Fix some malformed Broxygen xref roles.

doc/logging.rst

@@ -163,7 +163,7 @@ quickly ...
 .. sidebar:: A More Generic Path Function
 
     The ``split_log`` method has one draw-back: it can be used
-    only with the :bro:enum:`Conn::Log` stream as the record type is hardcoded
+    only with the :bro:enum:`Conn::LOG` stream as the record type is hardcoded
     into its argument list. However, Bro allows to do a more generic
     variant:
 

doc/scripts/builtins.rst

@@ -6,6 +6,11 @@ Types
 
 The Bro scripting language supports the following built-in types.
 
+.. bro:type:: void
+
+    An internal Bro type representing an absence of a type.  Should
+    most often be seen as a possible function return type.
+
 .. bro:type:: bool
 
     Reflects a value with one of two meanings: true or false.  The two
@@ -621,6 +626,10 @@ scripting language supports the following built-in attributes.
 
     Writes a record field to the associated log stream.
 
+.. bro:attr:: &error_handler
+
+.. TODO: needs documented
+
 .. bro:attr:: (&tracked)
 
 .. TODO: needs documented or removed if it's not used anywhere.

scripts/base/frameworks/control/main.bro

@@ -1,6 +1,6 @@
 ##! This is a utility script that sends the current values of all &redef'able
-##! consts to a remote Bro then sends the :bro:id:`configuration_update` event
+##! consts to a remote Bro then sends the
-##! and terminates processing.
+##! :bro:id:`Control::configuration_update` event and terminates processing.
 ##!
 ##! Intended to be used from the command line like this when starting a controller::
 ##!
@@ -53,7 +53,8 @@ export {
 
 	## Event for requesting the value of an ID (a variable).
 	global id_value_request: event(id: string);
-	## Event for returning the value of an ID after an :bro:id:`id_request` event.
+	## Event for returning the value of an ID after an
+	## :bro:id:`Control::id_value_request` event.
 	global id_value_response: event(id: string, val: string);
 
 	## Requests the current communication status.
@@ -68,7 +69,8 @@ export {
 
 	## Inform the remote Bro instance that it's configuration may have been updated.
 	global configuration_update_request: event();
-	## This event is a wrapper and alias for the :bro:id:`configuration_update_request` event.
+	## This event is a wrapper and alias for the
+	## :bro:id:`Control::configuration_update_request` event.
 	## This event is also a primary hooking point for the control framework.
 	global configuration_update: event();
 	## Message in response to a configuration update request.

scripts/base/frameworks/intel/main.bro

@@ -76,8 +76,8 @@ export {
 		and_tags:    set[string] &optional; 
 		
 		## The predicate can be given when searching for a match.  It will
-		## be tested against every :bro:type:`MetaData` item associated with 
+		## be tested against every :bro:type:`Intel::MetaData` item associated
-		## the data being matched on.  If it returns T a single time, the 
+		## with the data being matched on.  If it returns T a single time, the 
 		## matcher will consider that the item has matched.
 		pred:    function(meta: Intel::MetaData): bool &optional;
 	};

scripts/base/frameworks/metrics/cluster.bro

@@ -40,12 +40,12 @@ export {
 	global cluster_index_request: event(uid: string, id: ID, filter_name: string, index: Index);
 
 	## This event is sent by nodes in response to a 
-	## :bro:id:`cluster_index_request` event.
+	## :bro:id:`Metrics::cluster_index_request` event.
 	global cluster_index_response: event(uid: string, id: ID, filter_name: string, index: Index, val: count);
 
 	## This is sent by workers to indicate that they crossed the percent of the 
 	## current threshold by the percentage defined globally in 
-	## :bro:id:`cluster_request_global_view_percent`
+	## :bro:id:`Metrics::cluster_request_global_view_percent`
 	global cluster_index_intermediate_response: event(id: Metrics::ID, filter_name: string, index: Metrics::Index, val: count);
 
