Merge remote-tracking branch 'MaxKellermann/includes'

* MaxKellermann/includes: broker: include cleanup file_analysis: include cleanup file_analysis/Analyzer: eliminate duplicate constructor probabilistic/Topk: include cleanup digest: eliminate the "Reporter.h" include Val: eliminate the "RE.h" include Val: eliminate the "BroString.h" include Val: eliminate the "CompHash.h" include Val: forward-declare class PDict, reduce includes Val: eliminate the "Scope.h" include
2025-10-02 22:58:20 +00:00 · 2020-02-14 10:29:36 -07:00 · 2020-02-14 10:29:36 -07:00 · cf8496dc0a
commit cf8496dc0a
parent a5166086db c6ffec02fc
58 changed files with 283 additions and 136 deletions
--- a/23
+++ b/23
@ -1,4 +1,27 @@
 3.2.0-dev.36 | 2020-02-14 10:29:36 -0700
  * broker: include cleanup (Max Kellermann)
  * file_analysis: include cleanup (Max Kellermann)
  * file_analysis/Analyzer: eliminate duplicate constructor (Max Kellermann)
  * probabilistic/Topk: include cleanup (Max Kellermann)
  * digest: eliminate the "Reporter.h" include (Max Kellermann)
  * Val: eliminate the "RE.h" include (Max Kellermann)
  * Val: eliminate the "BroString.h" include (Max Kellermann)
  * Val: eliminate the "CompHash.h" include (Max Kellermann)
  * Val: forward-declare class PDict, reduce includes (Max Kellermann)
  * Val: eliminate the "Scope.h" include (Max Kellermann)
 3.2.0-dev.25 | 2020-02-13 19:05:56 -0800
  * Reset the number of entries in a dict when calling Clear() (Tim Wojtulewicz, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-3.2.0-dev.25
+3.2.0-dev.36
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -205,6 +205,7 @@ set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS
 set(MAIN_SRCS
    main.cc
    digest.cc
    net_util.cc
    util.cc
    module_util.cc
--- a/src/CompHash.cc
+++ b/src/CompHash.cc
@ -3,7 +3,10 @@
 #include "zeek-config.h"
 #include "CompHash.h"
 #include "BroString.h"
 #include "Dict.h"
 #include "Val.h"
 #include "RE.h"
 #include "Reporter.h"
 #include "Func.h"
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@ -31,6 +31,7 @@
 #include <algorithm>
 #include "BroString.h"
 #include "Event.h"
 #include "Net.h"
 #include "Val.h"
--- a/src/Discard.cc
+++ b/src/Discard.cc
@ -6,6 +6,7 @@
 #include <algorithm>
 #include "BroString.h"
 #include "Net.h"
 #include "Func.h"
 #include "Var.h"
--- a/src/EventHandler.cc
+++ b/src/EventHandler.cc
@ -4,6 +4,7 @@
 #include "Func.h"
 #include "Scope.h"
 #include "NetVar.h"
 #include "ID.h"
 #include "broker/Manager.h"
 #include "broker/Data.h"
--- a/src/Frame.cc
+++ b/src/Frame.cc
@ -10,6 +10,7 @@
 #include "IntrusivePtr.h"
 #include "Trigger.h"
 #include "Val.h"
 #include "ID.h"
 vector<Frame*> g_frame_stack;
--- a/src/IP.cc
+++ b/src/IP.cc
@ -10,6 +10,7 @@
 #include "Type.h"
 #include "Val.h"
 #include "Var.h"
 #include "BroString.h"
 #include "Reporter.h"
 static RecordType* ip4_hdr_type = 0;
--- a/src/Net.cc
+++ b/src/Net.cc
@ -30,6 +30,7 @@ extern "C" {
 #include "Timer.h"
 #include "Var.h"
 #include "Reporter.h"
 #include "Scope.h"
 #include "Anon.h"
 #include "PacketDumper.h"
 #include "iosource/Manager.h"
--- a/src/OpaqueVal.cc
+++ b/src/OpaqueVal.cc
@ -3,8 +3,10 @@
 #include <memory>
 #include "OpaqueVal.h"
 #include "CompHash.h"
