt, const zeek::EncapsulationStack* arg_encap);
 	~Connection() override;
 
 	// Invoked when an encapsulation is discovered. It records the
@@ -74,7 +74,7 @@ public:
 	// event if it's different from the previous encapsulation (or the
 	// first encountered). encap can be null to indicate no
 	// encapsulation.
-	void CheckEncapsulation(const EncapsulationStack* encap);
+	void CheckEncapsulation(const zeek::EncapsulationStack* encap);
 
 	// Invoked when connection is about to be removed.  Use Ref(this)
 	// inside Done to keep the connection object around (though it'll
@@ -311,11 +311,11 @@ public:
 	// Sets the transport protocol in use.
 	void SetTransport(TransportProto arg_proto)	{ proto = arg_proto; }
 
-	void SetUID(const Bro::UID &arg_uid)	 { uid = arg_uid; }
+	void SetUID(const zeek::UID &arg_uid)	 { uid = arg_uid; }
 
-	Bro::UID GetUID() const { return uid; }
+	zeek::UID GetUID() const { return uid; }
 
-	const EncapsulationStack* GetEncapsulation() const
+	const zeek::EncapsulationStack* GetEncapsulation() const
 		{ return encapsulation; }
 
 	void CheckFlowLabel(bool is_orig, uint32_t flow_label);
@@ -361,7 +361,7 @@ protected:
 	double inactivity_timeout;
 	zeek::RecordValPtr conn_val;
 	LoginConn* login_conn;	// either nil, or this
-	const EncapsulationStack* encapsulation; // tunnels
+	const zeek::EncapsulationStack* encapsulation; // tunnels
 	int suppress_event;	// suppress certain events to once per conn.
 
 	unsigned int installed_status_timer:1;
@@ -385,8 +385,8 @@ protected:
 	zeek::analyzer::TransportLayerAnalyzer* root_analyzer;
 	analyzer::pia::PIA* primary_PIA;
 
-	Bro::UID uid;	// Globally unique connection ID.
+	zeek::UID uid;	// Globally unique connection ID.
-	WeirdStateMap weird_state;
+	zeek::detail::WeirdStateMap weird_state;
 };
 
 class ConnectionTimer final : public zeek::detail::Timer {

src/Discard.cc

@@ -14,6 +14,8 @@
 #include "IP.h"
 #include "Reporter.h" // for InterpreterException
 
+namespace zeek::detail {
+
 Discarder::Discarder()
 	{
 	check_ip = zeek::id::find_func("discarder_check_ip");
@@ -165,3 +167,5 @@ zeek::Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int cap
 
 	return new zeek::StringVal(new zeek::String(data, len, true));
 	}
+
+} // namespace zeek::detail

src/Discard.h

@@ -12,7 +12,8 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
 
 namespace zeek {
 using FuncPtr = zeek::IntrusivePtr<Func>;
-}
+
+namespace detail {
 
 class Discarder {
 public:
@@ -34,3 +35,6 @@ protected:
 	// Maximum amount of application data passed to filtering functions.
 	int discarder_maxlen;
 };
+
+} // namespace detail
+} // namespace zeek

src/Func.cc

@@ -193,13 +193,13 @@ void Func::DescribeDebug(ODesc* d, const zeek::Args* args) const
 		}
 	}
 
-TraversalCode Func::Traverse(TraversalCallback* cb) const
+detail::TraversalCode Func::Traverse(detail::TraversalCallback* cb) const
 	{
 	// FIXME: Make a fake scope for builtins?
 	zeek::detail::Scope* old_scope = cb->current_scope;
 	cb->current_scope = scope.get();
 
-	TraversalCode tc = cb->PreFunction(this);
+	detail::TraversalCode tc = cb->PreFunction(this);
 	HANDLE_TC_STMT_PRE(tc);
 
 	// FIXME: Traverse arguments to builtin functions, too.

src/Func.h

@@ -120,7 +120,7 @@ public:
 
 	virtual FuncPtr DoClone();
 
-	virtual TraversalCode Traverse(TraversalCallback* cb) const;
+	virtual detail::TraversalCode Traverse(detail::TraversalCallback* cb) const;
 
 	uint32_t GetUniqueFuncID() const { return unique_id; }
 	static const FuncPtr& GetFuncPtrByID(uint32_t id)

src/Hash.h

@@ -27,13 +27,13 @@
 #include "ZeekArgs.h"
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail);
+ZEEK_FORWARD_DECLARE_NAMESPACED(BifReturnVal, zeek::detail);
 
 namespace zeek { class String; }
 using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = zeek::String;
 
-class BifReturnVal;
 namespace zeek::BifFunc {
-	extern BifReturnVal md5_hmac_bif(zeek::detail::Frame* frame, const zeek::Args*);
+	extern zeek::detail::BifReturnVal md5_hmac_bif(zeek::detail::Frame* frame, const zeek::Args*);
 }
 
 namespace zeek::detail {

src/IntSet.cc

@@ -7,6 +7,8 @@
 
 #include "IntSet.h"
 