 	## This event is scheduled internally on workers to send result chunks.

scripts/base/frameworks/metrics/main.bro

@@ -86,6 +86,8 @@ export {
 		## threshold in every break interval.
 		notice_freq:       interval                &optional;
 	};
+
+	type MetricTable: table[Index] of count &default=0;
 	
 	global add_filter: function(id: ID, filter: Filter);
 	global add_data: function(id: ID, index: Index, increment: count);
@@ -105,7 +107,6 @@ redef record Notice::Info += {
 global metric_filters: table[ID] of vector of Filter = table();
 global filter_store: table[ID, string] of Filter = table();
 
-type MetricTable: table[Index] of count &default=0;
 # This is indexed by metric ID and stream filter name.
 global store: table[ID, string] of MetricTable = table() &default=table();
 

scripts/base/frameworks/notice/actions/email_admin.bro

@@ -11,8 +11,8 @@ module Notice;
 export {
 	redef enum Action += {
 		## Indicate that the generated email should be addressed to the 
-		## appropriate email addresses as found in the 
+		## appropriate email addresses as found by the
-		## :bro:id:`Site::addr_to_emails` variable based on the relevant 
+		## :bro:id:`Site::get_emails` function based on the relevant 
 		## address or addresses indicated in the notice.
 		ACTION_EMAIL_ADMIN
 	};

scripts/base/frameworks/notice/actions/page.bro

@@ -7,7 +7,7 @@ module Notice;
 export {
 	redef enum Action += {
 		## Indicates that the notice should be sent to the pager email address
-		## configured in the :bro:id:`mail_page_dest` variable.
+		## configured in the :bro:id:`Notice::mail_page_dest` variable.
 		ACTION_PAGE
 	};
 	

scripts/base/frameworks/software/main.bro

@@ -81,9 +81,9 @@ export {
 	global cmp_versions: function(v1: Version, v2: Version): int;
 	
 	## This type represents a set of software.  It's used by the 
-	## :bro:id:`tracked` variable to store all known pieces of software
+	## :bro:id:`Software::tracked` variable to store all known pieces of
-	## for a particular host.  It's indexed with the name of a piece of 
+	## software for a particular host.  It's indexed with the name of a piece
-	## software such as "Firefox" and it yields a 
+	## of software such as "Firefox" and it yields a 
 	## :bro:type:`Software::Info` record with more information about the 
 	## software.
 	type SoftwareSet: table[string] of Info;

scripts/base/init-bare.bro

@@ -75,7 +75,7 @@ type conn_id: record {
 } &log;
 
 ## Specifics about an ICMP conversation. ICMP events typically pass this in
-## addition to :bro:id:`conn_id`.
+## addition to :bro:type:`conn_id`.
 ##
 ## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
 ##    icmp_time_exceeded icmp_unreachable
@@ -331,7 +331,7 @@ type script_id: record {
 	exported: bool;	##< True if the identifier is exported.
 	constant: bool;	##< True if the identifier is a constant.
 	enum_constant: bool;	##< True if the identifier is an enum value.
-	redefinable: bool;	##< True if the identifier is declared with the :bro:attr:`redef` attribute.
+	redefinable: bool;	##< True if the identifier is declared with the :bro:attr:`&redef` attribute.
 	value: any &optional;	##< The current value of the identifier.
 };
 
@@ -350,11 +350,11 @@ type id_table: table[string] of script_id;
 ## .. bro:see:: record_fields record_field_table
 type record_field: record {
 	type_name: string;	##< The name of the field's type.
-	log: bool;	##< True of the field is declared with :bro:attr:`log` attribute.
+	log: bool;	##< True of the field is declared with :bro:attr:`&log` attribute.
 	## The current value of the field in the record instance passed into
 	## :bro:see:`record_fields` (if it has one).
 	value: any &optional;
-	default_val: any &optional;	##< The value of the :bro:attr:`default` attribute if defined.
+	default_val: any &optional;	##< The value of the :bro:attr:`&default` attribute if defined.
 };
 