 #include "NetVar.h"
 #include "Reporter.h"
 #include "Scope.h"
 #include "Desc.h"
 #include "Var.h"
 #include "probabilistic/BloomFilter.h"
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@ -15,6 +15,7 @@
 #include "Net.h"
 #include "Conn.h"
 #include "Timer.h"
 #include "Var.h" // for internal_val()
 #include "EventHandler.h"
 #include "plugin/Plugin.h"
 #include "plugin/Manager.h"
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -7,6 +7,7 @@
 #include "RuleAction.h"
 #include "RuleCondition.h"
 #include "BroString.h"
 #include "ID.h"
 #include "IntSet.h"
 #include "IP.h"
--- a/src/Stmt.cc
+++ b/src/Stmt.cc
@ -2,6 +2,7 @@
 #include "zeek-config.h"
 #include "CompHash.h"
 #include "Expr.h"
 #include "Event.h"
 #include "Frame.h"
--- a/src/Val.cc
+++ b/src/Val.cc
@ -14,6 +14,9 @@
 #include <stdlib.h>
 #include "Attr.h"
 #include "BroString.h"
 #include "CompHash.h"
 #include "Dict.h"
 #include "Net.h"
 #include "File.h"
 #include "Func.h"
@ -28,6 +31,7 @@
 #include "Conn.h"
 #include "Reporter.h"
 #include "IPAddr.h"
 #include "Var.h" // for internal_type()
 #include "broker/Data.h"
@ -363,6 +367,11 @@ void Val::ValDescribeReST(ODesc* d) const
 #ifdef DEBUG
 ID* Val::GetID() const
 	{
 	return bound_id ? global_scope()->Lookup(bound_id) : 0;
 	}
 void Val::SetID(ID* id)
 	{
 	delete [] bound_id;
@ -991,6 +1000,26 @@ StringVal::StringVal(const string& s) : Val(TYPE_STRING)
 	val.string_val = new BroString(reinterpret_cast<const u_char*>(s.data()), s.length(), 1);
 	}
 Val* StringVal::SizeVal() const
 	{
 	return val_mgr->GetCount(val.string_val->Len());
 	}
 int StringVal::Len()
 	{
 	return AsString()->Len();
 	}
 const u_char* StringVal::Bytes()
 	{
 	return AsString()->Bytes();
 	}
 const char* StringVal::CheckString()
 	{
 	return AsString()->CheckString();
 	}
 string StringVal::ToStdString() const
 	{
 	auto* bs = AsString();
@ -1352,6 +1381,11 @@ void TableVal::RemoveAll()
 	val.table_val->SetDeleteFunc(table_entry_val_delete_func);
 	}
 int TableVal::Size() const
 	{
 	return AsTable()->Length();
 	}
 int TableVal::RecursiveSize() const
 	{
 	int n = AsTable()->Length();
@ -2544,6 +2578,11 @@ unsigned int TableVal::MemoryAllocation() const
 		+ table_hash->MemoryAllocation();
 	}
 HashKey* TableVal::ComputeHash(const Val* index) const
 	{
 	return table_hash->ComputeHash(index, 1);
 	}
 vector<RecordVal*> RecordVal::parse_time_records;
 RecordVal::RecordVal(RecordType* t, bool init_fields) : Val(t)
--- a/src/Val.h
+++ b/src/Val.h
@ -3,13 +3,8 @@
 #pragma once
 #include "Type.h"
 #include "Dict.h"
 #include "CompHash.h"
 #include "BroString.h"
 #include "Timer.h"
 #include "Scope.h"
 #include "Notifier.h"
 #include "RE.h"
 #include "net_util.h"
 #include <vector>
@ -32,7 +27,11 @@ using std::string;
 #define UDP_PORT_MASK	0x20000
 #define ICMP_PORT_MASK	0x30000
 template<typename T> class PDict;
 class IterCookie;
 class Val;
 class BroString;
 class BroFunc;
 class Func;
 class BroFile;
@ -60,6 +59,8 @@ class VectorVal;
 class TableEntryVal;
 class RE_Matcher;
 typedef union {
 	// Used for bool, int, enum.
 	bro_int_t int_val;
@ -286,10 +287,7 @@ public:
 #ifdef DEBUG
 	// For debugging, we keep a reference to the global ID to which a
 	// value has been bound *last*.