+namespace zeek::detail {
+
 void IntSet::Expand(unsigned int i)
 	{
 	unsigned int newsize = i / 8 + 1;
@@ -19,3 +21,5 @@ void IntSet::Expand(unsigned int i)
 	size = newsize;
 	set = newset;
 	}
+
+} // namespace zeek::detail

src/IntSet.h

@@ -8,6 +8,8 @@
 
 #include <string.h>
 
+namespace zeek::detail {
+
 class IntSet {
 public:
 	// n is a hint for the value of the largest integer.
@@ -64,3 +66,7 @@ inline void IntSet::Clear()
 	{
 	memset(set, 0, size);
 	}
+
+} // namespace zeek::detail
+
+using IntSet [[deprecated("Remove in v4.1. Use zeek::detail::IntSet.")]] = zeek::detail::IntSet;

src/OpaqueVal.h

@@ -301,7 +301,7 @@ protected:
 
 	DECLARE_OPAQUE_VALUE(EntropyVal)
 private:
-	RandTest state;
+	zeek::detail::RandTest state;
 };
 
 class BloomFilterVal : public OpaqueVal {

src/PrefixTable.cc

@@ -2,6 +2,8 @@
 #include "Reporter.h"
 #include "Val.h"
 
+namespace zeek::detail {
+
 prefix_t* PrefixTable::MakePrefix(const zeek::IPAddr& addr, int width)
 	{
 	prefix_t* prefix = (prefix_t*) safe_malloc(sizeof(prefix_t));
@@ -202,3 +204,5 @@ void* PrefixTable::GetNext(iterator* i)
 
 	// Not reached.
 	}
+
+} // namespace zeek::detail

src/PrefixTable.h

@@ -11,6 +11,8 @@ extern "C" {
 ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(SubNetVal, zeek);
 
+namespace zeek::detail {
+
 class PrefixTable {
 private:
 	struct iterator {
@@ -61,3 +63,7 @@ private:
 	patricia_tree_t* tree;
 	data_fn_t delete_function;
 };
+
+} // namespace zeek::detail
+
+using PrefixTable [[deprecated("Remove in v4.1. Use zeek::detail::PrefixTable.")]] = zeek::detail::PrefixTable;

src/RandTest.cc

@@ -16,7 +16,8 @@
 
 #include <math.h>
 
-#define log2of10 3.32192809488736234787
+constexpr double log2of10 = 3.32192809488736234787;
+
 /*  RT_LOG2  --  Calculate log to the base 2  */
 static double rt_log2(double x)
 {
@@ -24,7 +25,9 @@ static double rt_log2(double x)
 }
 
 // RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0);
-#define RT_INCIRC 281474943156225.0
+constexpr double RT_INCIRC = 281474943156225.0;
+
+namespace zeek::detail {
 
 RandTest::RandTest()
 	{
@@ -142,3 +145,5 @@ void RandTest::end(double* r_ent, double* r_chisq,
 	*r_montepicalc = montepi;
 	*r_scc = scc;
 	}
+
+} // namespace zeek::detail

src/RandTest.h

@@ -10,6 +10,8 @@
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(EntropyVal, zeek);
 
+namespace zeek::detail {
+
 class RandTest {
 public:
 	RandTest();
@@ -29,3 +31,5 @@ private:
 	double cexp, montex, montey, montepi,
 	       sccu0, scclast, scct1, scct2, scct3;
 };
+
+} // namespace zeek::detail

src/RuleMatcher.h

@@ -27,8 +27,6 @@ extern FILE* rules_in;
 extern int rules_line_number;
 extern const char* current_rule_file;
 
-class IntSet;
-
 namespace zeek { class File; }
 using BroFile [[deprecated("Remove in v4.1. Use zeek::File.")]] = zeek::File;
 ZEEK_FORWARD_DECLARE_NAMESPACED(RE_Match_State, zeek::detail);
@@ -38,6 +36,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
+ZEEK_FORWARD_DECLARE_NAMESPACED(IntSet, zeek::detail);
 
 namespace analyzer {
 	namespace pia { class PIA; }

src/SerializationFormat.cc

@@ -7,6 +7,8 @@
 #include "net_util.h"
 #include "IPAddr.h"
 
+namespace zeek::detail {
+
 const float SerializationFormat::GROWTH_FACTOR = 2.5;
 
 SerializationFormat::SerializationFormat()
@@ -436,3 +438,5 @@ bool BinarySerializationFormat::Write(const char* buf, int len, const char* tag)
 	uint32_t l = htonl(len);
 	return WriteData(&l, sizeof(l)) && WriteData(buf, len);
 	}
+
+} // namespace zeek::detail

src/SerializationFormat.h

@@ -10,6 +10,11 @@
 ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek);
 
+struct in_addr;
+struct in6_addr;
+
+namespace zeek::detail {
+
 // Abstract base class.
 class SerializationFormat {
 public:
@@ -31,8 +36,8 @@ public:
 	virtual bool Read(std::string* s, const char* tag) = 0;
 	virtual bool Read(zeek::IPAddr* addr, const char* tag) = 0;
 	virtual bool Read(zeek::IPPrefix* prefix, const char* tag) = 0;
-	virtual bool Read(struct in_addr* addr, const char* tag) = 0;
+	virtual bool Read(in_addr* addr, const char* tag) = 0;
-	virtual bool Read(struct in6_addr* addr, const char* tag) = 0;
+	virtual bool Read(in6_addr* addr, const char* tag) = 0;
 
