Remove deprecations tagged for v8.1

2025-10-01 22:28:20 +00:00 · 2025-08-04 15:41:23 -07:00 · 2025-08-04 15:41:23 -07:00 · d95affde4d
commit d95affde4d
parent e4dab3dded
108 changed files with 113 additions and 2230 deletions
--- a/cmake_templates/zeek-config-paths.h.in
+++ b/cmake_templates/zeek-config-paths.h.in
@ -3,8 +3,6 @@
 #pragma once
 constexpr char ZEEK_SCRIPT_INSTALL_PATH[] = "@ZEEK_SCRIPT_INSTALL_PATH@";
 [[deprecated("Remove in v8.1. Use ZEEK_PLUGIN_INSTALL_PATH")]] constexpr char BRO_PLUGIN_INSTALL_PATH[] =
    "@ZEEK_PLUGIN_DIR@";
 constexpr char ZEEK_PLUGIN_INSTALL_PATH[] = "@ZEEK_PLUGIN_DIR@";
 constexpr char DEFAULT_ZEEKPATH[] = "@DEFAULT_ZEEKPATH@";
 constexpr char ZEEK_SPICY_MODULE_PATH[] = "@ZEEK_SPICY_MODULE_PATH@";
--- a/24
+++ b/24
@ -90,10 +90,6 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
    --disable-zkg          don't install zkg
  Required Packages in Non-Standard Locations:
    --with-bifcl=PATH      path to Zeek BIF compiler executable
                           (useful for cross-compiling)
    --with-binpac=PATH     path to BinPAC executable
                           (useful for cross-compiling)
    --with-bison=PATH      path to bison executable
    --with-broker=PATH     path to Broker install root
                           (Zeek uses an embedded version by default)
@ -184,8 +180,6 @@ builddir=build
 CMakeCacheEntries=""
 display_cmake=0
 has_disable_archiver=0
 has_with_binpac=0
 has_with_bifcl=0
 # parse arguments
 while [ $# -ne 0 ]; do
@ -369,15 +363,9 @@ while [ $# -ne 0 ]; do
        --disable-zkg)
            append_cache_entry INSTALL_ZKG BOOL false
            ;;
        --with-bifcl=*)
            has_with_bifcl=1
            ;;
        --with-bind=*)
            append_cache_entry BIND_ROOT_DIR PATH $optarg
            ;;
        --with-binpac=*)
            has_with_binpac=1
            ;;
        --with-bison=*)
            append_cache_entry BISON_EXECUTABLE PATH $optarg
            ;;
@ -508,15 +496,3 @@ eval ${cmake} 2>&1
 echo "# This is the command used to configure this build" >config.status
 echo $command >>config.status
 chmod u+x config.status
 if [ $has_with_bifcl -eq 1 ]; then
    echo
    echo "The --with-bifcl option has been deprecated and will be removed in v8.1."
    echo "The bundled version of bifcl will always be used."
 fi
 if [ $has_with_binpac -eq 1 ]; then
    echo
    echo "The --with-binpac option has been deprecated and will be removed in v8.1."
    echo "The bundled version of BinPAC will always be used.\n"
 fi
--- a/scripts/base/frameworks/analyzer/dpd.zeek
+++ b/scripts/base/frameworks/analyzer/dpd.zeek
@ -6,9 +6,6 @@
 module DPD;
 export {
 	## Deprecated, please see https://github.com/zeek/zeek/pull/4200 for details
 	option max_violations: table[Analyzer::Tag] of count = table() &deprecated="Remove in v8.1: This has become non-functional in Zeek 7.2, see PR #4200" &default = 5;
 	## Analyzers which you don't want to remove on violations.
 	option ignore_violations: set[Analyzer::Tag] = set();
@ -110,4 +107,3 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI
 	if ( disabled )
 		event analyzer_failed(network_time(), atype, info);
