Spelling src

These are non-functional changes.

* accounting
* activation
* actual
* added
* addresult
* aggregable
* aligned
* alternatively
* ambiguous
* analysis
* analyzer
* anticlimactic
* apparently
* application
* appropriate
* arithmetic
* assignment
* assigns
* associated
* authentication
* authoritative
* barrier
* boundary
* broccoli
* buffering
* caching
* called
* canonicalized
* capturing
* certificates
* ciphersuite
* columns
* communication
* comparison
* comparisons
* compilation
* component
* concatenating
* concatenation
* connection
* convenience
* correctly
* corresponding
* could
* counting
* data
* declared
* decryption
* defining
* dependent
* deprecated
* detached
* dictionary
* directional
* directly
* directory
* discarding
* disconnecting
* distinguishes
* documentation
* elsewhere
* emitted
* empty
* endianness
* endpoint
* enumerator
* essentially
* evaluated
* everything
* exactly
* execute
* explicit
* expressions
* facilitates
* fiddling
* filesystem
* flag
* flagged
* for
* fragments
* guarantee
* guaranteed
* happen
* happening
* hemisphere
* identifier
* identifies
* identify
* implementation
* implemented
* implementing
* including
* inconsistency
* indeterminate
* indices
* individual
* information
* initial
* initialization
* initialize
* initialized
* initializes
* instantiate
* instantiated
* instantiates
* interface
* internal
* interpreted
* interpreter
* into
* it
* iterators
* length
* likely
* log
* longer
* mainly
* mark
* maximum
* message
* minimum
* module
* must
* name
* namespace
* necessary
* nonexistent
* not
* notifications
* notifier
* number
* objects
* occurred
* operations
* original
* otherwise
* output
* overridden
* override
* overriding
* overwriting
* ownership
* parameters
* particular
* payload
* persistent
* potential
* precision
* preexisting
* preservation
* preserved
* primarily
* probably
* procedure
* proceed
* process
* processed
* processes
* processing
* propagate
* propagated
* prototype
* provides
* publishing
* purposes
* queue
* reached
* reason
* reassem
* reassemble
* reassembler
* recommend
* record
* reduction
* reference
* regularly
* representation
* request
* reserved
* retrieve
* returning
* separate
* should
* shouldn't
* significant
* signing
* simplified
* simultaneously
* single
* somebody
* sources
* specific
* specification
* specified
* specifies
* specify
* statement
* subdirectories
* succeeded
* successful
* successfully
* supplied
* synchronization
* tag
* temporarily
* terminating
* that
* the
* transmitted
* true
* truncated
* try
* understand
* unescaped
* unforwarding
* unknown
* unknowndata
* unspecified
* update
* usually
* which
* wildcard

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

src/Anon.cc

@@ -171,7 +171,7 @@ bool AnonymizeIPAddr_A50::PreservePrefix(ipaddr32_t input, int num_bits)
 
 	if ( ! before_anonymization )
 		{
-		reporter->Error("prefix perservation specified after anonymization begun");
+		reporter->Error("prefix preservation specified after anonymization begun");
 		return false;
 		}
 

src/Attr.cc

@@ -514,7 +514,7 @@ void Attributes::CheckAttr(Attr* a)
 				}
 
 			// Only support atomic types for the moment, unless
-			// explicitly overriden
+			// explicitly overridden
 			if ( ! type->AsTableType()->IsSet() &&
 			     ! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
 			     ! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
@@ -549,7 +549,7 @@ void Attributes::CheckAttr(Attr* a)
 				}
 
 			// Only support atomic types for the moment, unless
-			// explicitly overriden
+			// explicitly overridden
 			if ( ! type->AsTableType()->IsSet() &&
 			     ! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
 			     ! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )

src/CompHash.h

@@ -45,7 +45,7 @@ protected:
 
 	// Compute the size of the composite key.  If v is non-nil then
 	// the value is computed for the particular list of values.
-	// Returns 0 if the key has an indeterminant size (if v not given),
+	// Returns 0 if the key has an indeterminate size (if v not given),
 	// or if v doesn't match the index type (if given).
 	bool ReserveKeySize(HashKey& hk, const Val* v, bool type_check, bool calc_static_size) const;
 

src/Conn.cc

@@ -400,7 +400,7 @@ void Connection::Describe(ODesc* d) const
 
 		case TRANSPORT_UNKNOWN:
 			d->Add("unknown");
-			reporter->InternalWarning("unknown transport in Connction::Describe()");
+			reporter->InternalWarning("unknown transport in Connection::Describe()");
 
 			break;
 

src/DNS_Mgr.cc

@@ -350,7 +350,7 @@ static int get_ttl(unsigned char* abuf, int alen, int* ttl)
 
 /**
  * Called in response to ares_getaddrinfo requests. Builds a hostent structure from
- * the result data and sends it to the DNS manager via Addresult().
+ * the result data and sends it to the DNS manager via AddResult().
  */
 static void addrinfo_cb(void* arg, int status, int timeouts, struct ares_addrinfo* result)
 	{
@@ -536,7 +536,7 @@ static void query_cb(void* arg, int status, int timeouts, unsigned char* buf, in
 	}
 
 /**
- * Called when the c-ares socket changes state, whcih indicates that it's connected to
+ * Called when the c-ares socket changes state, which indicates that it's connected to
  * some source of data (either a host file or a DNS server). This indicates that we're
  * able to do lookups against c-ares now and should activate the IOSource.
  */

src/DebugCmdInfoConstants.in

@@ -25,7 +25,7 @@ cmd: dcStep
 names: step s
 resume: true
 repeatable: true
-help: Step to following statements, stepping in to function calls
+help: Step to following statements, stepping into function calls
 
 cmd: dcContinue
 names: continue c

src/DebugLogger.h

@@ -46,7 +46,7 @@ enum DebugStream
 	DBG_ANALYZER, // Analyzer framework
 	DBG_PACKET_ANALYSIS, // Packet analysis
 	DBG_FILE_ANALYSIS, // File analysis
-	DBG_TM, // Time-machine packet input via Brocolli
+	DBG_TM, // Time-machine packet input via Broccoli
 	DBG_LOGGING, // Logging streams
 	DBG_INPUT, // Input streams
 	DBG_THREADING, // Threading system
@@ -83,7 +83,7 @@ public:
 	void EnableStream(DebugStream stream) { streams[int(stream)].enabled = true; }
 	void DisableStream(DebugStream stream) { streams[int(stream)].enabled = false; }
 
-	// Takes comma-seperated list of stream prefixes.
+	// Takes comma-separated list of stream prefixes.
 	void EnableStreams(const char* streams);
 
 	// Check the enabled streams for invalid ones.

src/Desc.cc

@@ -363,7 +363,7 @@ void ODesc::AddBytesRaw(const void* bytes, unsigned int n)
 
 		// The following casting contortions are necessary because
 		// simply using &base[offset] generates complaints about
-		// using a void* for pointer arithemtic.
+		// using a void* for pointer arithmetic.
 		memcpy((void*)&((char*)base)[offset], bytes, n);
 		offset += n;
 

src/Dict.h

@@ -535,7 +535,7 @@ public:
 		{
 		if ( initial_size > 0 )
 			{
-			// If an initial size is speicified, init the table right away. Otherwise wait until the
+			// If an initial size is specified, init the table right away. Otherwise wait until the
 			// first insertion to init.
 			SetLog2Buckets(static_cast<uint16_t>(std::log2(initial_size)));
 			Init();
@@ -640,7 +640,7 @@ public:
 			if ( order )
 				order->emplace_back(detail::HashKey{key, static_cast<size_t>(key_size), hash});
 
-			// Allocate memory for key if necesary. Key is updated to reflect internal key if
+			// Allocate memory for key if necessary. Key is updated to reflect internal key if
 			// necessary.
 			detail::DictEntry<T> entry(key, key_size, hash, val, insert_distance, copy_key);
 			InsertRelocateAndAdjust(entry, insert_position);
@@ -1250,7 +1250,7 @@ private:
 		// not found
 #ifdef ZEEK_DICT_DEBUG
 		if ( linear_position >= 0 )
-			{ // different. stop and try to see whats happending.
+			{ // different. stop and try to see whats happening.
 			ASSERT(false);
 			// rerun the function in debugger to track down the bug.
 			LookupIndex(key, key_size, hash);
@@ -1654,7 +1654,7 @@ private:
 	void IncrIters() { ++num_iterators; }
 	void DecrIters() { --num_iterators; }
 
-	// alligned on 8-bytes with 4-leading bytes. 7*8=56 bytes a dictionary.
+	// aligned on 8-bytes with 4-leading bytes. 7*8=56 bytes a dictionary.
 
 	// when sizeup but the current mapping is in progress. the current mapping will be ignored
 	// as it will be remapped to new dict size anyway. however, the missed count is recorded

src/Event.cc

@@ -139,7 +139,7 @@ void EventMgr::Drain()
 	// a handler queued new events during its execution. This could lead
 	// to endless loops in case a handler kept triggering its own event.
 	// We now limit this to just a couple of rounds. We do more than
-	// just one round to make it less likley to break existing scripts
+	// just one round to make it less likely to break existing scripts
 	// that expect the old behavior to trigger something quickly.
 
 	for ( int round = 0; head && round < 2; round++ )

src/EventRegistry.cc

@@ -172,7 +172,7 @@ EventGroup::~EventGroup() noexcept { }
 // Run through all ScriptFunc instances associated with this group and
 // update their bodies after a group's enable/disable state has changed.
 //
-// EventGroup is private friend with Func, so fiddeling with the bodies
+// EventGroup is private friend with Func, so fiddling with the bodies
 // directly works and keeps the logic away from Func for now.
 void EventGroup::UpdateFuncBodies()
 	{

src/EventRegistry.h

@@ -125,7 +125,7 @@ private:
  * Different kinds of event groups exist. Currently, attribute and module
  * event groups are implemented. The first relates to event handler tagged
  * with the &group attribute. The second is based on grouping event and hook
- * handlers by the module in which and these are implmented.
+ * handlers by the module in which and these are implemented.
  *
  * Different kinds of are separate: Disabling the "HTTP" module event group does
  * not disable event handlers tagged with &group="HTTP", or vice versa.

src/EventTrace.cc

@@ -462,7 +462,7 @@ void ValTrace::ComputeTableDelta(const ValTrace* prev, DeltaVector& deltas) cons
 