-	ID* GetID() const
+	ID* GetID() const;
 		{
 		return bound_id ? global_scope()->Lookup(bound_id) : 0;
 		}
 	void SetID(ID* id);
 #endif
@ -549,12 +547,11 @@ public:
 	explicit StringVal(const string& s);
 	StringVal(int length, const char* s);
-	Val* SizeVal() const override
+	Val* SizeVal() const override;
 		{ return val_mgr->GetCount(val.string_val->Len()); }
-	int Len()		{ return AsString()->Len(); }
+	int Len();
-	const u_char* Bytes()	{ return AsString()->Bytes(); }
+	const u_char* Bytes();
-	const char* CheckString() { return AsString()->CheckString(); }
+	const char* CheckString();
 	// Note that one needs to de-allocate the return value of
 	// ExpandedString() to avoid a memory leak.
@ -700,6 +697,7 @@ protected:
 };
 class CompositeHash;
 class HashKey;
 class Frame;
 class TableVal : public Val, public notifier::Modifiable {
@ -790,7 +788,7 @@ public:
 	Attributes* Attrs()	{ return attrs; }
 	// Returns the size of the table.
-	int Size() const	{ return AsTable()->Length(); }
+	int Size() const;
 	int RecursiveSize() const;
 	// Returns the Prefix table used inside the table (if present).
@ -816,8 +814,7 @@ public:
 			timer = 0;
 		}
-	HashKey* ComputeHash(const Val* index) const
+	HashKey* ComputeHash(const Val* index) const;
 		{ return table_hash->ComputeHash(index, 1); }
 	notifier::Modifiable* Modifiable() override	{ return this; }
--- a/src/analyzer/Analyzer.cc
+++ b/src/analyzer/Analyzer.cc
@ -7,6 +7,7 @@
 #include "binpac.h"
 #include "analyzer/protocol/pia/PIA.h"
 #include "../BroString.h"
 #include "../Event.h"
 namespace analyzer {
--- a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac
+++ b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac
@ -1,5 +1,6 @@
 %extern{
 #include "Sessions.h"
 #include "Conn.h"
 %}
 connection AYIYA_Conn(bro_analyzer: BroAnalyzer)
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -9,6 +9,7 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include "BroString.h"
 #include "NetVar.h"
 #include "Sessions.h"
 #include "Event.h"
--- a/src/analyzer/protocol/ftp/FTP.cc
+++ b/src/analyzer/protocol/ftp/FTP.cc
@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include "BroString.h"
 #include "NetVar.h"
 #include "Event.h"
 #include "Base64.h"
--- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
+++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
@ -1,5 +1,6 @@
 %extern{
 #include "Sessions.h"
 #include "BroString.h"
 %}
 %code{
--- a/src/analyzer/protocol/ident/Ident.cc
+++ b/src/analyzer/protocol/ident/Ident.cc
@ -4,6 +4,7 @@
 #include <ctype.h>
 #include "BroString.h"
 #include "NetVar.h"
 #include "Ident.h"
 #include "Event.h"
--- a/src/analyzer/protocol/login/Login.cc
+++ b/src/analyzer/protocol/login/Login.cc
@ -6,6 +6,7 @@
 #include <ctype.h>
 #include <stdlib.h>
 #include "BroString.h"
 #include "NetVar.h"
 #include "RE.h"
 #include "Reporter.h"