 	}
--- a/scripts/base/frameworks/broker/main.zeek
+++ b/scripts/base/frameworks/broker/main.zeek
@ -28,7 +28,7 @@ export {
 	## Default address on which to listen for WebSocket connections.
 	##
-	## .. zeek:see:: Broker::listen_websocket
+	## .. zeek:see:: Cluster::listen_websocket
 	const default_listen_address_websocket = getenv("ZEEK_DEFAULT_LISTEN_ADDRESS") &redef;
 	## Default interval to retry connecting to a peer if it cannot be made to
@ -69,11 +69,6 @@ export {
 	## all peers.
 	const ssl_keyfile = "" &redef;
 	## The number of buffered messages at the Broker/CAF layer after which
 	## a subscriber considers themselves congested (i.e. tune the congestion
 	## control mechanisms).
 	const congestion_queue_size = 200 &redef &deprecated="Remove in v8.1. Non-functional since v5.0";
 	## The max number of log entries per log stream to batch together when
 	## sending log messages to a remote logger.
 	const log_batch_size = 400 &redef;
@ -319,27 +314,6 @@ export {
 	                        p: port &default = default_port,
 	                        retry: interval &default = default_listen_retry): port;
 	## Listen for remote connections using WebSocket.
 	##
 	## a: an address string on which to accept connections, e.g.
 	##    "127.0.0.1".  An empty string refers to INADDR_ANY.
 	##
 	## p: the TCP port to listen on. The value 0 means that the OS should choose
 	##    the next available free port.
 	##
 	## retry: If non-zero, retries listening in regular intervals if the port cannot be
 	##        acquired immediately. 0 disables retries.  If the
 	##        ZEEK_DEFAULT_LISTEN_RETRY environment variable is set (as number
 	##        of seconds), it overrides any value given here.
 	##
 	## Returns: the bound port or 0/? on failure.
 	##
 	## .. zeek:see:: Broker::status
 	global listen_websocket: function(a: string &default = default_listen_address_websocket,
 	                                  p: port &default = default_port_websocket,
 	                                  retry: interval &default = default_listen_retry): port
 		&deprecated="Remove in v8.1. Switch to Cluster::listen_websocket() instead.";
 	## Initiate a remote connection.
 	##
 	## a: an address to connect to, e.g. "localhost" or "127.0.0.1".
@ -450,29 +424,6 @@ export {
 	##
 	## Returns: true if a new event forwarding/subscription is now registered.
 	global forward: function(topic_prefix: string): bool;
 	## Automatically send an event to any interested peers whenever it is
 	## locally dispatched. (For example, using "event my_event(...);" in a
 	## script.)
 	##
 	## topic: a topic string associated with the event message.
 	##        Peers advertise interest by registering a subscription to some
 	##        prefix of this topic name.
 	##
 	## ev: a Zeek event value.
 	##
 	## Returns: true if automatic event sending is now enabled.
 	global auto_publish: function(topic: string, ev: any): bool &deprecated="Remove in v8.1. Switch to explicit Cluster::publish() calls. Auto-publish won't work with all cluster backends.";
 	## Stop automatically sending an event to peers upon local dispatch.
 	##
 	## topic: a topic originally given to :zeek:see:`Broker::auto_publish`.
 	##
 	## ev: an event originally given to :zeek:see:`Broker::auto_publish`.
 	##
 	## Returns: true if automatic events will not occur for the topic/event
 	##          pair.
 	global auto_unpublish: function(topic: string, ev: any): bool &deprecated="Remove in v8.1. See Broker::auto_publish()";
 }
@load base/bif/comm.bif
@ -514,31 +465,6 @@ function listen(a: string, p: port, retry: interval): port
 	return bound;
 	}
 event retry_listen_websocket(a: string, p: port, retry: interval)
 	{
@pragma push ignore-deprecations
 	listen_websocket(a, p, retry);
@pragma pop ignore-deprecations
 	}
 function listen_websocket(a: string, p: port, retry: interval): port
 	{
 	local bound = __listen(a, p, Broker::WEBSOCKET);
 	if ( bound == 0/tcp )
 		{
 		local e = getenv("ZEEK_DEFAULT_LISTEN_RETRY");
 		if ( e != "" )
 			retry = double_to_interval(to_double(e));
 		if ( retry != 0secs )
 			schedule retry { retry_listen_websocket(a, p, retry) };
 		}
 	return bound;
 	}
 function peer(a: string, p: port, retry: interval): bool
 	{
 	return __peer(a, p, retry);
@ -593,13 +519,3 @@ function unsubscribe(topic_prefix: string): bool
 	{
 	return __unsubscribe(topic_prefix);
 	}
 function auto_publish(topic: string, ev: any): bool
 	{
 	return __auto_publish(topic, ev);
 	}
 function auto_unpublish(topic: string, ev: any): bool
 	{
 	return __auto_unpublish(topic, ev);