 	// We can't compare pointers for the indices because they're
 	// new objects generated afresh by TableVal::ToMap.  So we do
-	// explict full comparisons for equality, distinguishing values
+	// explicit full comparisons for equality, distinguishing values
 	// newly added, common to both, or (implicitly) removed.  We'll
 	// then go through the common to check them further.
 	//
@@ -561,7 +561,7 @@ void ValTrace::ComputeVectorDelta(const ValTrace* prev, DeltaVector& deltas) con
 		return;
 		}
 
-	// Look for existing entries that need reassigment.
+	// Look for existing entries that need reassignment.
 	auto i = 0U;
 	for ( ; i < prev_n; ++i )
 		{

src/Expr.cc

@@ -1143,7 +1143,7 @@ ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const
 
 		case EXPR_GE:
 		case EXPR_GT:
-			// These should't happen due to canonicalization.
+			// These shouldn't happen due to canonicalization.
 			reporter->InternalError("confusion over canonicalization in set comparison");
 			break;
 

src/Expr.h

@@ -955,7 +955,7 @@ public:
 	bool HasReducedOps(Reducer* c) const override;
 	ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
 
-	// Reduce to simplifed LHS form, i.e., a reference to only a name.
+	// Reduce to simplified LHS form, i.e., a reference to only a name.
 	StmtPtr ReduceToLHS(Reducer* c);
 	};
 

src/File.h

@@ -44,7 +44,7 @@ public:
 
 	const char* Name() const;
 
-	// Returns false if an error occured.
+	// Returns false if an error occurred.
 	bool Write(const char* data, int len = 0);
 
 	void Flush() { fflush(f); }

src/Frame.h

@@ -86,7 +86,7 @@ public:
 	 * Gets the value associated with *id* and returns it. Returns
 	 * nullptr if no such element exists.
 	 *
-	 * @param id the id who's value to retreive
+	 * @param id the id who's value to retrieve
 	 * @return the value associated with *id*
 	 */
 	const ValPtr& GetElementByID(const IDPtr& id) const { return GetElementByID(id.get()); }
@@ -247,7 +247,7 @@ private:
 	/** The arguments to the function that this Frame is associated with. */
 	const zeek::Args* func_args;
 
-	/** The next statement to be evaluted in the context of this frame. */
+	/** The next statement to be evaluated in the context of this frame. */
 	Stmt* next_stmt;
 
 	trigger::TriggerPtr trigger;

src/Hash.cc

@@ -592,7 +592,7 @@ bool HashKey::Equal(const void* other_key, size_t other_size, hash_t other_hash)
 		return true;
 
 	// If either key is nullptr, return false. If they were both nullptr, it
-	// would have fallen in to the above block already.
+	// would have fallen into the above block already.
 	if ( key == nullptr || other_key == nullptr )
 		return false;
 

src/Hash.h

@@ -360,7 +360,7 @@ public:
 protected:
 	char* CopyKey(const char* key, size_t size) const;
 
-	// Payload setters for types stored directoly in the key_u union. These
+	// Payload setters for types stored directly in the key_u union. These
 	// adjust the size and write_size markers to indicate a full buffer, and
 	// use the key_u union for storage.
 	void Set(bool b);

src/Notifier.h

@@ -49,7 +49,7 @@ public:
 	 * @param m object to track. Does not take ownership, but the object
 	 * will automatically unregister itself on destruction.
 	 *
-	 * @param r receiver to notify on changes. Does not take ownershop,
+	 * @param r receiver to notify on changes. Does not take ownership,
 	 * the receiver must remain valid as long as the registration stays
 	 * in place.
 	 */
@@ -60,7 +60,7 @@ public:
 	 * modification. The arguments to the method must match what was
 	 * originally registered.
 	 *
-	 * @param m object to no loger track.
+	 * @param m object to no longer track.
 	 *
 	 * @param r receiver to no longer notify.
 	 */
@@ -68,9 +68,9 @@ public:
 
 	/**
 	 * Cancels any active receiver requests to be informed about a
-	 * partilar object's modifications.
+	 * particular object's modifications.
 	 *
-	 * @param m object to no loger track.
+	 * @param m object to no longer track.
 	 */
 	void Unregister(Modifiable* m);
 

src/OpaqueVal.h

@@ -42,7 +42,7 @@ using BloomFilterValPtr = IntrusivePtr<BloomFilterVal>;
 
 /**
  * Singleton that registers all available all available types of opaque
- * values. This faciliates their serialization into Broker values.
+ * values. This facilitates their serialization into Broker values.
  */
 class OpaqueMgr
 	{
@@ -146,7 +146,7 @@ protected:
 	virtual broker::expected<broker::data> DoSerialize() const = 0;
 
 	/**
-	 * Must be overridden to recreate the the derived class' state from a
+	 * Must be overridden to recreate the derived class' state from a
 	 * serialization.
 	 *
 	 * @return true if successful.

src/Pipe.h

@@ -66,7 +66,7 @@ private:
 	};
 
 /**
- * A pair of pipes that can be used for bi-directinoal IPC.
+ * A pair of pipes that can be used for bi-directional IPC.
  */
 class PipePair
 	{

src/RE.h

@@ -99,9 +99,9 @@ public:
 	bool MatchAll(const char* s);
 	bool MatchAll(const String* s);
 
-	// Compiles a set of regular expressions simultaniously.
+	// Compiles a set of regular expressions simultaneously.
-	// 'idx' contains indizes associated with the expressions.
+	// 'idx' contains indices associated with the expressions.
-	// On matching, the set of indizes is returned which correspond
+	// On matching, the set of indices is returned which correspond
 	// to the matching expressions.  (idx must not contain zeros).
 	bool CompileSet(const string_list& set, const int_list& idx);
 

src/Reporter.h

@@ -77,7 +77,7 @@ public:
 	Reporter(bool abort_on_scripting_errors);
 	~Reporter();
 
-	// Initialize reporter-sepcific options	that are defined in script-layer.
+	// Initialize reporter-specific options	that are defined in script-layer.
 	void InitOptions();
 
 	// Report an informational message, nothing that needs specific
@@ -117,7 +117,7 @@ public:
 	[[noreturn]] void CPPRuntimeError(const char* fmt, ...) __attribute__((format(printf, 2, 3)));
 
 	// Report a traffic weirdness, i.e., an unexpected protocol situation
-	// that may lead to incorrectly processing a connnection.
+	// that may lead to incorrectly processing a connection.
 	void Weird(const char* name, const char* addl = "",
 	           const char* source = ""); // Raises net_weird().
 	void Weird(file_analysis::File* f, const char* name, const char* addl = "",

src/RuleCondition.cc

@@ -13,7 +13,7 @@
 static inline bool is_established(const zeek::analyzer::tcp::TCP_Endpoint* e)
 	{
 	// We more or less follow Snort here: an established session
-	// is one for which the initial handshake has succeded (but we
+	// is one for which the initial handshake has succeeded (but we
 	// add partial connections).  The connection tear-down is part
 	// of the connection.
 	return e->state != zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE &&

src/RuleMatcher.cc

@@ -406,7 +406,7 @@ void RuleMatcher::BuildRulesTree()
 
 void RuleMatcher::InsertRuleIntoTree(Rule* r, int testnr, RuleHdrTest* dest, int level)
 	{
-	// Initiliaze the preconditions
+	// Initialize the preconditions
 	for ( const auto& pc : r->preconds )
 		{
 		auto entry = rules_by_id.find(pc->id);

src/RuleMatcher.h

@@ -263,7 +263,7 @@ public:
 	bool ReadFiles(const std::vector<SignatureFile>& files);
 
 	/**
-	 * Inititialize a state object for matching file magic signatures.
+	 * Initialize a state object for matching file magic signatures.
 	 * @return A state object that can be used for file magic mime type
 	 *         identification.
 	 */
@@ -282,7 +282,7 @@ public:
 	 *              RuleMatcher::InitFileMagic()
 	 * @param data Chunk of data to match signatures against.
 	 * @param len Length of \a data in bytes.
-	 * @param matches An optional pre-existing match result object to
+	 * @param matches An optional preexisting match result object to
 	 *                modify with additional matches.  If it's a null
 	 *                pointer, one will be instantiated and returned from
 	 *                this method.
@@ -297,7 +297,7 @@ public:
 	 */
 	void ClearFileMagicState(RuleFileMagicState* state) const;
 
-	// Initialize the matching state for a endpoind of a connection based on
+	// Initialize the matching state for a endpoint of a connection based on
 	// the given packet (which should be the first packet encountered for
 	// this endpoint). If the matching is triggered by an PIA, a pointer to
 	// it needs to be given.
@@ -361,7 +361,7 @@ private:
 	// Traverse tree building the combined regular expressions.
 	void BuildRegEx(RuleHdrTest* hdr_test, string_list* exprs, int_list* ids);
 
-	// Build groups of regular epxressions.
+	// Build groups of regular expressions.
 	void BuildPatternSets(RuleHdrTest::pattern_set_list* dst, const string_list& exprs,
 	                      const int_list& ids);
 

src/ScriptCoverageManager.h

@@ -54,7 +54,7 @@ private:
 	std::list<Stmt*> stmts;
 
 	/**
-	 * Indicates whether new statments will not be considered as part of
+	 * Indicates whether new statements will not be considered as part of
 	 * coverage statistics because it was marked with the @no-test tag.
 	 */
 	uint32_t ignoring;

src/ScriptProfile.h

@@ -85,7 +85,7 @@ private:
 	uint64_t memory = 0;
 	};
 
-// Manages all of the profile instances assocaited with a given script.
+// Manages all of the profile instances associated with a given script.
 
 class ScriptProfile : public ScriptProfileStats
 	{
@@ -102,7 +102,7 @@ public:
 			loc = *body->GetLocationInfo();
 		}
 