--- a/src/analyzer/protocol/login/NVT.cc
+++ b/src/analyzer/protocol/login/NVT.cc
@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include "BroString.h"
 #include "NetVar.h"
 #include "Event.h"
 #include "Reporter.h"
--- a/src/analyzer/protocol/mqtt/MQTT.cc
+++ b/src/analyzer/protocol/mqtt/MQTT.cc
@ -4,6 +4,7 @@
 #include "MQTT.h"
 #include "Reporter.h"
 #include "Scope.h"
 #include "mqtt_pac.h"
 using namespace analyzer::MQTT;
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -5,6 +5,7 @@
 #include <ctype.h>
 #include "BroString.h"
 #include "NetVar.h"
 #include "Sessions.h"
 #include "Event.h"
--- a/src/analyzer/protocol/rpc/MOUNT.cc
+++ b/src/analyzer/protocol/rpc/MOUNT.cc
@ -6,6 +6,7 @@
 #include <algorithm>
 #include <vector>
 #include "BroString.h"
 #include "NetVar.h"
 #include "XDR.h"
 #include "Event.h"
--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -6,6 +6,7 @@
 #include <utility>
 #include <vector>
 #include "BroString.h"
 #include "NetVar.h"
 #include "XDR.h"
 #include "Event.h"
--- a/src/analyzer/protocol/ssh/ssh-protocol.pac
+++ b/src/analyzer/protocol/ssh/ssh-protocol.pac
@ -1,5 +1,9 @@
 %include consts.pac
 %extern{
 #include "BroString.h"
 %}
 # Common constructs across SSH1 and SSH2
 ########################################
--- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc
+++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
@ -3,6 +3,7 @@
 #include "File.h"
 #include "analyzer/Analyzer.h"
 #include "analyzer/protocol/tcp/TCP.h"
 #include "BroString.h"
 #include "Reporter.h"
 #include "RuleMatcher.h"
--- a/src/analyzer/protocol/teredo/Teredo.cc
+++ b/src/analyzer/protocol/teredo/Teredo.cc
@ -5,6 +5,7 @@
 #include "IP.h"
 #include "Reporter.h"
 #include "Sessions.h"
 #include "BroString.h"
 #include "events.bif.h"
--- a/src/broker/Data.cc
+++ b/src/broker/Data.cc
@ -2,6 +2,9 @@
 #include "File.h"
 #include "Desc.h"
 #include "IntrusivePtr.h"
 #include "RE.h"
 #include "Var.h" // for internal_type()
 #include "Scope.h"
 #include "module_util.h"
 #include "3rdparty/doctest.h"
 #include "broker/data.bif.h"
@ -1170,6 +1173,14 @@ IntrusivePtr<Val> bro_broker::DataVal::castTo(BroType* t)
 	return data_to_val(data, t);
 	}
 BroType* bro_broker::DataVal::ScriptDataType()
 	{
 	if ( ! script_data_type )
 		script_data_type = internal_type("Broker::Data");
 	return script_data_type;
 	}
 IMPLEMENT_OPAQUE_VALUE(bro_broker::DataVal)
 broker::expected<broker::data> bro_broker::DataVal::DoSerialize() const
--- a/src/broker/Data.h
+++ b/src/broker/Data.h
@ -4,7 +4,6 @@
 #include "Reporter.h"
 #include "Frame.h"
 #include "Expr.h"
 #include "Var.h" // for internal_type()
 template <class T>
 class IntrusivePtr;
@ -111,13 +110,7 @@ public:
 	// Returns the Bro type that scripts use to represent a Broker data
 	// instance. This may be wrapping the opaque value inside another
 	// type.