 	}
--- a/scripts/base/frameworks/cluster/main.zeek
+++ b/scripts/base/frameworks/cluster/main.zeek
@ -362,8 +362,6 @@ export {
 	## WebSocket server options to pass to :zeek:see:`Cluster::listen_websocket`.
 	type WebSocketServerOptions: record {
 		## The host address to listen on.
 		listen_host: string &optional &deprecated="Remove in v8.1: Use $listen_addr instead.";
 		## The address to listen on, cannot be used together with ``listen_host``.
 		listen_addr: addr &optional;
 		## The port the WebSocket server is supposed to listen on.
--- a/scripts/base/frameworks/telemetry/main.zeek
+++ b/scripts/base/frameworks/telemetry/main.zeek
@ -245,16 +245,6 @@ export {
 	                                          label_values: labels_vector,
 	                                          measurement: double): bool;
 	## Interval at which the :zeek:see:`Telemetry::sync` hook is invoked.
 	##
 	## By default, the hook is invoked on demand, setting this option to
 	## a positive interval allows to invoke it regularly, too. Regular
 	## invocations are relative to Zeek's network time.
 	##
 	## Note that on-demand hook invocation will happen even if this
 	## is set.
 	option sync_interval = 0sec &deprecated="Remove in 8.1. If you require regular sync invocation, do so explicitly in a scheduled event.";
 	## Collect all counter and gauge metrics matching the given *name* and *prefix*.
 	##
 	## For histogram metrics, use the :zeek:see:`Telemetry::collect_histogram_metrics`.
@ -465,14 +455,6 @@ function collect_histogram_metrics(prefix: string, name: string): vector of Hist
 	return Telemetry::__collect_histogram_metrics(prefix, name);
 	}
 event run_sync_hook()
 	{
 	hook Telemetry::sync();
@pragma push ignore-deprecations
 	schedule sync_interval { run_sync_hook() };
@pragma pop ignore-deprecations
 	}
 # Expose the Zeek version as Prometheus style info metric
 global version_gauge_family = Telemetry::register_gauge_family(Telemetry::MetricOpts(
 	$prefix="zeek",
@ -485,11 +467,6 @@ global version_gauge_family = Telemetry::register_gauge_family(Telemetry::Metric
 event zeek_init()
 	{
@pragma push ignore-deprecations
 	if ( sync_interval > 0sec )
 		schedule sync_interval { run_sync_hook() };
@pragma pop ignore-deprecations
 	local v = Version::info;
 	local labels = vector(cat(v$version_number),
 	                      cat(v$major), cat(v$minor), cat (v$patch),
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -1726,18 +1726,6 @@ const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024 &redef;
 ## buffering.
 const tcp_max_old_segments = 0 &redef;
 ## For services without a handler, these sets define originator-side ports
 ## that still trigger reassembly.
 ##
 ## .. zeek:see:: tcp_reassembler_ports_resp
 const tcp_reassembler_ports_orig: set[port] = {} &redef &deprecated="Remove in v8.1. Non-functional since v4.1";
 ## For services without a handler, these sets define responder-side ports
 ## that still trigger reassembly.
 ##
 ## .. zeek:see:: tcp_reassembler_ports_orig
 const tcp_reassembler_ports_resp: set[port] = {} &redef &deprecated="Remove in v8.1. Non-functional since v4.1";
 ## Defines destination TCP ports for which the contents of the originator stream
 ## should be delivered via :zeek:see:`tcp_contents`.
 ##
@ -3063,9 +3051,8 @@ type dns_binds_rr: record {
 	algorithm: count;	##< Algorithm for Public Key.
 	key_id: count;		##< key tag.
 	removal_flag: count;	##< rm flag.
 	complte_flag: string &deprecated="Remove in v8.1: Use complete_flag instead.";	##< complete flag.
 	is_query: count;	##< The RR is a query/Response.
 	complete_flag: count;	##< complete flag.
 	is_query: count;	##< The RR is a query/Response.