-	// Constructor used for the special case of non-script acocunting.
+	// Constructor used for the special case of non-script accounting.
 	ScriptProfile() : ScriptProfileStats("non-scripts")
 		{
 		func = nullptr;

src/SmithWaterman.cc

@@ -486,7 +486,7 @@ Substring::Vec* smith_waterman(const String* s1, const String* s2, SWParams& par
 			if ( current->swn_score == score_tl && current->swn_byte_assigned )
 				{
 				// If we had matched bytes (*and* it's the
-				// best neighbor), marke the node accordingly
+				// best neighbor), mark the node accordingly
 				//
 				if ( i >= br_max_b && j >= br_max_r )
 					{

src/Stmt.cc

@@ -1964,7 +1964,7 @@ void WhenInfo::Build(StmtPtr ws)
 	// in that the condition needs to return a boolean, whereas the body
 	// and timeout *might* return a value (for "return when") constructs,
 	// or might not (for vanilla "when").  We address that issue by
-	// (1) making the return type be "any", and (2) introducing elsehwere
+	// (1) making the return type be "any", and (2) introducing elsewhere
 	// the notion of functions marked as being allowed to have bare
 	// returns (no associated expression) even though they have a return
 	// type (to deal with the vanilla "when" case).

src/Trigger.h

@@ -101,7 +101,7 @@ public:
 	// later to avoid race conditions.
 	void Modified(zeek::notifier::detail::Modifiable* m) override;
 
-	// Overridden from notifer::Receiver.  If we're still waiting
+	// Overridden from notifier::Receiver.  If we're still waiting
 	// on an ID/Val to be modified at termination time, we can't hope
 	// for any further progress to be made, so just Unref ourselves.
 	void Terminate() override;

src/Type.cc

@@ -1890,7 +1890,7 @@ const TypePtr& VectorType::Yield() const
 	// Work around the fact that we use void internally to mark a vector
 	// as being unspecified. When looking at its yield type, we need to
 	// return any as that's what other code historically expects for type
-	// comparisions.
+	// comparisons.
 	if ( IsUnspecifiedVector() )
 		return zeek::base_type(TYPE_ANY);
 

src/Type.h

@@ -450,7 +450,7 @@ public:
 		std::string deprecation_msg;
 		RecordTypePtr args;
 		// Maps from parameter index in canonical prototype to
-		// parameter index in this alternate prorotype.
+		// parameter index in this alternate prototype.
 		std::map<int, int> offsets;
 		};
 
@@ -785,7 +785,7 @@ public:
 
 	// The value of this name is set to val. Once a value has been
 	// explicitly assigned using this method, no further names can be
-	// added that aren't likewise explicitly initalized.
+	// added that aren't likewise explicitly initialized.
 	void AddName(const std::string& module_name, const char* name, zeek_int_t val, bool is_export,
 	             detail::Expr* deprecation = nullptr, bool from_redef = false);
 
@@ -988,13 +988,13 @@ inline bool IsFunc(TypeTag t)
 	return (t == TYPE_FUNC);
 	}
 
-// True if the given type type is a vector.
+// True if the given type tag is a vector.
 inline bool IsVector(TypeTag t)
 	{
 	return (t == TYPE_VECTOR);
 	}
 
-// True if the given type type is a string.
+// True if the given type tag is a string.
 inline bool IsString(TypeTag t)
 	{
 	return (t == TYPE_STRING);

src/Val.cc

@@ -3005,7 +3005,7 @@ ValPtr RecordVal::DoClone(CloneState* state)
 	// We set origin to 0 here.  Origin only seems to be used for exactly one
 	// purpose - to find the connection record that is associated with a
 	// record. As we cannot guarantee that it will ber zeroed out at the
-	// approproate time (as it seems to be guaranteed for the original record)
+	// appropriate time (as it seems to be guaranteed for the original record)
 	// we don't touch it.
 	auto rv = make_intrusive<RecordVal>(rt, false);
 	rv->origin = nullptr;

src/Val.h

@@ -139,7 +139,7 @@ public:
 		}
 
 	// Add this value to the given value (if appropriate).
-	// Returns true if succcessful.  is_first_init is true only if
+	// Returns true if successful.  is_first_init is true only if
 	// this is the *first* initialization of the value, not
 	// if it's a subsequent += initialization.
 	virtual bool AddTo(Val* v, bool is_first_init) const;
@@ -846,7 +846,7 @@ public:
 	 * @return  The value associated with the index.  If the index doesn't
 	 * exist, this is a nullptr.  For sets that don't really contain associated
 	 * values, a placeholder value is returned to differentiate it from
-	 * non-existent index (nullptr), but otherwise has no meaning in relation
+	 * nonexistent index (nullptr), but otherwise has no meaning in relation
 	 * to the set's contents.
 	 */
 	const ValPtr& Find(const ValPtr& index);
@@ -857,7 +857,7 @@ public:
 	 * @param index  The index to lookup in the table.
 	 * @return  The value associated with the index.  If the index doesn't
 	 * exist, instead returns the &default value.  If there's no &default
-	 * attribute, then nullptr is still returned for non-existent index.
+	 * attribute, then nullptr is still returned for nonexistent index.
 	 */
 	ValPtr FindOrDefault(const ValPtr& index);
 
@@ -899,7 +899,7 @@ public:
 	 *        may have invalidated existing iterators.
 	 * @return  The value associated with the index if it exists, else nullptr.
 	 * For a sets that don't really contain associated values, a placeholder
-	 * value is returned to differentiate it from non-existent index (nullptr),
+	 * value is returned to differentiate it from nonexistent index (nullptr),
 	 * but otherwise has no meaning in relation to the set's contents.
 	 */
 	ValPtr Remove(const Val& index, bool broker_forward = true,
@@ -993,7 +993,7 @@ public:
 	void DisableChangeNotifications() { in_change_func = true; }
 
 	/**
-	 * Re-enables change notifcations after being disabled by DisableChangeNotifications.
+	 * Re-enables change notifications after being disabled by DisableChangeNotifications.
 	 */
 	void EnableChangeNotifications() { in_change_func = false; }
 
@@ -1521,7 +1521,7 @@ public:
 	bool AssignRepeat(unsigned int index, unsigned int how_many, ValPtr element);
 
 	// Add this value to the given value (if appropriate).
-	// Returns true if succcessful.
+	// Returns true if successful.
 	bool AddTo(Val* v, bool is_first_init) const override;
 
 	unsigned int Size() const { return vector_val->size(); }
@@ -1737,7 +1737,7 @@ extern ValPtr cast_value_to_type(Val* v, Type* t);
 // Returns true if v can be casted to type T. If so, check_and_cast() will
 // succeed as well.
 //
-// Note: This implements the script-level type comparision operator.
+// Note: This implements the script-level type comparison operator.
 extern bool can_cast_value_to_type(const Val* v, Type* t);
 
 // Returns true if values of type s may support casting to type t. This is

src/ZeekString.cc

@@ -190,7 +190,7 @@ const char* String::CheckString() const
 
 char* String::Render(int format, int* len) const
 	{
-	// Maxmimum character expansion is as \xHH, so a factor of 4.
+	// Maximum character expansion is as \xHH, so a factor of 4.
 	char* s = new char[n * 4 + 1]; // +1 is for final '\0'
 	char* sp = s;
 	int tmp_len;

src/ZeekString.h

@@ -46,7 +46,7 @@ public:
 	String(std::string_view str);
 	String(const String& bs);
 
-	// Constructor that takes owernship of the vector passed in.
+	// Constructor that takes ownership of the vector passed in.
 	String(bool arg_final_NUL, byte_vec str, int arg_n);
 
 	String();

src/analyzer/Analyzer.cc

@@ -601,7 +601,7 @@ void Analyzer::RemoveSupportAnalyzer(SupportAnalyzer* analyzer)
 
 	// We mark the analyzer as being removed here, which will prevent it
 	// from being used further. However, we don't actually delete it
-	// before the parent gets destroyed. While we woulc do that, it's a
+	// before the parent gets destroyed. While we could do that, it's a
 	// bit tricky to do at the right time and it doesn't seem worth the
 	// trouble.
 	analyzer->removing = true;

src/analyzer/Analyzer.h

@@ -61,7 +61,7 @@ using ID = uint32_t;
 using analyzer_timer_func = void (Analyzer::*)(double t);
 
 /**
- * Class to receive processed output from an anlyzer.
+ * Class to receive processed output from an analyzer.
  */
 class OutputHandler
 	{
@@ -101,7 +101,7 @@ public:
  * SupportAnalyzer. All analyzer input first passes through this list of
  * support analyzers, which can perform arbitrary preprocessing.
  *
- * When overiding any of the class' methods, always make sure to call the
+ * When overriding any of the class' methods, always make sure to call the
  * base-class version first.
  */
 class Analyzer
@@ -293,7 +293,7 @@ public:
 
 	/**
 	 * Returns the analyzer instance's internal ID. These IDs are unique
-	 * across all analyzer instantiated and can thus be used to indentify
+	 * across all analyzer instantiated and can thus be used to identify
 	 * a specific instance.
 	 */
 	ID GetID() const { return id; }
@@ -310,7 +310,7 @@ public:
 	OutputHandler* GetOutputHandler() const { return output_handler; }
 
 	/**
-	 * Associates an OutputHandler with the connnection.
+	 * Associates an OutputHandler with the connection.
 	 *
 	 * @param handler The handler.
 	 */
@@ -330,7 +330,7 @@ public:
 	void SetSignature(const zeek::detail::Rule* sig) { signature = sig; }
 
 	/**
-	 * Signals the analyzer to skip all further input processsing. The \a
+	 * Signals the analyzer to skip all further input processing. The \a
 	 * Next*() methods check this flag and discard the input if its set.
 	 *
 	 * @param do_skip If true, further processing will be skipped.
@@ -373,7 +373,7 @@ public:
 
 	/**
 	 * Returns a textual description of the analyzer's type. This is
-	 * what's passed to the constructor and usally corresponds to the
+	 * what's passed to the constructor and usually corresponds to the
 	 * protocol name, e.g., "HTTP".
 	 */
 	const char* GetAnalyzerName() const;
@@ -392,7 +392,7 @@ public:
 	 * the same type already exists or is prevented, the one passed in is
 	 * silently discarded.
 	 *
-	 * @param analyzer The ananlyzer to add. Takes ownership.
+	 * @param analyzer The analyzer to add. Takes ownership.
 	 * @return false if analyzer type was already a child or prevented, else true.
 	 */
 	bool AddChildAnalyzer(Analyzer* analyzer) { return AddChildAnalyzer(analyzer, true); }
@@ -469,7 +469,7 @@ public:
 	 * Recursively searches all (direct or indirect) childs of the
 	 * analyzer for an analyzer of a given type.
 	 *
-	 * @param name The naem of the analyzer type to search (e.g.,
+	 * @param name The name of the analyzer type to search (e.g.,
 	 * "HTTP").
 	 *
 	 * @return The first analyzer of the given type found, or null if
@@ -571,7 +571,7 @@ public:
 	 * TODO: The above comment needs updating, there's no BuildConnVal()
 	 * anymore -VP
 	 *
-	 * @param conn_val The connenction value being updated.
+	 * @param conn_val The connection value being updated.
 	 */
 	virtual void UpdateConnVal(RecordVal* conn_val);
 