 	// Returns number of raw bytes read since last call to StartRead().
 	int BytesRead() const	{ return bytes_read; }
@@ -65,8 +70,8 @@ public:
 	virtual bool Write(const std::string& s, const char* tag) = 0;
 	virtual bool Write(const zeek::IPAddr& addr, const char* tag) = 0;
 	virtual bool Write(const zeek::IPPrefix& prefix, const char* tag) = 0;
-	virtual bool Write(const struct in_addr& addr, const char* tag) = 0;
+	virtual bool Write(const in_addr& addr, const char* tag) = 0;
-	virtual bool Write(const struct in6_addr& addr, const char* tag) = 0;
+	virtual bool Write(const in6_addr& addr, const char* tag) = 0;
 
 	virtual bool WriteOpenTag(const char* tag) = 0;
 	virtual bool WriteCloseTag(const char* tag) = 0;
@@ -110,8 +115,8 @@ public:
 	bool Read(std::string* s, const char* tag) override;
 	bool Read(zeek::IPAddr* addr, const char* tag) override;
 	bool Read(zeek::IPPrefix* prefix, const char* tag) override;
-	bool Read(struct in_addr* addr, const char* tag) override;
+	bool Read(in_addr* addr, const char* tag) override;
-	bool Read(struct in6_addr* addr, const char* tag) override;
+	bool Read(in6_addr* addr, const char* tag) override;
 	bool Write(int v, const char* tag) override;
 	bool Write(uint16_t v, const char* tag) override;
 	bool Write(uint32_t v, const char* tag) override;
@@ -125,9 +130,14 @@ public:
 	bool Write(const std::string& s, const char* tag) override;
 	bool Write(const zeek::IPAddr& addr, const char* tag) override;
 	bool Write(const zeek::IPPrefix& prefix, const char* tag) override;
-	bool Write(const struct in_addr& addr, const char* tag) override;
+	bool Write(const in_addr& addr, const char* tag) override;
-	bool Write(const struct in6_addr& addr, const char* tag) override;
+	bool Write(const in6_addr& addr, const char* tag) override;
 	bool WriteOpenTag(const char* tag) override;
 	bool WriteCloseTag(const char* tag) override;
 	bool WriteSeparator() override;
 };
+
+} // namespace zeek::detail
+
+using SerializationFormat [[deprecated("Remove in v4.1. Use zeek::detail::SerializationFormat.")]] = zeek::detail::SerializationFormat;
+using BinarySerializationFormat [[deprecated("Remove in v4.1. Use zeek::detail::BinarySerializationFormat.")]] = zeek::detail::BinarySerializationFormat;

src/Sessions.cc

@@ -70,7 +70,7 @@ NetSessions::NetSessions()
 	else
 		stp_manager = nullptr;
 
-	discarder = new Discarder();
+	discarder = new zeek::detail::Discarder();
 	if ( ! discarder->IsActive() )
 		{
 		delete discarder;

src/Sessions.h

@@ -12,15 +12,15 @@
 
 #include <sys/types.h> // for u_char
 
-class EncapsulationStack;
+ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek);
-class EncapsulatingConn;
+ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulatingConn, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
 class PacketProfiler;
 class Connection;
 class ConnCompressor;
 struct ConnID;
 
-class Discarder;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Discarder, zeek::detail);
 
 namespace analyzer { namespace stepping_stone { class SteppingStoneManager; } }
 namespace analyzer { namespace arp { class ARP_Analyzer; } }
@@ -78,9 +78,9 @@ public:
 	void GetStats(SessionStats& s) const;
 
 	void Weird(const char* name, const zeek::Packet* pkt,
-	           const EncapsulationStack* encap = nullptr, const char* addl = "");
+	           const zeek::EncapsulationStack* encap = nullptr, const char* addl = "");
 	void Weird(const char* name, const zeek::IP_Hdr* ip,
-	           const EncapsulationStack* encap = nullptr, const char* addl = "");
+	           const zeek::EncapsulationStack* encap = nullptr, const char* addl = "");
 
 	zeek::detail::PacketFilter* GetPacketFilter()
 		{
@@ -97,7 +97,7 @@ public:
 		}
 
 	void DoNextPacket(double t, const zeek::Packet *pkt, const zeek::IP_Hdr* ip_hdr,
-	                  const EncapsulationStack* encapsulation);
+	                  const zeek::EncapsulationStack* encapsulation);
 
 	/**
 	 * Wrapper that recurses on DoNextPacket for encapsulated IP packets.
@@ -114,8 +114,8 @@ public:
 	 * @param ec The most-recently found depth of encapsulation.
 	 */
 	void DoNextInnerPacket(double t, const zeek::Packet *pkt,
-	                       const zeek::IP_Hdr* inner, const EncapsulationStack* prev,
+	                       const zeek::IP_Hdr* inner, const zeek::EncapsulationStack* prev,
-	                       const EncapsulatingConn& ec);
+	                       const zeek::EncapsulatingConn& ec);
 
 	/**
 	 * Recurses on DoNextPacket for encapsulated Ethernet/IP packets.
@@ -135,8 +135,8 @@ public:
 	void DoNextInnerPacket(double t, const zeek::Packet* pkt,
                            uint32_t caplen, uint32_t len,
                            const u_char* data, int link_type,
-                           const EncapsulationStack* prev,
+                           const zeek::EncapsulationStack* prev,
-                           const EncapsulatingConn& ec);
+                           const zeek::EncapsulatingConn& ec);
 
 	/**
 	 * Returns a wrapper IP_Hdr object if \a pkt appears to be a valid IPv4
@@ -170,14 +170,14 @@ public:
 
 protected:
 	friend class ConnCompressor;
-	friend class IPTunnelTimer;
+	friend class detail::IPTunnelTimer;
 
 	using ConnectionMap = std::map<zeek::detail::ConnIDKey, Connection*>;
 	using FragmentMap = std::map<FragReassemblerKey, FragReassembler*>;
 