 ## Table type used to map record field declarations to meta-information describing
@@ -384,9 +384,10 @@ type record_field_table: table[string] of record_field;
 global capture_filters: table[string] of string &redef;
 
 ## Set of BPF filters to restrict capturing, indexed by a user-definable ID (which
-## must be unique). If Bro is *not* configured to examine :bro:id:`all_packets`,
+## must be unique). If Bro is *not* configured to examine
-## only packets matching *all* of the filters in this table (and
+## :bro:id:`PacketFilter::all_packets`, only packets matching *all* of the
-## any in :bro:id:`capture_filters`) will be analyzed.
+## filters in this table (and any in :bro:id:`capture_filters`) will be
+## analyzed.
 ##
 ## .. bro:see:: PacketFilter PacketFilter::all_packets
 ##    PacketFilter::unrestricted_filter capture_filters
@@ -555,7 +556,7 @@ global log_file_name: function(tag: string): string &redef;
 global open_log_file: function(tag: string): file &redef;
 
 ## Specifies a directory for Bro store its persistent state. All globals can
-## be declared persistent via the :bro:attr:`persistent` attribute.
+## be declared persistent via the :bro:attr:`&persistent` attribute.
 const state_dir = ".state" &redef;
 
 ## Length of the delays inserted when storing state incrementally. To avoid

scripts/base/protocols/irc/main.bro

@@ -1,8 +1,8 @@
 ##! This is the script that implements the core IRC analysis support.  It only
 ##! logs a very limited subset of the IRC protocol by default.  The points
 ##! that it logs at are NICK commands, USER commands, and JOIN commands.  It 
-##! log various bits of meta data as indicated in the :bro:type:`Info` record
+##! log various bits of meta data as indicated in the :bro:type:`IRC::Info`
-##! along with the command at the command arguments.
+##! record along with the command at the command arguments.
 
 module IRC;
 

scripts/base/utils/site.bro

@@ -18,7 +18,7 @@ export {
 	const local_nets: set[subnet] &redef;
 	
 	## This is used for retrieving the subnet when you multiple 
-	## :bro:id:`local_nets`.  A membership query can be done with an 
+	## :bro:id:`Site::local_nets`.  A membership query can be done with an 
 	## :bro:type:`addr` and the table will yield the subnet it was found 
 	## within.
 	global local_nets_table: table[subnet] of subnet = {};

scripts/policy/integration/barnyard2/main.bro

@@ -15,7 +15,7 @@ export {
 		alert:              AlertData &log;
 	};
 	
-	## This can convert a Barnyard :bro:type:`PacketID` value to a 
+	## This can convert a Barnyard :bro:type:`Barnyard2::PacketID` value to a 
 	## :bro:type:`conn_id` value in the case that you might need to index 
 	## into an existing data structure elsewhere within Bro.
 	global pid2cid: function(p: PacketID): conn_id;

scripts/policy/misc/capture-loss.bro

@@ -42,9 +42,9 @@ export {
 	const watch_interval = 15mins &redef;
 	
 	## The percentage of missed data that is considered "too much" 
-	## when the :bro:enum:`Too_Much_Loss` notice should be generated.
+	## when the :bro:enum:`CaptureLoss::Too_Much_Loss` notice should be
-	## The value is expressed as a double between 0 and 1 with 1 being
+	## generated. The value is expressed as a double between 0 and 1 with 1
-	## 100%
+	## being 100%
 	const too_much_loss: double = 0.1 &redef;
 }
 

scripts/policy/misc/trim-trace-file.bro

@@ -10,7 +10,8 @@ export {
 	## This event can be generated externally to this script if on-demand
 	## tracefile rotation is required with the caveat that the script doesn't
 	## currently attempt to get back on schedule automatically and the next
-	## trim will likely won't happen on the :bro:id:`trim_interval`.
+	## trim will likely won't happen on the
+	## :bro:id:`TrimTraceFile::trim_interval`.
 	global go: event(first_trim: bool);
 	}
 

scripts/policy/protocols/http/detect-sqli.bro

@@ -35,9 +35,9 @@ export {
 	## injection attacks.
 	const sqli_requests_threshold = 50 &redef;
 	