@@ -617,7 +617,7 @@ protected:
 	friend class zeek::packet_analysis::IP::IPBasedAnalyzer;
 
 	/**
-	 * Return a string represantation of an analyzer, containing its name
+	 * Return a string representation of an analyzer, containing its name
 	 * and ID.
 	 */
 	static std::string fmt_analyzer(const Analyzer* a)
@@ -642,7 +642,7 @@ protected:
 	 * @param  t The absolute time when the timer will fire.
 	 *
 	 * @param do_expire If true, the timer will also fire when Zeek
-	 * terminates even if \a t has not been reache yet.
+	 * terminates even if \a t has not been reached yet.
 	 *
 	 * @param type The timer's type.
 	 */
@@ -677,12 +677,12 @@ protected:
 	SupportAnalyzer* FirstSupportAnalyzer(bool orig);
 
 	/**
-	 * Adds a a new child analyzer with the option whether to intialize
+	 * Adds a a new child analyzer with the option whether to initialize
 	 * it. This is an internal method.
 	 *
 	 * @param analyzer The analyzer to add. Takes ownership.
 	 *
-	 * @param init If true, Init() will be calle.d
+	 * @param init If true, Init() will be called.
 	 * @return false if analyzer type was already a child, else true.
 	 */
 	bool AddChildAnalyzer(Analyzer* analyzer, bool init);

src/analyzer/Component.h

@@ -39,7 +39,7 @@ public:
 	 * @param factory A factory function to instantiate instances of the
 	 * analyzer's class, which must be derived directly or indirectly
 	 * from zeek::analyzer::Analyzer. This is typically a static \c
-	 * Instatiate() method inside the class that just allocates and
+	 * Instantiate() method inside the class that just allocates and
 	 * returns a new instance.
 	 *
 	 * @param subtype A subtype associated with this component that
@@ -104,7 +104,7 @@ public:
 
 protected:
 	/**
-	 * Overriden from plugin::Component.
+	 * Overridden from plugin::Component.
 	 */
 	void DoDescribe(ODesc* d) const override;
 

src/analyzer/Manager.cc

@@ -243,7 +243,7 @@ bool Manager::RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto
 	else
 		{
 		// Cannot register these before PostScriptInit() has run because we
-		// depend on packet analyis having been set up. That also means we don't have
+		// depend on packet analysis having been set up. That also means we don't have
 		// a reliable return value, for now we just assume it's working.
 		pending_analyzers_for_ports.emplace(tag, proto, port);
 		return true;

src/analyzer/Manager.h

@@ -50,10 +50,10 @@ namespace analyzer
  *
  * The manager maintains a registry of all available protocol analyzers,
  * including a mapping between their textual names and Tag. It
- * instantantiates new analyzers on demand. For new connections, the manager
+ * instantiates new analyzers on demand. For new connections, the manager
  * sets up their initial analyzer tree, including adding the right \c PIA,
  * respecting well-known ports, and tracking any analyzers specifically
- * scheduled for individidual connections.
+ * scheduled for individual connections.
  */
 class Manager : public plugin::ComponentManager<Component>
 	{
@@ -134,7 +134,7 @@ public:
 	void DisableAllAnalyzers();
 
 	/**
-	 * Returns the tag associated with an analyer name, or the tag
+	 * Returns the tag associated with an analyzer name, or the tag
 	 * associated with an error if no such analyzer exists.
 	 *
 	 * @param name The canonical analyzer name to check.
@@ -186,7 +186,7 @@ public:
 	bool RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port);
 
 	/**
-	 * Unregisters a well-known port for an anlyzers.
+	 * Unregisters a well-known port for an analyzers.
 	 *
 	 * @param tag The analyzer's tag as an enum of script type \c
 	 * Tag.
@@ -200,7 +200,7 @@ public:
 	bool UnregisterAnalyzerForPort(EnumVal* tag, PortVal* port);
 
 	/**
-	 * Unregisters a well-known port for an anlyzers.
+	 * Unregisters a well-known port for an analyzers.
 	 *
 	 * @param tag The analyzer's tag.
 	 *
@@ -250,7 +250,7 @@ public:
 	 * 0.0.0.0 can be used as a wildcard matching any originator.
 	 *
 	 * @param resp The connection's anticipated responder address (no
-	 * wilcard).
+	 * wildcard).
 	 *
 	 * @param resp_p The connection's anticipated responder port.
 	 *
@@ -272,8 +272,8 @@ public:
 	 * @param orig The connection's anticipated originator address. 0 can
 	 * be used as a wildcard matching any originator.
 	 *
-	 * @param resp The The connection's anticipated responder address (no
+	 * @param resp The connection's anticipated responder address (no
-	 * wilcard).
+	 * wildcard).
 	 *
 	 * @param resp_p The connection's anticipated responder port.
 	 *
@@ -315,7 +315,7 @@ public:
 	 * be used as a wildcard matching any originator.
 	 *
 	 * @param resp The connection's anticipated responder address (no
-	 * wilcard).
+	 * wildcard).
 	 *
 	 * @param resp_p The connection's anticipated responder port.
 	 *

src/analyzer/protocol/conn-size/ConnSize.cc

@@ -162,7 +162,7 @@ void ConnSize_Analyzer::SetDurationThreshold(double duration)
 
 void ConnSize_Analyzer::UpdateConnVal(RecordVal* conn_val)
 	{
-	// RecordType *connection_type is decleared in NetVar.h
+	// RecordType *connection_type is declared in NetVar.h
 	RecordVal* orig_endp = conn_val->GetFieldAs<RecordVal>("orig");
 	RecordVal* resp_endp = conn_val->GetFieldAs<RecordVal>("resp");
 

src/analyzer/protocol/conn-size/functions.bif

@@ -26,7 +26,7 @@ static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
 ##
 ## threshold: Threshold in bytes.
 ##
-## is_orig: If true, threshold is set for bytes from originator, otherwhise for bytes from responder.
+## is_orig: If true, threshold is set for bytes from originator, otherwise for bytes from responder.
 ##
 ## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
 ##               get_current_conn_bytes_threshold get_current_conn_packets_threshold
@@ -42,7 +42,7 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or
 	return zeek::val_mgr->True();
 	%}
 
-## Sets a threshold for connection packets, overwtiting any potential old thresholds.
+## Sets a threshold for connection packets, overwriting any potential old thresholds.
 ## Be aware that in nearly any case you will want to use the high level API
 ## instead (:zeek:see:`ConnThreshold::set_packets_threshold`).
 ##
@@ -50,7 +50,7 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or
 ##
 ## threshold: Threshold in packets.
 ##
-## is_orig: If true, threshold is set for packets from originator, otherwhise for packets from responder.
+## is_orig: If true, threshold is set for packets from originator, otherwise for packets from responder.
 ##
 ## .. zeek:see:: set_current_conn_bytes_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
 ##               get_current_conn_bytes_threshold get_current_conn_packets_threshold
@@ -92,7 +92,7 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%
 ##
 ## cid: The connection id.
 ##
-## is_orig: If true, threshold of originator, otherwhise threshold of responder.
+## is_orig: If true, threshold of originator, otherwise threshold of responder.
 ##
 ## Returns: 0 if no threshold is set or the threshold in bytes
 ##
@@ -112,7 +112,7 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
 ##
 ## cid: The connection id.
 ##
-## is_orig: If true, threshold of originator, otherwhise threshold of responder.
+## is_orig: If true, threshold of originator, otherwise threshold of responder.
 ##
 ## Returns: 0 if no threshold is set or the threshold in packets
 ##

src/analyzer/protocol/dce-rpc/events.bif

@@ -10,7 +10,7 @@
 ##
 ## ptype_id: Numeric representation of the procedure type of the message.
 ##
-## ptype: Enum representation of the prodecure type of the message.
+## ptype: Enum representation of the procedure type of the message.
 ##
 ## .. zeek:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response
 event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count, ptype: DCE_RPC::PType%);
@@ -27,7 +27,7 @@ event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count
 ##
 ## ctx_id: The context identifier of the data representation.
 ##
-## uuid: The string interpretted uuid of the endpoint being requested.
+## uuid: The string interpreted uuid of the endpoint being requested.
 ##
 ## ver_major: The major version of the endpoint being requested.
 ##
@@ -48,7 +48,7 @@ event dce_rpc_bind%(c: connection, fid: count, ctx_id: count, uuid: string, ver_
 ##
 ## ctx_id: The context identifier of the data representation.
 ##
-## uuid: The string interpretted uuid of the endpoint being requested.
+## uuid: The string interpreted uuid of the endpoint being requested.
 ##
 ## ver_major: The major version of the endpoint being requested.
 ##

src/analyzer/protocol/dnp3/DNP3.cc

@@ -21,7 +21,7 @@
 //    Traditionally, the DNP3 Application Layer in serial links contains a
 //    "DNP3 Application Layer Fragment". The data that is parsed by the end
 //    device and then executed. As the "DNP3 Application Layer Fragment" can
-//    be long (>255 bytes), it may be trunkcated and carried in different
+//    be long (>255 bytes), it may be truncated and carried in different
 //    DNP3 Application Layer of more than one DNP3 packets.
 //
 //    So we may find a long DNP3 Application Layer Fragment to be transmitted in the following
@@ -44,7 +44,7 @@
 // Layer used in serial link as Pseudo Link Layer, Pseudo Transport Layer and
 // Pseudo Application Layer.
 //
-// For a long DNP3 application layer fragment, we may find it tramistted
+// For a long DNP3 application layer fragment, we may find it transmitted
 // over IP network in the following format:
 //
 //     Network Packet #1 : TCP Header | DNP3 Pseudo Link Layer | DNP3 Pseudo Transport Layer | DNP3
@@ -60,7 +60,7 @@
 //
 //     0x05 0x64 Len Ctrl Dest_LSB Dest_MSB Src_LSB Src_MSB CRC_LSB CRC_MSB
 //
-//     Each field is a byte; LSB: least significant byte; MSB: most significatn byte.
+//     Each field is a byte; LSB: least significant byte; MSB: most significant byte.
 //
 //     "Len" indicates the length of the byte stream right after this field
 //     (excluding CRC fields) in the current DNP3 packet.
@@ -93,7 +93,7 @@
 // DNP3 Packet :  DNP3 Pseudo Data Link Layer : DNP3 Pseudo Transport Layer : DNP3 Pseudo
 // Application Layer
 //                                   ||                                    ||
-//                                   || (length field)                     || (original paylad byte
+//                                   || (length field)                     || (original payload byte
 //                                   stream)
 //                                   \/                                    \/
 //                DNP3 Additional Header              :                  Reassembled DNP3 Pseudo
@@ -227,7 +227,7 @@ bool DNP3_Base::ProcessData(int len, const u_char* data, bool orig)
 			if ( res < 0 )
 				return false;
 