 };
 ## A Private RR type LOC record.
--- a/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek
+++ b/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek
@ -1,96 +0,0 @@
 ##! Creates the now deprecated dpd.logfile.
 # Remove in v8.1
 module DPD;
 export {
 	## Add the DPD logging stream identifier.
 	redef enum Log::ID += { LOG };
 	## A default logging policy hook for the stream.
 	global log_policy: Log::PolicyHook;
 	## The record type defining the columns to log in the DPD logging stream.
 	type Info: record {
 		## Timestamp for when protocol analysis failed.
 		ts:             time            &log;
 		## Connection unique ID.
 		uid:            string          &log;
 		## Connection ID containing the 4-tuple which identifies endpoints.
 		id:             conn_id         &log;
 		## Transport protocol for the violation.
 		proto:          transport_proto &log;
 		## The analyzer that generated the violation.
 		analyzer:       string          &log;
 		## The textual reason for the analysis failure.
 		failure_reason: string          &log;
 	};
 }
 redef record connection += {
 	dpd: Info &optional;
 	## The set of services (analyzers) for which Zeek has observed a
 	## violation after the same service had previously been confirmed.
 	service_violation: set[string] &default=set() &ordered &deprecated="Remove in v8.1. Consider using failed_analyzers instead";
 };
 event zeek_init() &priority=5
 	{
 	Log::create_stream(DPD::LOG, Log::Stream($columns=Info, $path="dpd", $policy=log_policy));
 	}
 # before the same event in dpd.zeek
 event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=15
 	{
 	if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) )
 		return;
 	if ( ! info?$c )
 		return;
 	local c = info$c;
 	local analyzer = Analyzer::name(atype);
 	# If the service hasn't been confirmed yet, or already failed,
 	# don't generate a log message for the protocol violation.
 	if ( analyzer !in c$service || analyzer in c$service_violation )
 		return;
 	add c$service_violation[analyzer];
 	local dpd: Info;
 	dpd$ts = network_time();
 	dpd$uid = c$uid;
 	dpd$id = c$id;
 	dpd$proto = get_port_transport_proto(c$id$orig_p);
 	dpd$analyzer = analyzer;
 	# Encode data into the reason if there's any as done for the old
 	# analyzer_violation event, previously.
 	local reason = info$reason;
 	if ( info?$data )
 		{
 		local ellipsis = |info$data| > 40 ? "..." : "";
 		local data = info$data[0:40];
 		reason = fmt("%s [%s%s]", reason, data, ellipsis);
 		}
 	dpd$failure_reason = reason;
 	c$dpd = dpd;
 	}
 event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo ) &priority=-5
 	{
 	if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) )
 		return;
 	if ( ! info?$c )
 		return;
 	if ( info$c?$dpd )
 		{
 		Log::write(DPD::LOG, info$c$dpd);
 		delete info$c$dpd;
 		}
 	}
--- a/scripts/policy/frameworks/dpd/detect-protocols.zeek
+++ b/scripts/policy/frameworks/dpd/detect-protocols.zeek
@ -1,3 +0,0 @@
@deprecated("frameworks/dpd/detect-protocols.zeek moved to frameworks/analyzer/detect-protocols.zeek. Please switch to frameworks/analyzer/detect-protocols.zeek. Remove in 8.1")
@load frameworks/analyzer/detect-protocols.zeek
--- a/scripts/policy/frameworks/dpd/packet-segment-logging.zeek
+++ b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek
@ -1,34 +0,0 @@
@deprecated("Please switch to frameworks/analyzer/packet-segment-logging, which logs to analyzer.log. Remove in 8.1")
 ##! This script enables logging of packet segment data when a protocol
 ##! parsing violation is encountered.  The amount of data from the
 ##! packet logged is set by the :zeek:see:`DPD::packet_segment_size` variable.