-	static BroType* ScriptDataType()
+	static BroType* ScriptDataType();
 		{
 		if ( ! script_data_type )
 			script_data_type = internal_type("Broker::Data");
 		return script_data_type;
 		}
 	broker::data data;
--- a/src/broker/Manager.h
+++ b/src/broker/Manager.h
@ -17,11 +17,11 @@
 #include <string>
 #include <unordered_map>
 #include "NetVar.h"
 #include "iosource/IOSource.h"
 #include "logging/WriterBackend.h"
 class Frame;
 class Func;
 namespace bro_broker {
--- a/src/broker/Store.cc
+++ b/src/broker/Store.cc
@ -1,11 +1,28 @@
 #include "Store.h"
 #include "Desc.h"
 #include "Var.h" // for internal_type()
 #include "broker/Manager.h"
 namespace bro_broker {
 OpaqueType* opaque_of_store_handle;
 EnumVal* query_status(bool success)
 	{
 	static EnumType* store_query_status = nullptr;
 	static int success_val;
 	static int failure_val;
 	if ( ! store_query_status )
 		{
 		store_query_status = internal_type("Broker::QueryStatus")->AsEnumType();
 		success_val = store_query_status->Lookup("Broker", "SUCCESS");
 		failure_val = store_query_status->Lookup("Broker", "FAILURE");
 		}
 	return store_query_status->GetVal(success ? success_val : failure_val);
 	}
 void StoreHandleVal::ValDescribe(ODesc* d) const
 	{
 	//using BifEnum::Broker::BackendType;
--- a/src/broker/Store.h
+++ b/src/broker/Store.h
@ -2,8 +2,6 @@
 #include "broker/store.bif.h"
 #include "broker/data.bif.h"
 #include "Type.h"
 #include "Var.h" // for internal_type()
 #include "OpaqueVal.h"
 #include "Trigger.h"
@ -20,21 +18,7 @@ extern OpaqueType* opaque_of_store_handle;
 * @param success whether the query status should be set to success or failure.
 * @return a Broker::QueryStatus value.
 */
-inline EnumVal* query_status(bool success)
+EnumVal* query_status(bool success);
 	{
 	static EnumType* store_query_status = nullptr;
 	static int success_val;
 	static int failure_val;
 	if ( ! store_query_status )
 		{
 		store_query_status = internal_type("Broker::QueryStatus")->AsEnumType();
 		success_val = store_query_status->Lookup("Broker", "SUCCESS");
 		failure_val = store_query_status->Lookup("Broker", "FAILURE");
 		}
 	return store_query_status->GetVal(success ? success_val : failure_val);
 	}
 /**
 * @return a Broker::QueryResult value that has a Broker::QueryStatus indicating
--- a/src/digest.cc
+++ b/src/digest.cc
@ -0,0 +1,75 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 /**
 * Wrapper and helper functions for MD5/SHA digest algorithms.
 */
 #include "digest.h"
 #include "Reporter.h"
 EVP_MD_CTX* hash_init(HashAlgorithm alg)
 	{
 	EVP_MD_CTX* c = EVP_MD_CTX_new();
 	const EVP_MD* md;
 	switch (alg)
 		{
 		case Hash_MD5:
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 			/* Allow this to work even if FIPS disables it */
 			EVP_MD_CTX_set_flags(c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
 			md = EVP_md5();
 			break;
 		case Hash_SHA1:
 			md = EVP_sha1();
 			break;
 		case Hash_SHA224:
 			md = EVP_sha224();
 			break;
 		case Hash_SHA256:
 			md = EVP_sha256();
 			break;
 		case Hash_SHA384:
 			md = EVP_sha384();
 			break;
 		case Hash_SHA512:
 			md = EVP_sha512();
 			break;
 		default:
 			reporter->InternalError("Unknown hash algorithm passed to hash_init");
 		}
 	if ( ! EVP_DigestInit_ex(c, md, NULL) )
 		reporter->InternalError("EVP_DigestInit failed");
 	return c;
 	}
 void hash_update(EVP_MD_CTX* c, const void* data, unsigned long len)
 	{
 	if ( ! EVP_DigestUpdate(c, data, len) )
 		reporter->InternalError("EVP_DigestUpdate failed");
 	}
 void hash_final(EVP_MD_CTX* c, u_char* md)
 	{
 	if ( ! EVP_DigestFinal(c, md, NULL) )
 		reporter->InternalError("EVP_DigestFinal failed");
 	EVP_MD_CTX_free(c);
 	}
 unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsigned char* out)