-	## Interval at which to watch for the :bro:id:`sqli_requests_threshold`
+	## Interval at which to watch for the
-	## variable to be crossed.  At the end of each interval the counter is 
+	## :bro:id:`HTTP::sqli_requests_threshold` variable to be crossed.
-	## reset.
+	## At the end of each interval the counter is reset.
 	const sqli_requests_interval = 5min &redef;
 
 	## This regular expression is used to match URI based SQL injections

scripts/policy/protocols/ssh/detect-bruteforcing.bro

@@ -9,7 +9,7 @@ module SSH;
 export {
 	redef enum Notice::Type += {
 		## Indicates that a host has been identified as crossing the 
-		## :bro:id:`password_guesses_limit` threshold with heuristically
+		## :bro:id:`SSH::password_guesses_limit` threshold with heuristically
 		## determined failed logins.
 		Password_Guessing,
 		## Indicates that a host previously identified as a "password guesser"

scripts/policy/protocols/ssh/interesting-hostnames.bro

@@ -12,7 +12,7 @@ export {
 	redef enum Notice::Type += {
 		## Generated if a login originates or responds with a host and the 
 		## reverse hostname lookup resolves to a name matched by the 
-		## :bro:id:`interesting_hostnames` regular expression.
+		## :bro:id:`SSH::interesting_hostnames` regular expression.
 		Interesting_Hostname_Login,
 	};
 	

scripts/policy/protocols/ssl/expiring-certs.bro

@@ -29,7 +29,7 @@ export {
 	const notify_certs_expiration = LOCAL_HOSTS &redef;
 	
 	## The time before a certificate is going to expire that you would like to
-	## start receiving :bro:enum:`Certificate_Expires_Soon` notices.
+	## start receiving :bro:enum:`SSL::Certificate_Expires_Soon` notices.
 	const notify_when_cert_expiring_in = 30days &redef;
 }
 

src/bro.bif

@@ -657,7 +657,7 @@ function md5_hash_init%(index: any%): bool
 	%}
 
 ## Update the MD5 value associated with a given index. It is required to
-## call :bro:id:`md5_hash_init(index)` once before calling this
+## call :bro:id:`md5_hash_init` once before calling this
 ## function.
 ##
 ## index: The unique identifier to associate with this hash computation.
@@ -3025,11 +3025,11 @@ function connection_exists%(c: conn_id%): bool
 		return new Val(0, TYPE_BOOL);
 	%}
 
-## Returns the :bro:id:`connection` record for a given connection identifier.
+## Returns the :bro:type:`connection` record for a given connection identifier.
 ##
 ## cid: The connection ID.
 ##
-## Returns: The :bro:id:`connection` record for *cid*. If *cid* does not point
+## Returns: The :bro:type:`connection` record for *cid*. If *cid* does not point
 ##          to an existing connection, the function generates a run-time error
 ##          and returns a dummy value.
 ##
@@ -4833,7 +4833,7 @@ function enable_communication%(%): any
 	return 0;
 	%}
 
-## Flushes in-memory state tagged with the :bro:attr:`&persistence` attribute
+## Flushes in-memory state tagged with the :bro:attr:`&persistent` attribute
 ## to disk. The function writes the state to the file ``.state/state.bst`` in
 ## the directory where Bro was started.
 ##

src/event.bif

@@ -383,7 +383,7 @@ event connection_timeout%(c: connection%);
 event connection_reused%(c: connection%);
 