 ##! A caveat to logging packet data is that in some cases, the packet may
 ##! not be the packet that actually caused the protocol violation.
@load frameworks/analyzer/deprecated-dpd-log
 module DPD;
 export {
 	redef record Info += {
 		## A chunk of the payload that most likely resulted in the
 		## analyzer violation.
 		packet_segment: string &optional &log;
 	};
 	## Size of the packet segment to display in the DPD log.
 	option packet_segment_size: int = 255;
 }
 event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=4
 	{
 	if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) )
 		return;
 	if ( ! info?$c || ! info$c?$dpd )
 		return;
 	info$c$dpd$packet_segment = fmt("%s", sub_bytes(get_current_packet()$data, 0, packet_segment_size));
 	}
--- a/scripts/policy/frameworks/management/controller/main.zeek
+++ b/scripts/policy/frameworks/management/controller/main.zeek
@ -4,6 +4,7 @@
 ##! by the supervisor.
@load base/frameworks/broker
@load base/frameworks/cluster
@load policy/frameworks/management
@load policy/frameworks/management/agent/config # For the agent topic prefix
@ -1644,9 +1645,9 @@ event zeek_init()
 	if ( cni$bound_port != 0/unknown )
 		{
-@pragma push ignore-deprecations
+		local ws_opts = Cluster::WebSocketServerOptions($listen_addr=to_addr(cni$address),
-		Broker::listen_websocket(cat(cni$address), cni$bound_port);
+		                                                $listen_port=cni$bound_port);
-@pragma pop ignore-deprecations
+		Cluster::listen_websocket(ws_opts);
 		websocket_info = fmt("websocket port %s:%s", cni$address, cni$bound_port);
 		}
--- a/scripts/policy/protocols/http/detect-sqli.zeek
+++ b/scripts/policy/protocols/http/detect-sqli.zeek
@ -1,142 +0,0 @@
 ##! SQL injection attack detection in HTTP.
 ## This package is deprecated in favor of detect-sql-injection.zeek.
 ##
 ## The replacement script annotates the notices it generates with
 ## an associated $uid connection identifier; always provides an attacker
 ## IP address in the $src field; and always provides a victim IP address
 ## in the $dst field. The notices generated by this script, on the other
 ## hand, lack a $uid identifier, and do not provide $dst information.
 ## In addition, for SQL_Injection_Victim notices, this script provides the
 ## victim's IP address in the $src field, which some find counter-intuitive.
 ##
 ## In addition, the replacement script removes support for generating
 ## Notice emails.
@deprecated "Remove in v8.1: Switch to the improved detect-sql-injection script"
@load base/frameworks/notice
@load base/frameworks/sumstats
@load base/protocols/http
 module HTTP;
 export {
 	redef enum Notice::Type += {
 		## Indicates that a host performing SQL injection attacks was
 		## detected.
 		SQL_Injection_Attacker,
 		## Indicates that a host was seen to have SQL injection attacks
 		## against it.  This is tracked by IP address as opposed to
 		## hostname.
 		SQL_Injection_Victim,
 	};
 	redef enum Tags += {
 		## Indicator of a URI based SQL injection attack.
 		URI_SQLI,
 		## Indicator of client body based SQL injection attack.  This is
 		## typically the body content of a POST request. Not implemented
 		## yet.
 		POST_SQLI,
 		## Indicator of a cookie based SQL injection attack. Not
 		## implemented yet.
 		COOKIE_SQLI,
 	};
 	## Defines the threshold that determines if an SQL injection attack
 	## is ongoing based on the number of requests that appear to be SQL
 	## injection attacks.
 	const sqli_requests_threshold: double = 50.0 &redef;