-			// Parse the the application layer data.
+			// Parse the application layer data.
 			if ( ! ParseAppLayer(endp) )
 				return false;
 

src/analyzer/protocol/dnp3/dnp3-objects.pac

@@ -207,14 +207,14 @@ type Request_Data_Object(function_code: uint8, qualifier_field: uint8, object_ty
 		0x2202 -> ai_dead_32: empty;
 		0x2203 -> ai_dead_sp: empty;
 
-	# analog ouput status g40
+	# analog output status g40
 		0x2800 -> aos_default: empty;
 		0x2801 -> aos_32: empty;
 		0x2802 -> aos_16: empty;
 		0x2803 -> aos_sp: empty;
 		0x2804 -> aos_dp: empty;
 
-	# analog ouput g41
+	# analog output g41
 		0x2901 -> ao_32: empty;
 		0x2902 -> ao_16: empty;
 		0x2903 -> ao_sp: empty;
@@ -502,13 +502,13 @@ type Response_Data_Object(function_code: uint8, qualifier_field: uint8, object_t
 		0x2202 -> ai_dead_32: uint32;
 		0x2203 -> ai_dead_sp: uint32;
 
-	# analog ouput status g40
+	# analog output status g40
 		0x2801 -> aos_32: AnaOutStatus32;
 		0x2802 -> aos_16: AnaOutStatus16;
 		0x2803 -> aos_sp: AnaOutStatusSP;
 		0x2804 -> aos_dp: AnaOutStatusDP;
 
-	# analog ouput g41
+	# analog output g41
 		0x2901 -> ao_32: AnaOut32;
 		0x2902 -> ao_16: AnaOut16;
 		0x2903 -> ao_sp: AnaOutSP;
@@ -611,7 +611,7 @@ type Response_Data_Object(function_code: uint8, qualifier_field: uint8, object_t
 		0x780E -> update_key_sig: UpdateKeySig(prefix.prefix_value);
 		0x780F -> update_key_con: UpdateKeyCon(prefix.prefix_value);
 
-		#default -> unkonwndata: Debug_Byte; # &check( T );
+		#default -> unknowndata: Debug_Byte; # &check( T );
 		default -> unmatched: Default_Wrap(object_type_field);
 	};
 }
@@ -861,7 +861,7 @@ type AnalogInput16woFlag = record {
 	value: int16;
 } &byteorder = littleendian;
 
-# group: 30; variation: 5; singple precision 32 bit
+# group: 30; variation: 5; single precision 32 bit
 type AnalogInputSPwFlag = record {
 	flag: uint8;
 	value: uint32;
@@ -951,7 +951,7 @@ type AnalogInput16wTime = record {
 	time48: bytestring &length = 6;
 } &byteorder = littleendian;
 
-# group: 32; variation: 5; singple precision 32 bit
+# group: 32; variation: 5; single precision 32 bit
 type AnalogInputSPwoTime = record {
 	flag: uint8;
 	value: uint32;
@@ -1144,7 +1144,7 @@ type AnaOutEveDPwTime = record {
 	time48: bytestring &length = 6;
 } &byteorder = littleendian;
 
-## g43 data format is exacatly same as g42 so use g42 directly
+## g43 data format is exactly same as g42 so use g42 directly
 
 # g50v1
 type AbsTime = record {
@@ -1353,11 +1353,11 @@ type DescEle = record {
 
 # g86v1 is the same structure of DescEle
 
-# g86v3 does not quite understant specification description
+# g86v3 does not quite understand specification description
 
-# g87 doest not quite understand specfication description
+# g87 doest not quite understand specification description
 
-# g88 doest not quite understand specfication description
+# g88 doest not quite understand specification description
 
 # g90v1
 type App_Id(qualifier_field: uint8, object_size16: uint16) = record {

src/analyzer/protocol/dnp3/dnp3-protocol.pac

@@ -35,11 +35,11 @@ type DNP3_Request = record {
 		FREEZE_AT_TIME_NR -> freeze_time_nr_requests: Request_Objects(app_header.function_code)[];
 		COLD_RESTART -> cold_restart: empty;
 		WARM_RESTART -> warm_restart: empty;
-		INITIALIZE_DATA -> initilize_data: empty;  # obsolete
+		INITIALIZE_DATA -> initialize_data: empty;  # obsolete
-		INITIALIZE_APPL -> initilize_appl: Request_Objects(app_header.function_code)[];
+		INITIALIZE_APPL -> initialize_appl: Request_Objects(app_header.function_code)[];
 		START_APPL -> start_appl: Request_Objects(app_header.function_code)[];
 		STOP_APPL -> stop_appl: Request_Objects(app_header.function_code)[];
-		SAVE_CONFIG -> save_config: empty;  # depracated
+		SAVE_CONFIG -> save_config: empty;  # deprecated
 		ENABLE_UNSOLICITED -> enable_unsolicited: Request_Objects(app_header.function_code)[];
 		DISABLE_UNSOLICITED -> disable_unsolicited: Request_Objects(app_header.function_code)[];
 		ASSIGN_CLASS -> assign_class: Request_Objects(app_header.function_code)[];
@@ -98,7 +98,7 @@ type Request_Objects(function_code: uint8) = record {
 
 		# time data interval data object g50
 		0x3201 -> g50v1_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
-		#0x3202 -> time_interval_ojbects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
+		#0x3202 -> time_interval_objects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
 						# &check( object_header.qualifier_field == 0x0f && object_header.number_of_item == 0x01);
 		0x3202 -> g50v2_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
 		0x3203 -> g50v3_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
@@ -140,7 +140,7 @@ type Request_Objects(function_code: uint8) = record {
 		0x780E -> g120v14_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
 		0x780F -> g120v15_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
 
-		# default -> ojbects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
+		# default -> objects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
 		default -> objects: empty;
 	};
 	# dump_data is always empty; I intend to use it for checking some conditions;

src/analyzer/protocol/dnp3/events.bif

@@ -226,7 +226,7 @@ event dnp3_analog_input_event_DPwoTime%(c: connection, is_orig: bool, flag: coun
 event dnp3_analog_input_event_SPwTime%(c: connection, is_orig: bool, flag: count, value: count, time48: count%);
 
 ## Generated for DNP3 objects with the group number 32 and variation number 8
-## analog input event double-precisiion float point with time
+## analog input event double-precision float point with time
 event dnp3_analog_input_event_DPwTime%(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: count%);
 
 ## Generated for DNP3 objects with the group number 33 and variation number 1

src/analyzer/protocol/dns/DNS.cc

@@ -1364,7 +1364,7 @@ bool DNS_Interpreter::ParseRR_DS(detail::DNS_MsgInfo* msg, const u_char*& data,
 		case detail::SHA384:
 			break;
 		case detail::reserved:
-			analyzer->Weird("DNSSEC_DS_ResrevedDigestType", util::fmt("%d", ds_dtype));
+			analyzer->Weird("DNSSEC_DS_ReservedDigestType", util::fmt("%d", ds_dtype));
 			break;
 		default:
 			analyzer->Weird("DNSSEC_DS_unknown_DigestType", util::fmt("%d", ds_dtype));

src/analyzer/protocol/dns/DNS.h

@@ -235,7 +235,7 @@ struct DNSKEY_DATA
 	unsigned short dflags; // 16 : ExtractShort(data, len)
 	unsigned short dalgorithm; // 8
 	unsigned short dprotocol; // 8
-	String* public_key; // Variable lenght Public Key
+	String* public_key; // Variable length Public Key
 	};
 
 struct NSEC3_DATA
@@ -264,7 +264,7 @@ struct DS_DATA
 	unsigned short key_tag; // 16 : ExtractShort(data, len)
 	unsigned short algorithm; // 8
 	unsigned short digest_type; // 8
-	String* digest_val; // Variable lenght Digest of DNSKEY RR
+	String* digest_val; // Variable length Digest of DNSKEY RR
 	};
 
 struct BINDS_DATA
@@ -317,7 +317,7 @@ public:
 	int opcode; ///< query type, see DNS_Opcode
 	int rcode; ///< return code, see DNS_Code
 	int QR; ///< query record flag
-	int AA; ///< authoritiave answer flag
+	int AA; ///< authoritative answer flag
 	int TC; ///< truncated - size > 512 bytes for udp
 	int RD; ///< recursion desired
 	int RA; ///< recursion available

src/analyzer/protocol/dns/events.bif

@@ -692,7 +692,7 @@ event dns_DS%(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr%);
 ##
 ## ans: The type-independent part of the parsed answer record.
 ##
-## binds: The parsed RDATA of BIND-Signeing state record.
+## binds: The parsed RDATA of BIND-Signing state record.
 event dns_BINDS%(c: connection, msg: dns_msg, ans: dns_answer, binds: dns_binds_rr%);
 
 ## Generated for DNS replies of type *BINDS*. For replies with multiple answers,
@@ -705,7 +705,7 @@ event dns_BINDS%(c: connection, msg: dns_msg, ans: dns_answer, binds: dns_binds_
 ##
 ## ans: The type-independent part of the parsed answer record.
 ##
-## binds: The parsed RDATA of BIND-Signeing state record.
+## binds: The parsed RDATA of BIND-Signing state record.
 event dns_SSHFP%(c: connection, msg: dns_msg, ans: dns_answer, algo: count, fptype: count, fingerprint: string%);
 