 	Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
 			const u_char* data, int proto, uint32_t flow_label,
-			const zeek::Packet* pkt, const EncapsulationStack* encapsulation);
+			const zeek::Packet* pkt, const zeek::EncapsulationStack* encapsulation);
 
 	Connection* LookupConn(const ConnectionMap& conns, const zeek::detail::ConnIDKey& key);
 
@@ -208,7 +208,7 @@ protected:
 	// from lower-level headers or the length actually captured is less
 	// than that protocol's minimum header size.
 	bool CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
-	                      const zeek::Packet *pkt, const EncapsulationStack* encap);
+	                      const zeek::Packet *pkt, const zeek::EncapsulationStack* encap);
 
 	// Inserts a new connection into the sessions map. If a connection with
 	// the same key already exists in the map, it will be overwritten by
@@ -225,14 +225,14 @@ protected:
 	SessionStats stats;
 
 	using IPPair = std::pair<zeek::IPAddr, zeek::IPAddr>;
-	using TunnelActivity = std::pair<EncapsulatingConn, double>;
+	using TunnelActivity = std::pair<zeek::EncapsulatingConn, double>;
 	using IPTunnelMap = std::map<IPPair, TunnelActivity>;
 	IPTunnelMap ip_tunnels;
 
 	analyzer::arp::ARP_Analyzer* arp_analyzer;
 
 	analyzer::stepping_stone::SteppingStoneManager* stp_manager;
-	Discarder* discarder;
+	zeek::detail::Discarder* discarder;
 	zeek::detail::PacketFilter* packet_filter;
 	uint64_t num_packets_processed;
 	PacketProfiler* pkt_profiler;

src/Traverse.cc

@@ -5,6 +5,8 @@
 #include "Stmt.h"
 #include "input.h"
 
+namespace zeek::detail {
+
 TraversalCode traverse_all(TraversalCallback* cb)
 	{
 	if ( ! zeek::detail::global_scope() )
@@ -22,3 +24,5 @@ TraversalCode traverse_all(TraversalCallback* cb)
 	tc = stmts->Traverse(cb);
 	HANDLE_TC_STMT_POST(tc);
 	}
+
+} // namespace zeek::detail

src/Traverse.h

@@ -10,6 +10,8 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
 ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail);
 
+namespace zeek::detail {
+
 class TraversalCallback {
 public:
 	TraversalCallback()	{ current_scope = nullptr; }
@@ -37,3 +39,8 @@ public:
 };
 
 TraversalCode traverse_all(TraversalCallback* cb);
+
+} // namespace zeek::detail
+
+using TraversalCallback [[deprecated("Remove in v4.1. Use zeek::detail::TraversalCallback.")]] = zeek::detail::TraversalCallback;
+constexpr auto traverse_all [[deprecated("Remove in v4.1. Use zeek::detail::traverse_all.")]] = zeek::detail::traverse_all;

src/TraverseTypes.h

@@ -2,6 +2,12 @@
 
 #pragma once
 
+#include "zeek-config.h"
+
+ZEEK_FORWARD_DECLARE_NAMESPACED(TraversalCallback, zeek::detail);
+
+namespace zeek::detail {
+
 enum TraversalCode {
 	TC_CONTINUE = 0,
 	TC_ABORTALL = 1,
@@ -10,27 +16,32 @@ enum TraversalCode {
 
 #define HANDLE_TC_STMT_PRE(code) \
 	{ \
-	if ( (code) == TC_ABORTALL || (code) == TC_ABORTSTMT ) \
+	if ( (code) == zeek::detail::TC_ABORTALL || (code) == zeek::detail::TC_ABORTSTMT ) \
 		return (code); \
 	}
 
 #define HANDLE_TC_STMT_POST(code) \
 	{ \
-	if ( (code) == TC_ABORTALL ) \
+	if ( (code) == zeek::detail::TC_ABORTALL ) \
 		return (code); \
-	else if ( (code) == TC_ABORTSTMT ) \
+	else if ( (code) == zeek::detail::TC_ABORTSTMT ) \
-		return TC_CONTINUE; \
+		return zeek::detail::TC_CONTINUE; \
 	else \
 		return (code); \
 	}
 
 #define HANDLE_TC_EXPR_PRE(code) \
 	{ \
-	if ( (code) != TC_CONTINUE ) \
+	if ( (code) != zeek::detail::TC_CONTINUE ) \
 		return (code); \
 	}
 
 #define HANDLE_TC_EXPR_POST(code) \
 	return (code);
 
-class TraversalCallback;
+} // namespace zeek::detail
+
+using TraversalCode [[deprecated("Remove in v4.1. Use zeek::detail::TraversalCode.")]] = zeek::detail::TraversalCode;
+constexpr auto TC_CONTINUE [[deprecated("Remove in v4.1. Use zeek::detail::TC_CONTINUE.")]] = zeek::detail::TC_CONTINUE;
+constexpr auto TC_ABORTALL [[deprecated("Remove in v4.1. Use zeek::detail::TC_ABORTALL.")]] = zeek::detail::TC_ABORTALL;
+constexpr auto TC_ABORTSTMT [[deprecated("Remove in v4.1. Use zeek::detail::TC_ABORTSTMT.")]] = zeek::detail::TC_ABORTSTMT;

src/TunnelEncapsulation.cc

@@ -4,6 +4,8 @@
 #include "util.h"
 #include "Conn.h"
 