 	## Interval at which to watch for the
 	## :zeek:id:`HTTP::sqli_requests_threshold` variable to be crossed.
 	## At the end of each interval the counter is reset.
 	const sqli_requests_interval = 5min &redef;
 	## Collecting samples will add extra data to notice emails
 	## by collecting some sample SQL injection url paths.  Disable
 	## sample collection by setting this value to 0.
 	const collect_SQLi_samples = 5 &redef;
 	## Regular expression is used to match URI based SQL injections.
 	const match_sql_injection_uri =
 		  /[\?&][^[:blank:]\x00-\x1f\|\+]+?=[\-[:alnum:]%]+([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]?([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|\)?;)+.*?([hH][aA][vV][iI][nN][gG]|[uU][nN][iI][oO][nN]|[eE][xX][eE][cC]|[sS][eE][lL][eE][cC][tT]|[dD][eE][lL][eE][tT][eE]|[dD][rR][oO][pP]|[dD][eE][cC][lL][aA][rR][eE]|[cC][rR][eE][aA][tT][eE]|[iI][nN][sS][eE][rR][tT])([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)+/
 		| /[\?&][^[:blank:]\x00-\x1f\|\+]+?=[\-0-9%]+([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]?([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|\)?;)+([xX]?[oO][rR]|[nN]?[aA][nN][dD])([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)+['"]?(([^a-zA-Z&]+)?=|[eE][xX][iI][sS][tT][sS])/
 		| /[\?&][^[:blank:]\x00-\x1f\+]+?=[\-0-9%]*([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]([[:blank:]\x00-\x1f]|\/\*.*?\*\/)*(-|=|\+|\|\|)([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*([0-9]|\(?[cC][oO][nN][vV][eE][rR][tT]|[cC][aA][sS][tT])/
 		| /[\?&][^[:blank:]\x00-\x1f\|\+]+?=([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|;)*([xX]?[oO][rR]|[nN]?[aA][nN][dD]|[hH][aA][vV][iI][nN][gG]|[uU][nN][iI][oO][nN]|[eE][xX][eE][cC]|[sS][eE][lL][eE][cC][tT]|[dD][eE][lL][eE][tT][eE]|[dD][rR][oO][pP]|[dD][eE][cC][lL][aA][rR][eE]|[cC][rR][eE][aA][tT][eE]|[rR][eE][gG][eE][xX][pP]|[iI][nN][sS][eE][rR][tT])([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|[\[(])+[a-zA-Z&]{2,}/
 		| /[\?&][^[:blank:]\x00-\x1f\+]+?=[^\.]*?([cC][hH][aA][rR]|[aA][sS][cC][iI][iI]|[sS][uU][bB][sS][tT][rR][iI][nN][gG]|[tT][rR][uU][nN][cC][aA][tT][eE]|[vV][eE][rR][sS][iI][oO][nN]|[lL][eE][nN][gG][tT][hH])\(/
 		| /\/\*![[:digit:]]{5}.*?\*\// &redef;
 	## A hook that can be used to prevent specific requests from being counted
 	## as an injection attempt.  Use a 'break' statement to exit the hook
 	## early and ignore the request.
 	global HTTP::sqli_policy: hook(c: connection, method: string, unescaped_URI: string);
 }
 function format_sqli_samples(samples: vector of SumStats::Observation): string
 	{
 	local ret = "SQL Injection samples\n---------------------";
 	for ( i in samples )
 		ret += "\n" + samples[i]$str;
 	return ret;