 ## Generated in regular intervals during the life time of a connection. The
-## events is raised each :bro:id:`connection_status_update_interval` seconds
+## events is raised each ``connection_status_update_interval`` seconds
 ## and can be used to check conditions on a regular basis.
 ##
 ## c: The connection.
@@ -428,7 +428,7 @@ event connection_external%(c: connection, tag: string%);
 ## a: The analyzer that was scheduled for the connection with the
 ##    :bro:id:`expect_connection` call. When the event is raised, that
 ##    analyzer will already have been activated to process the connection. The
-##    ``count`` is one of the ``ANALYZER_*`` constants, e.g., ``ANALYZER_HTTP``. 
+##    ``count`` is one of the ``ANALYZER_*`` constants, e.g., ``ANALYZER_HTTP``.
 ##
 ## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt
 ##    connection_established connection_external connection_finished
@@ -515,8 +515,8 @@ event tcp_option%(c: connection, is_orig: bool, opt: count, optlen: count%);
 ## Generated for each chunk of reassembled TCP payload. When content delivery is
 ## enabled for a TCP connection (via :bro:id:`tcp_content_delivery_ports_orig`,
 ## :bro:id:`tcp_content_delivery_ports_resp`,
-## :bro:id:`tcp_content_delivery_all_orig`,
+## :bro:id:`tcp_content_deliver_all_orig`,
-## :bro:id:`tcp_content_delivery_all_resp`), this event is raised for each chunk
+## :bro:id:`tcp_content_deliver_all_resp`), this event is raised for each chunk
 ## of in-order payload reconstructed from the packet stream. Note that this event
 ## is potentially expensive if many connections carry signficant amounts of data as
 ## then all that needs to be passed on to the scripting layer.
@@ -643,7 +643,7 @@ event gap_report%(dt: interval, info: gap_info%);
 ##
 ## atype: The type of the analyzer confirming that its protocol is in
 ##        use. The value is one of the ``ANALYZER_*`` constants. For example,
-##        :bro:id:`ANALYZER_HTTP` means the HTTP analyzers determined that it's indeed
+##        ``ANALYZER_HTTP`` means the HTTP analyzers determined that it's indeed
 ##        parsing an HTTP connection.
 ##
 ## aid:   A unique integer ID identifying the specific *instance* of the
@@ -656,8 +656,8 @@ event gap_report%(dt: interval, info: gap_info%);
 ## .. note::
 ##
 ##    Bro's default scripts use this event to determine the ``service`` column of
-##    :bro:id:`Conn::Info`: once confirmed, the protocol will be listed there (and
+##    :bro:type:`Conn::Info`: once confirmed, the protocol will be listed there
-##    thus in ``conn.log``).
+##    (and thus in ``conn.log``).
 event protocol_confirmation%(c: connection, atype: count, aid: count%);
 