+namespace zeek {
+
 EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
 		: src_addr(c->OrigAddr()), dst_addr(c->RespAddr()),
 		  src_port(c->OrigPort()), dst_port(c->RespPort()),
@@ -52,3 +54,5 @@ bool operator==(const EncapsulationStack& e1, const EncapsulationStack& e2)
 
 	return true;
 	}
+
+} // namespace zeek

src/TunnelEncapsulation.h

@@ -13,6 +13,8 @@
 
 class Connection;
 
+namespace zeek {
+
 /**
  * Represents various types of tunnel "connections", that is, a pair of
  * endpoints whose communication encapsulates inner IP packets.  This could
@@ -44,7 +46,7 @@ public:
 	                  BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP)
 		: src_addr(s), dst_addr(d), src_port(0), dst_port(0),
 		  proto(TRANSPORT_UNKNOWN), type(t),
-		  uid(Bro::UID(bits_per_uid))
+		  uid(zeek::UID(bits_per_uid))
 		{
 		}
 
@@ -125,7 +127,7 @@ protected:
 	uint16_t dst_port;
 	TransportProto proto;
 	BifEnum::Tunnel::Type type;
-	Bro::UID uid;
+	zeek::UID uid;
 };
 
 /**
@@ -225,3 +227,5 @@ public:
 protected:
 	std::vector<EncapsulatingConn>* conns;
 };
+
+} // namespace zeek

src/UID.cc

@@ -6,9 +6,10 @@
 
 #include <cstdlib>
 
-using namespace Bro;
 using namespace std;
 
+namespace zeek {
+
 void UID::Set(bro_uint_t bits, const uint64_t* v, size_t n)
 	{
 	initialized = true;
@@ -40,3 +41,5 @@ std::string UID::Base62(std::string prefix) const
 
 	return prefix;
 	}
+
+} // namespace zeek

src/UID.h

@@ -2,15 +2,14 @@
 
 #pragma once
 
-#include "util.h" // for bro_int_t
+#include <string.h>
-
 #include <string>
 
-#include <string.h>
+#include "util.h" // for bro_int_t
 
 #define BRO_UID_LEN 2
 
-namespace Bro {
+namespace zeek {
 
 /**
  * A class for creating/managing UIDs of arbitrary bit-length and converting
@@ -98,4 +97,8 @@ inline UID& UID::operator=(const UID& other)
 	return *this;
 	}
 
-} // namespace Bro
+} // namespace zeek
+
+namespace Bro {
+	using UID [[deprecated("Remove in v4.1. Use zeek::UID.")]] = zeek::UID;
+}

src/Val.cc

@@ -1440,7 +1440,7 @@ void TableVal::Init(TableTypePtr t)
 	def_val = nullptr;
 
 	if ( table_type->IsSubNetIndex() )
-		subnets = new PrefixTable;
+		subnets = new zeek::detail::PrefixTable;
 	else
 		subnets = nullptr;
 

src/Val.h

@@ -47,7 +47,7 @@ using BroFilePtr [[deprecated("Remove in v4.1. Use zeek::FilePtr.")]] = zeek::Fi
 namespace zeek::detail { class ScriptFunc; }
 using BroFunc [[deprecated("Remove in v4.1. Use zeek::detail::ScriptFunc instead.")]] = zeek::detail::ScriptFunc;
 
-class PrefixTable;
+ZEEK_FORWARD_DECLARE_NAMESPACED(PrefixTable, zeek::detail);
 class StateAccess;
 ZEEK_FORWARD_DECLARE_NAMESPACED(RE_Matcher, zeek);
 
@@ -983,7 +983,7 @@ public:
 	// Returns the Prefix table used inside the table (if present).
 	// This allows us to do more direct queries to this specialized
 	// type that the general Table API does not allow.
-	const PrefixTable* Subnets() const { return subnets; }
+	const zeek::detail::PrefixTable* Subnets() const { return subnets; }
 
 	void Describe(ODesc* d) const override;
 
@@ -1092,7 +1092,7 @@ protected:
 	zeek::detail::ExprPtr expire_func;
 	TableValTimer* timer;
 	IterCookie* expire_cookie;
-	PrefixTable* subnets;
+	zeek::detail::PrefixTable* subnets;
 	ValPtr def_val;
 	zeek::detail::ExprPtr change_func;
 	std::string broker_store;

src/Var.cc

@@ -659,53 +659,53 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name,
 		zeek::detail::current_scope()->GetID()->MakeDeprecated(depr_attr->GetExpr());
 	}
 
-class OuterIDBindingFinder : public TraversalCallback {
+class OuterIDBindingFinder : public zeek::detail::TraversalCallback {
 public:
 	OuterIDBindingFinder(zeek::detail::Scope* s)
 		{
 		scopes.emplace_back(s);
 		}
 
-	TraversalCode PreExpr(const zeek::detail::Expr*) override;
+	zeek::detail::TraversalCode PreExpr(const zeek::detail::Expr*) override;
-	TraversalCode PostExpr(const zeek::detail::Expr*) override;
+	zeek::detail::TraversalCode PostExpr(const zeek::detail::Expr*) override;
 
 	std::vector<zeek::detail::Scope*> scopes;
 	std::vector<const zeek::detail::NameExpr*> outer_id_references;
 };
 