 ## Generated for DNS replies of type *LOC*. For replies with multiple answers,

src/analyzer/protocol/gssapi/GSSAPI.h

@@ -16,13 +16,13 @@ public:
 	explicit GSSAPI_Analyzer(Connection* conn);
 	~GSSAPI_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	static analyzer::Analyzer* Instantiate(Connection* conn) { return new GSSAPI_Analyzer(conn); }

src/analyzer/protocol/http/HTTP.cc

@@ -246,7 +246,7 @@ bool HTTP_Entity::Undelivered(int64_t len)
 		          expect_data_length);
 		}
 
-	// Don't propogate an entity (file) gap if we're still in the headers,
+	// Don't propagate an entity (file) gap if we're still in the headers,
 	// or the body length was declared to be zero.
 	if ( (end_of_data && in_header) || body_length == 0 )
 		return false;
@@ -1683,7 +1683,7 @@ String* unescape_URI(const u_char* line, const u_char* line_end, analyzer::Analy
 			else if ( line + 1 == line_end )
 				{
 				// % + one character at end of line. Log weird
-				// and just add to unescpaped URI.
+				// and just add to unescaped URI.
 				*URI_p++ = '%';
 				*URI_p++ = *line;
 				if ( analyzer )
@@ -1714,7 +1714,7 @@ String* unescape_URI(const u_char* line, const u_char* line_end, analyzer::Analy
 				// Decode escaping like this: %u00AE
 				// The W3C rejected escaping this way, and
 				// there is no RFC that specifies it.
-				// Appparently there is some software doing
+				// Apparently there is some software doing
 				// this sort of 4 byte unicode encoding anyway.
 				// Likely causing an increase in it's use is
 				// the third edition of the ECMAScript spec

src/analyzer/protocol/http/HTTP.h

@@ -180,12 +180,12 @@ public:
 	bool IsConnectionClose() { return connection_close; }
 	int HTTP_ReplyCode() const { return reply_code; };
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer
 	void EndpointEOF(bool is_orig) override;
 	void ConnectionFinished(bool half_finished) override;
 	void ConnectionReset() override;

src/analyzer/protocol/imap/IMAP.h

@@ -22,7 +22,7 @@ public:
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	void StartTLS();

src/analyzer/protocol/krb/KRB_TCP.h

@@ -20,7 +20,7 @@ public:
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	StringValPtr GetAuthenticationInfo(const String* principal, const String* ciphertext,

src/analyzer/protocol/login/NVT.cc

@@ -518,7 +518,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data)
 				if ( last_char == '\r' )
 					{
 					if ( CRLFAsEOL() & CR_as_EOL )
-						// we already emited, skip
+						// we already emitted, skip
 						;
 					else
 						{

src/analyzer/protocol/login/events.bif

@@ -146,7 +146,7 @@ event login_input_line%(c: connection, line: string%);
 ##
 ## c: The connection.
 ##
-## line: The ouput line.
+## line: The output line.
 ##
 ## .. zeek:see:: login_confused login_confused_text login_display login_failure
 ##    login_input_line  login_prompt login_success login_terminal rsh_reply

src/analyzer/protocol/modbus/modbus-protocol.pac

@@ -71,7 +71,7 @@ type ModbusTCP_PDU(is_orig: bool) = record {
 type ModbusTCP_TransportHeader = record {
 	tid: uint16; # Transaction identifier
 	pid: uint16; # Protocol identifier
-	len: uint16; # Length of everyting after this field
+	len: uint16; # Length of everything after this field
 	uid: uint8;  # Unit identifier (previously 'slave address')
 	fc:  uint8;  # MODBUS function code (see function_codes enum)
 } &byteorder=bigendian, &let {

src/analyzer/protocol/mqtt/events.bif

@@ -105,7 +105,7 @@ event mqtt_pingreq%(c: connection%);
 ## c: The connection
 event mqtt_pingresp%(c: connection%);
 
-## Generated for MQTT disconnect messages sent by the client when it is diconnecting cleanly.
+## Generated for MQTT disconnect messages sent by the client when it is disconnecting cleanly.
 ##
 ## c: The connection
 event mqtt_disconnect%(c: connection%);

src/analyzer/protocol/mysql/MySQL.h

@@ -16,13 +16,13 @@ public:
 	explicit MySQL_Analyzer(Connection* conn);
 	~MySQL_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	static analyzer::Analyzer* Instantiate(Connection* conn) { return new MySQL_Analyzer(conn); }

src/analyzer/protocol/mysql/mysql.pac

@@ -29,7 +29,7 @@ flow MySQL_Flow(is_orig: bool) {
 	# There are two options here: flowunit or datagram.
 	# flowunit = MySQL_PDU(is_orig) withcontext(connection, this);
 	flowunit = MySQL_PDU(is_orig) withcontext(connection, this);
-	# Using flowunit will cause the anlayzer to buffer incremental input.
+	# Using flowunit will cause the analyzer to buffer incremental input.
 	# This is needed for &oneline and &length. If you don't need this, you'll
 	# get better performance with datagram.
 };

src/analyzer/protocol/ncp/NCP.cc

@@ -195,7 +195,7 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig
 		{
 		// Assume NCP frames align with packet boundary.
 		if ( (IsOrig() && len < 22) || (! IsOrig() && len < 16) )
-			{ // ignore small fragmeents
+			{ // ignore small fragments
 			return;
 			}
 

src/analyzer/protocol/ntlm/NTLM.h

@@ -16,13 +16,13 @@ public:
 	explicit NTLM_Analyzer(Connection* conn);
 	~NTLM_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	static analyzer::Analyzer* Instantiate(Connection* conn) { return new NTLM_Analyzer(conn); }

src/analyzer/protocol/ntp/NTP.h

@@ -13,7 +13,7 @@ public:
 	explicit NTP_Analyzer(Connection* conn);
 	~NTP_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 	void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip,
 	                   int caplen) override;

src/analyzer/protocol/ntp/ntp-mode7.pac

@@ -48,7 +48,7 @@
 #
 # Implementation number: The number of the implementation this request code
 #        is defined by.  An implementation number of zero is used
-#        for requst codes/data formats which all implementations
+#        for request codes/data formats which all implementations
 #        agree on.  Implementation number 255 is reserved (for
 #        extensions, in case we run out).
 #

src/analyzer/protocol/ntp/ntp-protocol.pac

@@ -26,7 +26,7 @@ type NTP_PDU(is_orig: bool) = record {
 } &byteorder=bigendian &exportsourcedata;
 
 # This is the most common type of message, corresponding to modes 1-5
-# This kind of msg are used for normal operation of syncronization
+# This kind of msg are used for normal operation of synchronization
 # See RFC 5905 for details
 type NTP_std_msg = record {
 	stratum:   uint8;

src/analyzer/protocol/pia/PIA.cc

@@ -230,7 +230,7 @@ void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip)
 			ip4_hdr = new IP_Hdr(ip4, false);
 			}
 
-		// Locals used to avoid potentil alignment problems
+		// Locals used to avoid potential alignment problems
 		// with some archs/compilers when grabbing the address
 		// of the struct member directly in the following.
 		in_addr tmp_src;

src/analyzer/protocol/pia/PIA.h

@@ -28,7 +28,7 @@ public:
 	virtual ~PIA();
 
 	// Called when PIA wants to put an Analyzer in charge.  rule is the
-	// signature that triggered the activitation, if any.
+	// signature that triggered the activation, if any.
 	virtual void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0;
 
 	// Called when PIA wants to remove an Analyzer.

src/analyzer/protocol/radius/RADIUS.h

@@ -12,7 +12,7 @@ public:
 	explicit RADIUS_Analyzer(Connection* conn);
 	~RADIUS_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 	void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip,
 	                   int caplen) override;

src/analyzer/protocol/rdp/RDP.h

@@ -15,7 +15,7 @@ public:
 	explicit RDP_Analyzer(Connection* conn);
 	~RDP_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;

src/analyzer/protocol/rfb/RFB.h

@@ -14,13 +14,13 @@ public:
 	explicit RFB_Analyzer(Connection* conn);
 	~RFB_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)

src/analyzer/protocol/rpc/NFS.cc

@@ -663,7 +663,7 @@ RecordValPtr NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n,
 		rep->Assign(3, nfs3_stable_how(buf, n));
 
 		// Writeverf. While the RFC says that this should be a fixed
-		// length opaque, it specifies the lenght as 8 bytes, so we
+		// length opaque, it specifies the length as 8 bytes, so we
 		// can also just as easily extract a uint64.
 		rep->Assign(4, ExtractUint64(buf, n));
 		}

src/analyzer/protocol/rpc/RPC.cc

@@ -181,7 +181,7 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int rpclen, bool is_or
 
 		// We now have a valid RPC_CallInfo (either the previous one
 		// in case of a rexmit or the current one).
-		// TODO: What to do in case of a rexmit_inconistency??
+		// TODO: What to do in case of a rexmit_inconsistency??
 		Event_RPC_Call(call);
 
 		if ( RPC_BuildCall(call, buf, n) )
@@ -468,11 +468,11 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig)
 	// We try to look for the beginning of a RPC frame, assuming RPC
 	// frames begin at packet boundaries (though they may span over
 	// multiple packets) (note that the data* of DeliverStream() usually
-	// starts at a packet boundrary).
+	// starts at a packet boundary).
 	//
 	// If we see a frame start that makes sense (direction and frame
-	// lenght seem ok), we try to read (skip over) the next RPC message.
+	// length seem ok), we try to read (skip over) the next RPC message.
-	// If this is successfull and we the place we are seems like a valid
+	// If this is successful and we the place we are seems like a valid
 	// start of a RPC msg (direction and frame length seem ok). We assume
 	// that we have successfully resync'ed.
 