 ## Generated when a protocol analyzer determines that a connection it is parsing
@@ -671,7 +671,7 @@ event protocol_confirmation%(c: connection, atype: count, aid: count%);
 ##
 ## atype: The type of the analyzer confirming that its protocol is in
 ##        use. The value is one of the ``ANALYZER_*`` constants. For example,
-##        :bro:id:`ANALYZER_HTTP` means the HTTP analyzers determined that it's indeed
+##        ``ANALYZER_HTTP`` means the HTTP analyzers determined that it's indeed
 ##        parsing an HTTP connection.
 ##
 ## aid:   A unique integer ID identifying the specific *instance* of the
@@ -5965,13 +5965,13 @@ event remote_state_inconsistency%(operation: string, id: string,
 ## intended primarily for use by Bro's communication framework, it can also trigger
 ## additional code if helpful.    
 ## 
-## level: The log level, which is either :bro:enum:`REMOTE_LOG_INFO` or
+## level: The log level, which is either :bro:id:`REMOTE_LOG_INFO` or
-##        :bro:enum:`REMOTE_LOG_ERROR`. 
+##        :bro:id:`REMOTE_LOG_ERROR`. 
 ## 
 ## src: The component of the comminication system that logged the message.
-##      Currently, this will be one of :bro:enum:`REMOTE_SRC_CHILD` (Bro's
+##      Currently, this will be one of :bro:id:`REMOTE_SRC_CHILD` (Bro's
-##      child process), :bro:enum:`REMOTE_SRC_PARENT` (Bro's main process), or
+##      child process), :bro:id:`REMOTE_SRC_PARENT` (Bro's main process), or
-##      :bro:enum:`REMOTE_SRC_SCRIPT` (the script level).  
+##      :bro:id:`REMOTE_SRC_SCRIPT` (the script level).  
 ## 
 ## msg: The message logged. 
 ##
@@ -5988,13 +5988,13 @@ event remote_log%(level: count, src: count, msg: string%);
 ##
 ## p: A record describing the remote peer.
 ##
-## level: The log level, which is either :bro:enum:`REMOTE_LOG_INFO` or
+## level: The log level, which is either :bro:id:`REMOTE_LOG_INFO` or
-##        :bro:enum:`REMOTE_LOG_ERROR`.
+##        :bro:id:`REMOTE_LOG_ERROR`.
 ##
 ## src: The component of the comminication system that logged the message.
-##      Currently, this will be one of :bro:enum:`REMOTE_SRC_CHILD` (Bro's
+##      Currently, this will be one of :bro:id:`REMOTE_SRC_CHILD` (Bro's
-##      child process), :bro:enum:`REMOTE_SRC_PARENT` (Bro's main process), or
+##      child process), :bro:id:`REMOTE_SRC_PARENT` (Bro's main process), or
-##      :bro:enum:`REMOTE_SRC_SCRIPT` (the script level).
+##      :bro:id:`REMOTE_SRC_SCRIPT` (the script level).
 ##
 ## msg: The message logged.
 ##
@@ -6051,7 +6051,7 @@ event remote_state_access_performed%(id: string, v: any%);
 ## f: The profiling file.
 ## 
 ## expensive: True if this event corresponds to heavier-weight profiling as
-##            indicated by the :bro:enum:`expensive_profiling_multiple` variable. 
+##            indicated by the :bro:id:`expensive_profiling_multiple` variable. 
 ##   
 ## .. bro:see::  profiling_interval expensive_profiling_multiple 
 event profiling_update%(f: file, expensive: bool%);

src/strings.bif

@@ -83,7 +83,7 @@ BroString* cat_string_array_n(TableVal* tbl, int start, int end)
 
 ## Concatenates all elements in an array of strings.
 ##
-## a: The :bro:id:`string_array` (``table[count] of string``).
+## a: The :bro:type:`string_array` (``table[count] of string``).
 ##
 ## Returns: The concatenation of all elements in *a*.
 ##
@@ -98,7 +98,7 @@ function cat_string_array%(a: string_array%): string
 
 ## Concatenates a specific range of elements in an array of strings.
 ##
-## a: The :bro:id:`string_array` (``table[count] of string``).
+## a: The :bro:type:`string_array` (``table[count] of string``).
 ##
 ## start: The array index of the first element of the range.
 ##
@@ -120,7 +120,7 @@ function cat_string_array_n%(a: string_array, start: count, end: count%): string
 ##
 ## sep: The separator to place between each element.
 ##
-## a: The :bro:id:`string_array` (``table[count] of string``).
+## a: The :bro:type:`string_array` (``table[count] of string``).
 ##
 ## Returns: The concatenation of all elements in *a*, with *sep* placed
 ##          between each element.
@@ -156,7 +156,7 @@ function join_string_array%(sep: string, a: string_array%): string
 ##
 ## sep: The separator to place between each element.
 ##
-## a: The :bro:id:`string_vec` (``vector of string``).
+## a: The :bro:type:`string_vec` (``vector of string``).
 ##
 ## Returns: The concatenation of all elements in *a*, with *sep* placed
 ##          between each element.
@@ -185,7 +185,7 @@ function join_string_vec%(vec: string_vec, sep: string%): string
 
 ## Sorts an array of strings.
 ##
-## a: The :bro:id:`string_array` (``table[count] of string``).
+## a: The :bro:type:`string_array` (``table[count] of string``).
 ##
 ## Returns: A sorted copy of *a*.
 ##