 	}
 event zeek_init() &priority=3
 	{
 	# Add filters to the metrics so that the metrics framework knows how to
 	# determine when it looks like an actual attack and how to respond when
 	# thresholds are crossed.
 	local r1 = SumStats::Reducer($stream="http.sqli.attacker", $apply=set(SumStats::SUM, SumStats::SAMPLE), $num_samples=collect_SQLi_samples);
 	SumStats::create(SumStats::SumStat($name="detect-sqli-attackers",
 		$epoch=sqli_requests_interval,
 		$reducers=set(r1),
 		$threshold_val(key: SumStats::Key, result: SumStats::Result) =
 			{
 			return result["http.sqli.attacker"]$sum;
 			},
 		$threshold=sqli_requests_threshold,
 		$threshold_crossed(key: SumStats::Key, result: SumStats::Result) =
 			{
 			local r = result["http.sqli.attacker"];
 			NOTICE(Notice::Info($note=SQL_Injection_Attacker,
 			                    $msg="An SQL injection attacker was discovered!",
 			                    $email_body_sections=vector(format_sqli_samples(r$samples)),
 			                    $src=key$host,
 			                    $identifier=cat(key$host)));
 			}));
 	local r2 = SumStats::Reducer($stream="http.sqli.victim", $apply=set(SumStats::SUM, SumStats::SAMPLE), $num_samples=collect_SQLi_samples);
 	SumStats::create(SumStats::SumStat($name="detect-sqli-victims",
 		$epoch=sqli_requests_interval,
 		$reducers=set(r2),
 		$threshold_val(key: SumStats::Key, result: SumStats::Result) =
 			{
 			return result["http.sqli.victim"]$sum;
 			},
 		$threshold=sqli_requests_threshold,
 		$threshold_crossed(key: SumStats::Key, result: SumStats::Result) =
 			{
 			local r = result["http.sqli.victim"];
 			NOTICE(Notice::Info($note=SQL_Injection_Victim,
 			                    $msg="An SQL injection victim was discovered!",
 			                    $email_body_sections=vector(format_sqli_samples(r$samples)),
 			                    $src=key$host,
 			                    $identifier=cat(key$host)));
 			}));
 	}
 event http_request(c: connection, method: string, original_URI: string,
                   unescaped_URI: string, version: string) &priority=3
 	{
 	if ( ! hook HTTP::sqli_policy(c, method, unescaped_URI) )
 		return;
 	if ( match_sql_injection_uri in unescaped_URI )
 		{
 		add c$http$tags[URI_SQLI];
 		SumStats::observe("http.sqli.attacker", SumStats::Key($host=c$id$orig_h), SumStats::Observation($str=original_URI));
 		SumStats::observe("http.sqli.victim",   SumStats::Key($host=c$id$resp_h), SumStats::Observation($str=original_URI));