-TraversalCode OuterIDBindingFinder::PreExpr(const zeek::detail::Expr* expr)
+zeek::detail::TraversalCode OuterIDBindingFinder::PreExpr(const zeek::detail::Expr* expr)
 	{
 	if ( expr->Tag() == zeek::detail::EXPR_LAMBDA )
 		{
 		auto le = static_cast<const zeek::detail::LambdaExpr*>(expr);
 		scopes.emplace_back(le->GetScope());
-		return TC_CONTINUE;
+		return zeek::detail::TC_CONTINUE;
 		}
 
 	if ( expr->Tag() != zeek::detail::EXPR_NAME )
-		return TC_CONTINUE;
+		return zeek::detail::TC_CONTINUE;
 
 	auto* e = static_cast<const zeek::detail::NameExpr*>(expr);
 
 	if ( e->Id()->IsGlobal() )
-		return TC_CONTINUE;
+		return zeek::detail::TC_CONTINUE;
 
 	for ( const auto& scope : scopes )
 		if ( scope->Find(e->Id()->Name()) )
 			// Shadowing is not allowed, so if it's found at inner scope, it's
 			// not something we have to worry about also being at outer scope.
-			return TC_CONTINUE;
+			return zeek::detail::TC_CONTINUE;
 
 	outer_id_references.push_back(e);
-	return TC_CONTINUE;
+	return zeek::detail::TC_CONTINUE;
 	}
 
-TraversalCode OuterIDBindingFinder::PostExpr(const zeek::detail::Expr* expr)
+zeek::detail::TraversalCode OuterIDBindingFinder::PostExpr(const zeek::detail::Expr* expr)
 	{
 	if ( expr->Tag() == zeek::detail::EXPR_LAMBDA )
 		scopes.pop_back();
 
-	return TC_CONTINUE;
+	return zeek::detail::TC_CONTINUE;
 	}
 
 void end_func(zeek::detail::StmtPtr body)

src/WeirdState.cc

@@ -2,6 +2,8 @@
 #include "Net.h"
 #include "util.h"
 
+namespace zeek::detail {
+
 bool PermitWeird(WeirdStateMap& wsm, const char* name, uint64_t threshold,
                  uint64_t rate, double duration)
     {
@@ -29,3 +31,5 @@ bool PermitWeird(WeirdStateMap& wsm, const char* name, uint64_t threshold,
 	else
 		return false;
     }
+
+} // namespace zeek::detail

src/WeirdState.h

@@ -5,6 +5,8 @@
 #include <string>
 #include <unordered_map>
 
+namespace zeek::detail {
+
 struct WeirdState {
 	WeirdState() = default;
 	uint64_t count = 0;
@@ -15,3 +17,5 @@ using WeirdStateMap = std::unordered_map<std::string, WeirdState>;
 
 bool PermitWeird(WeirdStateMap& wsm, const char* name, uint64_t threshold,
                  uint64_t rate, double duration);
+
+} // namespace zeek::detail

src/analyzer/protocol/ayiya/ayiya-analyzer.pac

@@ -16,7 +16,7 @@ flow AYIYA_Flow
 	function process_ayiya(pdu: PDU): bool
 		%{
 		Connection *c = connection()->bro_analyzer()->Conn();
-		const EncapsulationStack* e = c->GetEncapsulation();
+		const zeek::EncapsulationStack* e = c->GetEncapsulation();
 
 		if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
 			{
@@ -84,7 +84,7 @@ flow AYIYA_Flow
 			return false;
 			}
 
-		EncapsulatingConn ec(c, BifEnum::Tunnel::AYIYA);
+		zeek::EncapsulatingConn ec(c, BifEnum::Tunnel::AYIYA);
 
 		sessions->DoNextInnerPacket(network_time(), 0, inner, e, ec);
 

src/analyzer/protocol/ftp/FTP.cc

@@ -217,7 +217,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 			{
 			line = skip_whitespace(line + cmd_len, end_of_line);
 			zeek::StringVal encoded(end_of_line - line, line);
-			decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn());
+			decoded_adat = zeek::detail::decode_base64(encoded.AsString(), nullptr, Conn());
 
 			if ( first_token )
 				{
@@ -292,7 +292,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 				{
 				line += 5;
 				zeek::StringVal encoded(end_of_line - line, line);
-				decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn());
+				decoded_adat = zeek::detail::decode_base64(encoded.AsString(), nullptr, Conn());
 				}
 
 			break;

src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac

@@ -648,7 +648,7 @@ flow GTPv1_Flow(is_orig: bool)
 		%{
 		BroAnalyzer a = connection()->bro_analyzer();
 		Connection *c = a->Conn();
-		const EncapsulationStack* e = c->GetEncapsulation();
+		const zeek::EncapsulationStack* e = c->GetEncapsulation();
 
 		connection()->set_valid(is_orig(), false);
 
@@ -713,7 +713,7 @@ flow GTPv1_Flow(is_orig: bool)
 		%{
 		BroAnalyzer a = connection()->bro_analyzer();
 		Connection *c = a->Conn();
-		const EncapsulationStack* e = c->GetEncapsulation();
+		const zeek::EncapsulationStack* e = c->GetEncapsulation();
 
 		if ( ${pdu.packet}.length() < (int)sizeof(struct ip) )
 			{
@@ -762,7 +762,7 @@ flow GTPv1_Flow(is_orig: bool)
 			zeek::BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu),
 			                                           inner->ToPktHdrVal());
 