@@ -509,7 +509,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig)
 			}
 
 		// Now lets see whether data points to the beginning of a RPC
-		// frame. If the resync processs is successful, we should be
+		// frame. If the resync processes is successful, we should be
 		// at the beginning of a frame.
 
 		if ( len < 12 )
@@ -552,7 +552,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig)
 			{
 			// Skip this chunk
 			if ( DEBUG_rpc_resync )
-				DEBUG_MSG("RPC resync: Need to resync. dicarding %d bytes.\n", len);
+				DEBUG_MSG("RPC resync: Need to resync. discarding %d bytes.\n", len);
 
 			NeedResync(); // let's try the resync again from the beginning
 			return false;

src/analyzer/protocol/rpc/XDR.cc

@@ -20,7 +20,7 @@ uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len)
 		return 0;
 		}
 
-	// Takes care of alignment and endianess differences.
+	// Takes care of alignment and endianness differences.
 	uint32_t buf_bits32;
 	memcpy(&buf_bits32, buf, 4);
 	uint32_t bits32 = ntohl(buf_bits32);

src/analyzer/protocol/sip/SIP_TCP.h

@@ -22,7 +22,7 @@ public:
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	static analyzer::Analyzer* Instantiate(Connection* conn) { return new SIP_Analyzer(conn); }

src/analyzer/protocol/smb/smb2_com_set_info.bif

@@ -36,7 +36,7 @@ event smb2_file_delete%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, d
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *file* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -55,7 +55,7 @@ event smb2_file_sattr%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, ti
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *allocation* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -71,7 +71,7 @@ event smb2_file_allocation%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUI
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *end_of_file* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -88,7 +88,7 @@ event smb2_file_endoffile%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *mode* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -105,7 +105,7 @@ event smb2_file_mode%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, mod
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *pipe* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -124,7 +124,7 @@ event smb2_file_pipe%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, rea
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *position* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -140,7 +140,7 @@ event smb2_file_position%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID,
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *short_name* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -156,7 +156,7 @@ event smb2_file_shortname%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *valid_data_length* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -172,7 +172,7 @@ event smb2_file_validdatalength%(c: connection, hdr: SMB2::Header, file_id: SMB2
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *full_EA* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -188,7 +188,7 @@ event smb2_file_fullea%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, f
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *link* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -206,7 +206,7 @@ event smb2_file_link%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, roo
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *fs_control* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##
@@ -222,7 +222,7 @@ event smb2_file_fscontrol%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 requests of type *set_info* of the *fs_object_id* subtype
 ##
-## For more infomation, see MS-SMB2:2.2.39
+## For more information, see MS-SMB2:2.2.39
 ##
 ## c: The connection.
 ##

src/analyzer/protocol/socks/SOCKS.cc

@@ -52,7 +52,7 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 	if ( orig_done && resp_done )
 		{
 		// Finished decapsulating tunnel layer. Now do standard processing
-		// with the rest of the conneciton.
+		// with the rest of the connection.
 		//
 		// Note that we assume that no payload data arrives before both endpoints
 		// are done with their part of the SOCKS protocol.

src/analyzer/protocol/ssh/SSH.h

@@ -16,12 +16,12 @@ public:
 	explicit SSH_Analyzer(Connection* conn);
 	~SSH_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	static analyzer::Analyzer* Instantiate(Connection* conn) { return new SSH_Analyzer(conn); }

src/analyzer/protocol/ssh/events.bif

@@ -55,7 +55,7 @@ event ssh_auth_successful%(c: connection, auth_method_none: bool%);
 ## connection was determined to have had an authentication attempt.
 ## This determination is based on packet size analysis, and errs
 ## on the side of caution - that is, if there's any doubt about
-## whether or not an authenication attempt occured, this event is
+## whether or not an authentication attempt occurred, this event is
 ## *not* raised.
 ##
 ## At this point in the protocol, all we can determine is whether

src/analyzer/protocol/ssl/DTLS.h

@@ -26,7 +26,7 @@ public:
 	explicit DTLS_Analyzer(Connection* conn);
 	~DTLS_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 	void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip,
 	                   int caplen) override;

src/analyzer/protocol/ssl/SSL.h

@@ -65,7 +65,7 @@ public:
 	 * connection. (For TLS 1.2 this is the pre-master secret)
 	 *
 	 * Please note that these functions currently are hardcoded to only work with a single TLS 1.2
-	 * cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
+	 * ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
 	 *
 	 * @param len Length of the secret bytes
 	 *
@@ -78,7 +78,7 @@ public:
 	 * TLS application data in the connection.
 	 *
 	 * Please note that these functions currently are hardcoded to only work with a single TLS 1.2
-	 * cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
+	 * ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
 	 *
 	 * @param keys The key buffer as derived via TLS PRF (for
 	 * AES_GCM this should be 72 bytes in length)
@@ -90,7 +90,7 @@ public:
 	 * TLS application data in the connection.
 	 *
 	 * Please note that these functions currently are hardcoded to only work with a single TLS 1.2
-	 * cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
+	 * ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
 	 *
 	 * @param keys The key buffer as derived via TLS PRF (for
 	 * AES_GCM this should be 72 bytes in length)
@@ -110,7 +110,7 @@ protected:
 	 * Try to decrypt TLS application data from a packet. Requires secret or keys to be set prior.
 	 *
 	 * Please note that these functions currently are hardcoded to only work with a single TLS 1.2
-	 * cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
+	 * ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
 	 *
 	 * @param len Length of the encrypted bytes to decrypt
 	 *
@@ -129,10 +129,10 @@ protected:
 
 	/**
 	 * TLS 1.2 pseudo random function (PRF) used to expand the pre-master secret and derive keys.
-	 * The seed is obtained by concatinating rnd1 and rnd2.
+	 * The seed is obtained by concatenating rnd1 and rnd2.
 	 *
 	 * Please note that these functions currently are hardcoded to only work with a single TLS 1.2
-	 * cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
+	 * ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
 	 *
 	 * @param secret Secret as defined in the TLS RFC
 	 *
@@ -168,7 +168,7 @@ protected:
 	// client and server sequence number, used for TLS 1.2 decryption
 	int c_seq;
 	int s_seq;
-	// secret, for decyption
+	// secret, for decryption
 	std::string secret;
 	// derived keys, for decryption
 	std::vector<u_char> keys;

src/analyzer/protocol/ssl/dtls-analyzer.pac

@@ -4,9 +4,9 @@ refine connection SSL_Conn += {
 	%member{
 
 		struct message_info {
-			uint64 message_first_sequence; // the minumum dtls sequence number for this handshake fragment
+			uint64 message_first_sequence; // the minimum dtls sequence number for this handshake fragment
 			bool first_sequence_seen; // did we actually see the fragment with the smallest number
-			uint64 message_last_sequence; // the mazimum dtls sequence number for this handshake fragment
+			uint64 message_last_sequence; // the maximum dtls sequence number for this handshake fragment
 			uint16 message_handshake_sequence; // the handshake sequence number of this handshake (to identify)
 			uint32 message_length; // data length of this handshake (data in buffer)
 			uint32 message_sequence_seen; // a bitfield that shows which sequence numbers we already saw, offset from first_seq.

src/analyzer/protocol/ssl/events.bif

@@ -421,7 +421,7 @@ event ssl_extension_signed_certificate_timestamp%(c: connection, is_client: bool
 
 ## Generated for an TLS Supported Versions extension. This TLS extension
 ## is defined in the TLS 1.3 rfc and sent by the client in the initial handshake.
-## It contains the TLS versions that it supports. This informaion can be used by
+## It contains the TLS versions that it supports. This information can be used by
 ## the server to choose the best TLS version o use.
 ##
 ## c: The connection.

src/analyzer/protocol/ssl/functions.bif

@@ -6,7 +6,7 @@
 %%}
 
 ## Sets if the SSL analyzer should consider the connection established (handshake
-## finished succesfully).
+## finished successfully).
 ##
 ## c: The SSL connection.
 ##

src/analyzer/protocol/ssl/ssl-protocol.pac

@@ -171,7 +171,7 @@ refine connection SSL_Conn += {
 		// some sort of TLS1.3. So - let's do it this way round instead.
 		if ( negotiated_version != SSLv20 && negotiated_version != SSLv30 && negotiated_version != TLSv10 && negotiated_version != TLSv11 && negotiated_version != TLSv12 )
 			{
-			// well, it seems like this is a TLS 1.3 (or equivalent) applicatio data packet. Let's enable encryption
+			// well, it seems like this is a TLS 1.3 (or equivalent) application data packet. Let's enable encryption
 			// and handle it as encrypted.
 			startEncryption(is_orig);
 			return STATE_ENCRYPTED;
@@ -183,7 +183,7 @@ refine connection SSL_Conn += {
 	function determine_ssl_record_layer(head0 : uint8, head1 : uint8,
 					head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int
 		%{
-		// stop processing if we already had a protocol violation or otherwhise
+		// stop processing if we already had a protocol violation or otherwise
 		// decided that we do not want to parse anymore. Just setting skip is not
 		// enough for the data that is already in the pipe.
 		if ( zeek_analyzer()->Skipping() )

src/analyzer/protocol/ssl/tls-handshake-protocol.pac

@@ -806,7 +806,7 @@ type SupportedVersions(rec: HandshakeRecord) = record {
 	versions: uint16[] &until($input.length() == 0);
 } &length=length+1;
 
-# If the server sends it, this is the authorative version. Set it.
+# If the server sends it, this is the authoritative version. Set it.
 type OneSupportedVersion(rec: HandshakeRecord) = record {
 	version: uint16;
 } &let {

src/analyzer/protocol/tcp/TCP_Endpoint.h

@@ -99,7 +99,7 @@ public:
 	/**
 	 * @param tcp_seq_num A 32-bit TCP sequence space number.
 	 * @param wraparounds Number of times a 32-bit sequence space has wrapped.
-	 * @return \a tcp_seq_num expanded out in to a 64-bit sequence space,
+	 * @return \a tcp_seq_num expanded out into a 64-bit sequence space,
 	 *         accounting for the number of times the 32-bit space overflowed.
 	 */
 	static uint64_t ToFullSeqSpace(uint32_t tcp_seq_num, uint32_t wraparounds)
@@ -110,7 +110,7 @@ public:
 	/**
 	 * @param tcp_seq_num A 32-bit TCP sequence space number.
 	 * @param wraparounds Number of times a 32-bit sequence space has wrapped.
-	 * @return \a tcp_seq_num expanded out in to a 64-bit sequence space,
+	 * @return \a tcp_seq_num expanded out into a 64-bit sequence space,
 	 *         accounting for the number of times the 32-bit space overflowed
 	 *         and relative to the starting sequence number for this endpoint.
 	 */

src/analyzer/protocol/tcp/TCP_Reassembler.cc

@@ -171,7 +171,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
 		// first packet we saw instantiating the partial connection
 		// was a keep-alive.  So, in either case, just ignore it.
 