 	{
 	static unsigned char static_out[MD5_DIGEST_LENGTH];
 	if ( ! out )
 		out = static_out; // use static array for return, see OpenSSL man page
 	EVP_MD_CTX* c = hash_init(Hash_MD5);
 	hash_update(c, data, len);
 	hash_final(c, out);
 	return out;
 	}
--- a/src/digest.h
+++ b/src/digest.h
@ -10,6 +10,8 @@
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <sys/types.h> // for u_char
 #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
 #define EVP_MD_CTX_new EVP_MD_CTX_create
 #define EVP_MD_CTX_free EVP_MD_CTX_destroy
@ -20,8 +22,6 @@ inline void* EVP_MD_CTX_md_data(const EVP_MD_CTX* ctx)
 	}
 #endif
 #include "Reporter.h"
 enum HashAlgorithm { Hash_MD5, Hash_SHA1, Hash_SHA224, Hash_SHA256, Hash_SHA384, Hash_SHA512 };
 inline const char* digest_print(const u_char* digest, size_t n)
@ -47,68 +47,10 @@ inline const char* sha256_digest_print(const u_char digest[SHA256_DIGEST_LENGTH]
 	return digest_print(digest, SHA256_DIGEST_LENGTH);
 	}
-inline EVP_MD_CTX* hash_init(HashAlgorithm alg)
+EVP_MD_CTX* hash_init(HashAlgorithm alg);
 	{
 	EVP_MD_CTX* c = EVP_MD_CTX_new();
 	const EVP_MD* md;
-	switch (alg)
+void hash_update(EVP_MD_CTX* c, const void* data, unsigned long len);
 		{
 		case Hash_MD5:
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 			/* Allow this to work even if FIPS disables it */
 			EVP_MD_CTX_set_flags(c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
 			md = EVP_md5();
 			break;
 		case Hash_SHA1:
 			md = EVP_sha1();
 			break;
 		case Hash_SHA224:
 			md = EVP_sha224();
 			break;
 		case Hash_SHA256:
 			md = EVP_sha256();
 			break;
 		case Hash_SHA384:
 			md = EVP_sha384();
 			break;
 		case Hash_SHA512:
 			md = EVP_sha512();
 			break;
 		default:
 			reporter->InternalError("Unknown hash algorithm passed to hash_init");
 		}
-	if ( ! EVP_DigestInit_ex(c, md, NULL) )
+void hash_final(EVP_MD_CTX* c, u_char* md);
 		reporter->InternalError("EVP_DigestInit failed");
-	return c;
+unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsigned char* out);
 	}
 inline void hash_update(EVP_MD_CTX* c, const void* data, unsigned long len)
 	{
 	if ( ! EVP_DigestUpdate(c, data, len) )
 		reporter->InternalError("EVP_DigestUpdate failed");
 	}
 inline void hash_final(EVP_MD_CTX* c, u_char* md)
 	{
 	if ( ! EVP_DigestFinal(c, md, NULL) )
 		reporter->InternalError("EVP_DigestFinal failed");
 	EVP_MD_CTX_free(c);
 	}
 inline unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsigned char* out)
 	{
 	static unsigned char static_out[MD5_DIGEST_LENGTH];
 	if ( ! out )
 		out = static_out; // use static array for return, see OpenSSL man page
 	EVP_MD_CTX* c = hash_init(Hash_MD5);
 	hash_update(c, data, len);
 	hash_final(c, out);
 	return out;
 	}
--- a/src/file_analysis/Analyzer.cc
+++ b/src/file_analysis/Analyzer.cc
@ -2,6 +2,7 @@
 #include "Analyzer.h"
 #include "Manager.h"
 #include "Val.h"
 file_analysis::ID file_analysis::Analyzer::id_counter = 0;
@ -17,3 +18,13 @@ void file_analysis::Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag)
 	assert(! tag || tag == arg_tag);
 	tag = arg_tag;
 	}
 file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file)
 	: tag(arg_tag),
 	  args(arg_args->Ref()->AsRecordVal()),
 	  file(arg_file),
 	  got_stream_delivery(false),
 	  skip(false)
 	{
 	id = ++id_counter;
 	}
--- a/src/file_analysis/Analyzer.h
+++ b/src/file_analysis/Analyzer.h
@ -2,11 +2,11 @@
 #pragma once
 #include "Val.h"
 #include "NetVar.h"
 #include "Tag.h"
-#include "file_analysis/file_analysis.bif.h"
+#include <sys/types.h> // for u_char
 class RecordVal;
 namespace file_analysis {
@ -146,15 +146,7 @@ protected:
 	 *        tunable options, if any, related to a particular analyzer type.