-		EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1);
+		zeek::EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1);
 
 		sessions->DoNextInnerPacket(network_time(), 0, inner, e, ec);
 

src/analyzer/protocol/mime/MIME.cc

@@ -1162,7 +1162,7 @@ void MIME_Entity::StartDecodeBase64()
 		return;
 		}
 
-	base64_decoder = new Base64Converter(analyzer->Conn());
+	base64_decoder = new zeek::detail::Base64Converter(analyzer->Conn());
 	}
 
 void MIME_Entity::FinishDecodeBase64()

src/analyzer/protocol/mime/MIME.h

@@ -12,7 +12,7 @@
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
-class Base64Converter;
+ZEEK_FORWARD_DECLARE_NAMESPACED(Base64Converter, zeek::detail);
 
 namespace zeek {
 using TableValPtr = zeek::IntrusivePtr<TableVal>;
@@ -175,7 +175,7 @@ protected:
 	MIME_Entity* parent;
 	MIME_Entity* current_child_entity;
 
-	Base64Converter* base64_decoder;
+	zeek::detail::Base64Converter* base64_decoder;
 
 	int data_buf_length;
 	char* data_buf_data;

src/analyzer/protocol/pop3/POP3.cc

@@ -136,7 +136,7 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line)
 		++authLines;
 
 		zeek::String encoded(line);
-		zeek::String* decoded = decode_base64(&encoded, nullptr, Conn());
+		zeek::String* decoded = zeek::detail::decode_base64(&encoded, nullptr, Conn());
 
 		if ( ! decoded )
 			{

src/analyzer/protocol/teredo/Teredo.cc

@@ -152,7 +152,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		return;
 		}
 
-	const EncapsulationStack* e = Conn()->GetEncapsulation();
+	const zeek::EncapsulationStack* e = Conn()->GetEncapsulation();
 
 	if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
 		{
@@ -226,7 +226,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		Conn()->EnqueueEvent(teredo_bubble, nullptr, ConnVal(), teredo_hdr);
 		}
 
-	EncapsulatingConn ec(Conn(), BifEnum::Tunnel::TEREDO);
+	zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::TEREDO);
 
 	sessions->DoNextInnerPacket(network_time, nullptr, inner, e, ec);
 	}

src/analyzer/protocol/vxlan/VXLAN.cc

@@ -46,7 +46,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		return;
 		}
 
-	const EncapsulationStack* estack = Conn()->GetEncapsulation();
+	const zeek::EncapsulationStack* estack = Conn()->GetEncapsulation();
 
 	if ( estack && estack->Depth() >= zeek::BifConst::Tunnel::max_depth )
 		{
@@ -104,6 +104,6 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		Conn()->EnqueueEvent(vxlan_packet, nullptr, ConnVal(),
 		                     inner->ToPktHdrVal(), zeek::val_mgr->Count(vni));
 
-	EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN);
+	zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN);
 	sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec);
 	}

src/broker/Manager.cc

@@ -577,7 +577,7 @@ bool Manager::PublishLogWrite(zeek::EnumVal* stream, zeek::EnumVal* writer, stri
 		return false;
 		}
 
-	BinarySerializationFormat fmt;
+	zeek::detail::BinarySerializationFormat fmt;
 	char* data;
 	int len;
 
@@ -1332,7 +1332,7 @@ bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw)
 		return false;
 		}
 
-	BinarySerializationFormat fmt;
+	zeek::detail::BinarySerializationFormat fmt;
 	fmt.StartRead(serial_data->data(), serial_data->size());
 
 	int num_fields;

src/file_analysis/File.cc

@@ -653,5 +653,5 @@ void File::FileEvent(zeek::EventHandlerPtr h, zeek::Args args)
 bool File::PermitWeird(const char* name, uint64_t threshold, uint64_t rate,
                        double duration)
 	{
-	return ::PermitWeird(weird_state, name, threshold, rate, duration);
+	return zeek::detail::PermitWeird(weird_state, name, threshold, rate, duration);
 	}

src/file_analysis/File.h

@@ -373,7 +373,7 @@ protected:
 		zeek::String::CVec chunks;
 	} bof_buffer;              /**< Beginning of file buffer. */
 
-	WeirdStateMap weird_state;
+	zeek::detail::WeirdStateMap weird_state;
 
 	static int id_idx;
 	static int parent_id_idx;

src/file_analysis/Manager.cc

@@ -69,7 +69,7 @@ string Manager::HashHandle(const string& handle) const
 	zeek::detail::hash128_t hash;
 	zeek::detail::KeyedHash::StaticHash128(handle.data(), handle.size(), &hash);
 
-	return Bro::UID(bits_per_uid, hash, 2).Base62("F");
+	return zeek::UID(bits_per_uid, hash, 2).Base62("F");
 	}
 
 void Manager::SetHandle(const string& handle)

src/logging/Manager.h

@@ -15,7 +15,7 @@
 #include "WriterBackend.h"
 
 namespace broker { struct endpoint_info; }
-class SerializationFormat;
+ZEEK_FORWARD_DECLARE_NAMESPACED(SerializationFormat, zeek::detail);
 class RotationTimer;
 
 namespace logging {

src/scan.l

@@ -670,23 +670,23 @@ void begin_RE()
 	BEGIN(RE);
 	}
 
-class LocalNameFinder : public TraversalCallback {
+class LocalNameFinder : public zeek::detail::TraversalCallback {
 public:
 	LocalNameFinder()
 		{}
 