-		// TODO: Don't we need to update last_reassm_seq ????
+		// TODO: Don't we need to update last_reassem_seq ????
 		return;
 		}
 
@@ -187,7 +187,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
 
 	if ( DEBUG_tcp_contents )
 		{
-		DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64 ", last_reassm=%" PRIu64 ", "
+		DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64 ", last_reassem=%" PRIu64 ", "
 		          "endp: FIN_cnt=%d, RST_cnt=%d, "
 		          "peer: FIN_cnt=%d, RST_cnt=%d\n",
 		          zeek::run_state::network_time, IsOrig(), up_to_seq, last_reassem_seq,
@@ -286,7 +286,7 @@ void TCP_Reassembler::MatchUndelivered(uint64_t up_to_seq, bool use_last_upper)
 
 	// ### Note: the original code did not check whether blocks have
 	// already been delivered, but not ACK'ed, and therefore still
-	// must be kept in the reassember.
+	// must be kept in the reassembler.
 
 	// We are to match any undelivered data, from last_reassem_seq to
 	// min(last_block->upper, up_to_seq).
@@ -546,10 +546,10 @@ void TCP_Reassembler::AckReceived(uint64_t seq)
 void TCP_Reassembler::CheckEOF()
 	{
 	// It is important that the check on whether we have pending data here
-	// is consistent with the check in TCP_Connection::ConnnectionClosed().
+	// is consistent with the check in TCP_Connection::ConnectionClosed().
 	//
 	// If we choose to call EndpointEOF here because, for example, we
-	// are already skipping deliveries, ConnnectionClosed() might decide
+	// are already skipping deliveries, ConnectionClosed() might decide
 	// that there is still DataPending, because it does not check
 	// SkipDeliveries(), and the connection will not be closed until
 	// timeout, since the did_EOF flag makes sure that EndpointEOF will

src/analyzer/protocol/xmpp/XMPP.h

@@ -19,7 +19,7 @@ public:
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	void StartTLS();

src/binpac_zeek-lib.pac

@@ -27,7 +27,7 @@ zeek::StringValPtr utf16_to_utf8_val(zeek::Connection* conn, const bytestring& u
 	// here, so make a copy.
 	auto utf16_copy_buf = std::make_unique<UTF16[]>(utf16.length()); // Twice as much memory than necessary.
 	auto utf16_copy = utf16_copy_buf.get();
-	memset(utf16_copy, 0, sizeof(UTF16) * utf16.length()); // needs to be set to 0, otherwhise we have uninitialized memory issues when utf16.length is odd.
+	memset(utf16_copy, 0, sizeof(UTF16) * utf16.length()); // needs to be set to 0, otherwise we have uninitialized memory issues when utf16.length is odd.
 	memcpy(utf16_copy, utf16.begin(), utf16.length());
 
 	const char* utf16_copy_end = reinterpret_cast<const char*>(utf16_copy) + utf16.length();

src/broker/Data.cc

@@ -1176,7 +1176,7 @@ broker::data& opaque_field_to_data(RecordVal* v, zeek::detail::Frame* f)
 	if ( ! d )
 		reporter->RuntimeError(f->GetCallLocation(), "Broker::Data's opaque field is not set");
 
-	// RuntimeError throws an exception which causes this line to never exceute.
+	// RuntimeError throws an exception which causes this line to never execute.
 	// NOLINTNEXTLINE(clang-analyzer-core.uninitialized.UndefReturn)
 	return static_cast<DataVal*>(d.get())->data;
 	}

src/broker/Data.h

@@ -166,7 +166,7 @@ struct type_name_getter
  * @param v a Broker::Data value.
  * @param f used to get location information on error.
  * @return a reference to the wrapped Broker data value.  A runtime interpreter
- * exception is thrown if the the optional opaque value of \a v is not set.
+ * exception is thrown if the optional opaque value of \a v is not set.
  */
 broker::data& opaque_field_to_data(zeek::RecordVal* v, zeek::detail::Frame* f);
 
@@ -176,7 +176,7 @@ broker::data& opaque_field_to_data(zeek::RecordVal* v, zeek::detail::Frame* f);
  * @param d a Broker data value to get variant data out of.
  * @param tag a Zeek tag which corresponds to T (just used for error reporting).
  * @param f used to get location information on error.
- * @return a refrence to the requested type in the variant Broker data.
+ * @return a reference to the requested type in the variant Broker data.
  * A runtime interpret exception is thrown if trying to access a type which
  * is not currently stored in the Broker data.
  */
@@ -200,7 +200,7 @@ inline T& require_data_type(zeek::RecordVal* v, zeek::TypeTag tag, zeek::detail:
 	return require_data_type<T>(opaque_field_to_data(v, f), tag, f);
 	}
 
-// Copying data in to iterator vals is not the fastest approach, but safer...
+// Copying data into iterator vals is not the fastest approach, but safer...
 
 class SetIterator : public zeek::OpaqueVal
 	{

src/broker/Manager.cc

@@ -930,7 +930,7 @@ bool Manager::AutoPublishEvent(string topic, Val* event)
 		return false;
 		}
 
-	DBG_LOG(DBG_BROKER, "Enabling auto-publising of event %s to topic %s", handler->Name(),
+	DBG_LOG(DBG_BROKER, "Enabling auto-publishing of event %s to topic %s", handler->Name(),
 	        topic.c_str());
 	handler->AutoPublish(move(topic));
 
@@ -1075,7 +1075,7 @@ bool Manager::Unsubscribe(const string& topic_prefix)
 	for ( size_t i = 0; i < forwarded_prefixes.size(); ++i )
 		if ( forwarded_prefixes[i] == topic_prefix )
 			{
-			DBG_LOG(DBG_BROKER, "Unforwading topic prefix %s", topic_prefix.c_str());
+			DBG_LOG(DBG_BROKER, "Unforwarding topic prefix %s", topic_prefix.c_str());
 			forwarded_prefixes.erase(forwarded_prefixes.begin() + i);
 			break;
 			}
@@ -1648,7 +1648,7 @@ bool Manager::ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu)
 
 	if ( ! id )
 		{
-		reporter->Warning("Received id-update request for unkown id: %s", id_name.c_str());
+		reporter->Warning("Received id-update request for unknown id: %s", id_name.c_str());
 		return false;
 		}
 
@@ -1758,7 +1758,7 @@ void Manager::ProcessError(broker::error_view err)
 	else
 		{
 
-		reporter->Warning("Unknown Broker error code %u: mapped to unspecificed enum value ",
+		reporter->Warning("Unknown Broker error code %u: mapped to unspecified enum value ",
 		                  static_cast<unsigned>(int_code));
 		ec = BifEnum::Broker::ErrorCode::UNSPECIFIED;
 		}

src/broker/Manager.h

@@ -110,7 +110,7 @@ public:
 	void Terminate();
 
 	/**
-	 * Returns true if any Broker communincation is currently active.
+	 * Returns true if any Broker communication is currently active.
 	 */
 	bool Active();
 

src/digest.h

@@ -74,7 +74,7 @@ unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsign
  * @param data Data to hash.
  * @param len Length of data to hash.
  * @param out Buffer to write data to. If set to nullptr, a static buffer will be used
- * @return Buffer that the hash was written to. Length is deoendent on the chosen hash function.
+ * @return Buffer that the hash was written to. Length is dependent on the chosen hash function.
  */
 unsigned char* calculate_digest(HashAlgorithm Alg, const unsigned char* data, uint64_t len,
                                 unsigned char* out);

src/event.bif

@@ -8,7 +8,7 @@
 #
 # Documentation conventions:
 #
-#     - Use past tense for activity that has already occured.
+#     - Use past tense for activity that has already occurred.
 #
 #     - List parameters with an empty line in between.
 #
@@ -925,7 +925,7 @@ event Pcap::file_done%(path: string%);
 ## Generated when a packet analyzer attempts to forward a protocol that it doesn't
 ## know how to handle.
 ##
-## analzyer_name: The string name of the analyzer attempting to forward the protocol
+## analyzer_name: The string name of the analyzer attempting to forward the protocol
 ##
 ## protocol: The identifier of the protocol being forwarded
 ##

src/file_analysis/Analyzer.h

@@ -86,7 +86,7 @@ public:
 	/**
 	 * Returns the analyzer instance's internal ID. These IDs are unique
 	 * across all analyzers instantiated and can thus be used to
-	 * indentify a specific instance.
+	 * identify a specific instance.
 	 */
 	ID GetID() const { return id; }
 
@@ -120,7 +120,7 @@ public:
 
 	/**
 	 * Signals that the analyzer is to skip all further input
-	 * processsing. This won't have an immediate effect internally, but
+	 * processing. This won't have an immediate effect internally, but
 	 * the flag can be queried through Skipping().
 	 *
 	 * @param do_skip If true, further processing will be skipped.
@@ -168,10 +168,10 @@ public:
 protected:
 	/**
 	 * Constructor.  Only derived classes are meant to be instantiated.
-	 * @param arg_tag the tag definining the analyzer's type.
+	 * @param arg_tag the tag defining the analyzer's type.
-	 * @param arg_args an \c AnalyzerArgs (script-layer type) value specifiying
+	 * @param arg_args an \c AnalyzerArgs (script-layer type) value specifying
 	 *        tunable options, if any, related to a particular analyzer type.
-	 * @param arg_file the file to which the the analyzer is being attached.
+	 * @param arg_file the file to which the analyzer is being attached.
 	 */
 	Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file);
 
@@ -180,9 +180,9 @@ protected:
 	 * As this version of the constructor does not receive a name or tag,
 	 * SetAnalyzerTag() must be called before the instance can be used.
 	 *
-	 * @param arg_args an \c AnalyzerArgs (script-layer type) value specifiying
+	 * @param arg_args an \c AnalyzerArgs (script-layer type) value specifying
 	 *        tunable options, if any, related to a particular analyzer type.
-	 * @param arg_file the file to which the the analyzer is being attached.
+	 * @param arg_file the file to which the analyzer is being attached.
 	 */
 	Analyzer(RecordValPtr arg_args, File* arg_file);