 	 * @param arg_file the file to which the the analyzer is being attached.
 	 */
-	Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file)
+	Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file);
 	    : tag(arg_tag),
 	      args(arg_args->Ref()->AsRecordVal()),
 	      file(arg_file),
 	      got_stream_delivery(false),
 	      skip(false)
 		{
 		id = ++id_counter;
 		}
 	/**
 	 * Constructor.  Only derived classes are meant to be instantiated.
@ -166,13 +158,8 @@ protected:
 	 * @param arg_file the file to which the the analyzer is being attached.
 	 */
 	Analyzer(RecordVal* arg_args, File* arg_file)
-	    : tag(),
+	    : Analyzer({}, arg_args, arg_file)
 	      args(arg_args->Ref()->AsRecordVal()),
 	      file(arg_file),
 	      got_stream_delivery(false),
 	      skip(false)
 		{
 		id = ++id_counter;
 		}
 private:
--- a/src/file_analysis/AnalyzerSet.cc
+++ b/src/file_analysis/AnalyzerSet.cc
@ -4,6 +4,9 @@
 #include "File.h"
 #include "Analyzer.h"
 #include "Manager.h"
 #include "CompHash.h"
 #include "Val.h"
 #include "file_analysis/file_analysis.bif.h"
 using namespace file_analysis;
@ -106,6 +109,12 @@ bool AnalyzerSet::AddMod::Perform(AnalyzerSet* set)
 	return true;
 	}
 void AnalyzerSet::AddMod::Abort()
 	{
 	delete a;
 	delete key;
 	}
 bool AnalyzerSet::Remove(const file_analysis::Tag& tag, RecordVal* args)
 	{
 	return Remove(tag, GetKey(tag, args));
--- a/src/file_analysis/AnalyzerSet.h
+++ b/src/file_analysis/AnalyzerSet.h
@ -4,14 +4,17 @@
 #include <queue>
 #include "Analyzer.h"
 #include "Dict.h"
 #include "CompHash.h"
 #include "Val.h"
 #include "Tag.h"
 using std::queue;
 class CompositeHash;
 class RecordVal;
 namespace file_analysis {
 class Analyzer;
 class File;
 /**
@ -173,7 +176,7 @@ private:
 			: Modification(), a(arg_a), key(arg_key) {}
 		~AddMod() override {}
 		bool Perform(AnalyzerSet* set) override;
-		void Abort() override { delete a; delete key; }
+		void Abort() override;
 	protected:
 		file_analysis::Analyzer* a;
--- a/src/file_analysis/File.h
+++ b/src/file_analysis/File.h
@ -2,17 +2,22 @@
 #pragma once
 #include <list>
 #include <string>
 #include <utility>
 #include "analyzer/Tag.h"
 #include "AnalyzerSet.h"
 #include "BroString.h"
 #include "BroList.h" // for val_list
 #include "WeirdState.h"
 using std::string;
 class Connection;
 class RecordType;
 class RecordVal;
 class EventHandlerPtr;
 namespace file_analysis {
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -10,6 +10,7 @@
 #include "plugin/Manager.h"
 #include "analyzer/Manager.h"
 #include "file_analysis/file_analysis.bif.h"
 #include <openssl/md5.h>
--- a/src/file_analysis/Manager.h
+++ b/src/file_analysis/Manager.h
@ -12,7 +12,7 @@
 #include "plugin/ComponentManager.h"
-#include "file_analysis/file_analysis.bif.h"
+#include "analyzer/Tag.h"
 using std::map;
 using std::set;
--- a/src/file_analysis/analyzer/data_event/DataEvent.cc
+++ b/src/file_analysis/analyzer/data_event/DataEvent.cc
@ -5,6 +5,7 @@
 #include "DataEvent.h"
 #include "EventRegistry.h"
 #include "Event.h"
 #include "Func.h"
 #include "util.h"
 #include "file_analysis/Manager.h"
--- a/src/file_analysis/analyzer/data_event/DataEvent.h
+++ b/src/file_analysis/analyzer/data_event/DataEvent.h
@ -7,6 +7,7 @@
 #include "Val.h"
 #include "File.h"
 #include "Analyzer.h"
 #include "EventHandler.h"
 namespace file_analysis {
--- a/src/file_analysis/analyzer/extract/functions.bif
+++ b/src/file_analysis/analyzer/extract/functions.bif
@ -4,6 +4,7 @@ module FileExtract;
 %%{
 #include "file_analysis/Manager.h"
 #include "file_analysis/file_analysis.bif.h"