-	virtual TraversalCode PreExpr(const zeek::detail::Expr* expr)
+	virtual zeek::detail::TraversalCode PreExpr(const zeek::detail::Expr* expr)
 		{
 		if ( expr->Tag() != EXPR_NAME )
-			return TC_CONTINUE;
+			return zeek::detail::TC_CONTINUE;
 
 		const zeek::detail::NameExpr* name_expr = static_cast<const zeek::detail::NameExpr*>(expr);
 
 		if ( name_expr->Id()->IsGlobal() )
-			return TC_CONTINUE;
+			return zeek::detail::TC_CONTINUE;
 
 		local_names.push_back(name_expr);
-		return TC_CONTINUE;
+		return zeek::detail::TC_CONTINUE;
 		}
 
 	std::vector<const zeek::detail::NameExpr*> local_names;

src/threading/SerialTypes.cc

@@ -16,7 +16,7 @@
 
 using namespace threading;
 
-bool Field::Read(SerializationFormat* fmt)
+bool Field::Read(zeek::detail::SerializationFormat* fmt)
 	{
 	int t;
 	int st;
@@ -53,7 +53,7 @@ bool Field::Read(SerializationFormat* fmt)
 	return true;
 	}
 
-bool Field::Write(SerializationFormat* fmt) const
+bool Field::Write(zeek::detail::SerializationFormat* fmt) const
 	{
 	assert(name);
 
@@ -173,7 +173,7 @@ bool Value::IsCompatibleType(zeek::Type* t, bool atomic_only)
 	return false;
 	}
 
-bool Value::Read(SerializationFormat* fmt)
+bool Value::Read(zeek::detail::SerializationFormat* fmt)
 	{
 	int ty, sty;
 
@@ -323,7 +323,7 @@ bool Value::Read(SerializationFormat* fmt)
 	return false;
 	}
 
-bool Value::Write(SerializationFormat* fmt) const
+bool Value::Write(zeek::detail::SerializationFormat* fmt) const
 	{
 	if ( ! (fmt->Write((int)type, "type") &&
 		fmt->Write((int)subtype, "subtype") &&

src/threading/SerialTypes.h

@@ -9,7 +9,7 @@
 #include "Type.h"
 #include "net_util.h"
 
-class SerializationFormat;
+ZEEK_FORWARD_DECLARE_NAMESPACED(SerializationFormat, zeek::detail);
 
 namespace threading {
 
@@ -55,7 +55,7 @@ struct Field {
 	 *
 	 * @return False if an error occured.
 	 */
-	bool Read(SerializationFormat* fmt);
+	bool Read(zeek::detail::SerializationFormat* fmt);
 
 	/**
 	 * Serializes a field.
@@ -65,7 +65,7 @@ struct Field {
 	 *
 	 * @return False if an error occured.
 	 */
-	bool Write(SerializationFormat* fmt) const;
+	bool Write(zeek::detail::SerializationFormat* fmt) const;
 
 	/**
 	 * Returns a textual description of the field's type. This method is
@@ -171,7 +171,7 @@ struct Value {
 	 *
 	 * @return False if an error occured.
 	 */
-	bool Read(SerializationFormat* fmt);
+	bool Read(zeek::detail::SerializationFormat* fmt);
 
 	/**
 	 * Serializes a value.
@@ -181,7 +181,7 @@ struct Value {
 	 *
 	 * @return False if an error occured.
 	 */
-	bool Write(SerializationFormat* fmt) const;
+	bool Write(zeek::detail::SerializationFormat* fmt) const;
 
 	/**
 	 * Returns true if the type can be represented by a Value. If

src/zeek.bif

@@ -1218,7 +1218,7 @@ function check_subnet%(search: subnet, t: any%): bool
 		return nullptr;
 		}
 
-	const PrefixTable* pt = t->AsTableVal()->Subnets();
+	const zeek::detail::PrefixTable* pt = t->AsTableVal()->Subnets();
 	if ( ! pt )
 		{
 		zeek::reporter->Error("check_subnet encountered nonexisting prefix table.");
@@ -2936,7 +2936,7 @@ function hexstr_to_bytestring%(hexstr: string%): string
 ## .. zeek:see:: decode_base64
 function encode_base64%(s: string, a: string &default=""%): string
 	%{
-	String* t = encode_base64(s->AsString(), a->AsString());
+	String* t = zeek::detail::encode_base64(s->AsString(), a->AsString());
 	if ( t )
 		return zeek::make_intrusive<zeek::StringVal>(t);
 	else
@@ -2958,7 +2958,7 @@ function encode_base64%(s: string, a: string &default=""%): string
 ## .. zeek:see:: decode_base64_conn encode_base64
 function decode_base64%(s: string, a: string &default=""%): string
 	%{
-	String* t = decode_base64(s->AsString(), a->AsString());
+	String* t = zeek::detail::decode_base64(s->AsString(), a->AsString());
 	if ( t )
 		return zeek::make_intrusive<zeek::StringVal>(t);
 	else
@@ -2991,7 +2991,7 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s
 		return zeek::val_mgr->EmptyString();
 		}
 
-	String* t = decode_base64(s->AsString(), a->AsString(), conn);
+	String* t = zeek::detail::decode_base64(s->AsString(), a->AsString(), conn);
 	if ( t )
 		return zeek::make_intrusive<zeek::StringVal>(t);
 	else