 %%}
 ## :zeek:see:`FileExtract::set_limit`.
--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -10,6 +10,7 @@
 #include "types.bif.h"
 #include "ocsp_events.bif.h"
 #include "file_analysis/File.h"
 #include "file_analysis/Manager.h"
 #include <openssl/x509.h>
--- a/src/file_analysis/analyzer/x509/OCSP.h
+++ b/src/file_analysis/analyzer/x509/OCSP.h
@ -4,14 +4,14 @@
 #include <string>
 #include "../File.h"
 #include "Analyzer.h"
 #include "X509Common.h"
 #include <openssl/ocsp.h>
 namespace file_analysis {
 class File;
 class OCSP : public file_analysis::X509Common {
 public:
 	bool DeliverStream(const u_char* data, uint64_t len) override;
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@ -8,6 +8,7 @@
 #include "events.bif.h"
 #include "types.bif.h"
 #include "file_analysis/File.h"
 #include "file_analysis/Manager.h"
 #include <broker/error.hh>
--- a/src/file_analysis/analyzer/x509/X509Common.h
+++ b/src/file_analysis/analyzer/x509/X509Common.h
@ -5,16 +5,20 @@
 #pragma once
 #include "file_analysis/File.h"
 #include "Analyzer.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 class EventHandlerPtr;
 class Reporter;
 class StringVal;
 namespace file_analysis {
 class Tag;
 class File;
 class X509Common : public file_analysis::Analyzer {
 public:
 	~X509Common() override {};
--- a/src/iosource/Manager.cc
+++ b/src/iosource/Manager.cc
@ -14,6 +14,7 @@
 #include "PktDumper.h"
 #include "plugin/Manager.h"
 #include "broker/Manager.h"
 #include "NetVar.h"
 #include "util.h"
--- a/src/plugin/ComponentManager.h
+++ b/src/plugin/ComponentManager.h
@ -8,6 +8,7 @@
 #include "Var.h" // for add_type()
 #include "Val.h"
 #include "Reporter.h"
 #include "Scope.h"
 #include "zeekygen/Manager.h"
 #include "DebugLogger.h"
--- a/src/probabilistic/Topk.cc
+++ b/src/probabilistic/Topk.cc
@ -8,7 +8,7 @@
 #include "CompHash.h"
 #include "IntrusivePtr.h"
 #include "Reporter.h"
-#include "NetVar.h"
+#include "Dict.h"
 namespace probabilistic {
--- a/src/probabilistic/Topk.h
+++ b/src/probabilistic/Topk.h
@ -4,12 +4,13 @@
 #include <list>
 #include "Val.h"
 #include "CompHash.h"
 #include "OpaqueVal.h"
 // This class implements the top-k algorithm. Or - to be more precise - an
 // interpretation of it.
 class CompositeHash;
 namespace probabilistic {
 struct Element;
--- a/src/supervisor/Supervisor.cc
+++ b/src/supervisor/Supervisor.cc
@ -13,7 +13,11 @@
 #include <sstream>
 #include "iosource/Manager.h"
 #include "BroString.h"
 #include "Dict.h"
 #include "RE.h"
 #include "Reporter.h"
 #include "Scope.h"
 #include "DebugLogger.h"
 #include "ID.h"
 #include "Val.h"
--- a/src/util.cc
+++ b/src/util.cc
@ -44,6 +44,7 @@
 #endif
 #include "Desc.h"
 #include "Dict.h"
 #include "digest.h"
 #include "input.h"
 #include "Obj.h"