 		}
 	}
--- a/scripts/test-all-policy.zeek
+++ b/scripts/test-all-policy.zeek
@ -11,7 +11,6 @@
@load frameworks/analyzer/debug-logging.zeek
@load frameworks/analyzer/detect-protocols.zeek
 # @load frameworks/analyzer/deprecated-dpd-log.zeek
@load frameworks/analyzer/packet-segment-logging.zeek
 # @load frameworks/control/controllee.zeek
 # @load frameworks/control/controller.zeek
@ -50,8 +49,6 @@
@load frameworks/management/request.zeek
@load frameworks/management/types.zeek
@load frameworks/management/util.zeek
 # @load frameworks/dpd/detect-protocols.zeek
 # @load frameworks/dpd/packet-segment-logging.zeek
@load frameworks/intel/do_notice.zeek
@load frameworks/intel/do_expire.zeek
@load frameworks/intel/whitelist.zeek
@ -126,7 +123,6 @@
@load protocols/ftp/detect-bruteforcing.zeek
@load protocols/ftp/detect.zeek
@load protocols/ftp/software.zeek
 # @load protocols/http/detect-sqli.zeek
@load protocols/http/detect-sql-injection.zeek
@load protocols/http/detect-webapps.zeek
@load protocols/http/header-names.zeek
--- a/scripts/zeekygen/load.zeek
+++ b/scripts/zeekygen/load.zeek
@ -1,14 +1,8 @@
@load test-all-policy.zeek
 # Scripts which are commented out in test-all-policy.zeek.
@load frameworks/analyzer/deprecated-dpd-log.zeek
@load frameworks/conn_key/vlan_fivetuple.zeek
 # Remove in v8.1: replaced by frameworks/analyzer/detect-protocols.zeek
@pragma push ignore-deprecations
@load frameworks/dpd/detect-protocols.zeek
@pragma pop ignore-deprecations
@load protocols/ssl/decryption.zeek
@ifdef ( Cluster::CLUSTER_BACKEND_ZEROMQ )
@load frameworks/cluster/backend/zeromq/connect.zeek
@ -17,11 +11,6 @@
@load frameworks/control/controllee.zeek
@load frameworks/control/controller.zeek
 # Remove in v8.1: replaced by frameworks/analyzer/packet-segment-logging.zeek
@pragma push ignore-deprecations
@load frameworks/dpd/packet-segment-logging.zeek
@pragma pop ignore-deprecations
@load frameworks/management/agent/main.zeek
@load frameworks/management/controller/main.zeek
@load frameworks/management/node/__load__.zeek
@ -31,9 +20,6 @@
@load policy/misc/dump-events.zeek
@load policy/protocols/conn/speculative-service.zeek
 # Remove in v8.1: This script is deprecated and conflicts with detect-sql-injection.zeek
 # @load policy/protocols/http/detect-sqli.zeek
@if ( have_spicy() )
 # Loading this messes up documentation of some elements defined elsewhere.
 # @load frameworks/spicy/record-spicy-batch.zeek
--- a/src/Attr.cc
+++ b/src/Attr.cc
@ -300,10 +300,8 @@ bool Attributes::CheckAttr(Attr* a) {
            if ( global_var )
                return AttrError("&optional is not valid for global variables");
            // Remove in v8.1: Call AttrError()
            if ( in_record && Find(ATTR_DEFAULT) )
-                zeek::reporter->Deprecation(
+                return AttrError("Using &default and &optional together results in &default behavior");
                    "Remove in v8.1: Using &default and &optional together results in &default behavior");
            break;
@ -342,10 +340,8 @@ bool Attributes::CheckAttr(Attr* a) {
            if ( Find(ATTR_DEFAULT_INSERT) )
                return AttrError("&default and &default_insert cannot be used together");
            // Remove in v8.1: Call AttrError()
            if ( in_record && Find(ATTR_OPTIONAL) )
-                zeek::reporter->Deprecation(
+                return AttrError("Using &default and &optional together results in &default behavior");
                    "Remove in v8.1: Using &default and &optional together results in &default behavior");
            std::string err_msg;
            if ( ! check_default_attr(a, type, global_var, in_record, err_msg) && ! err_msg.empty() )
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -39,43 +39,6 @@ Connection::Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const
    resp_port = key->DstPort();
    proto = key->GetTransportProto();
    Init(flow, pkt);
 }
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt)
    : Session(t, connection_timeout, connection_status_update, detail::connection_status_update_interval) {
    orig_addr = id->src_addr;
    resp_addr = id->dst_addr;
    orig_port = id->src_port;
    resp_port = id->dst_port;
    key = std::make_unique<zeek::IPConnKey>();
    key->InitTuple(id->src_addr, id->src_port, id->dst_addr, id->dst_port, id->proto, id->is_one_way);
    key->Init(*pkt);
    proto = key->GetTransportProto();
    Init(flow, pkt);
 }
 #pragma GCC diagnostic pop
 Connection::~Connection() {
    if ( ! finished )
        reporter->InternalError("Done() not called before destruction of Connection");
    CancelTimers();
    if ( conn_val )
        conn_val->SetOrigin(nullptr);
    delete adapter;
    --current_connections;
 }
 void Connection::Init(uint32_t flow, const Packet* pkt) {
    orig_flow_label = flow;
    resp_flow_label = 0;
    saw_first_orig_packet = 1;
@ -109,6 +72,20 @@ void Connection::Init(uint32_t flow, const Packet* pkt) {
    encapsulation = pkt->encap;
 }
 Connection::~Connection() {
    if ( ! finished )
        reporter->InternalError("Done() not called before destruction of Connection");
    CancelTimers();
    if ( conn_val )
        conn_val->SetOrigin(nullptr);
    delete adapter;
    --current_connections;
 }
 void Connection::CheckEncapsulation(const std::shared_ptr<EncapsulationStack>& arg_encap) {
    if ( encapsulation && arg_encap ) {
        if ( *encapsulation != *arg_encap ) {
--- a/src/Conn.h
+++ b/src/Conn.h
@ -53,21 +53,6 @@ enum ConnEventToFlag : uint8_t {
    NUM_EVENTS_TO_FLAG,
 };
 // Deprecated without replacement: remove in v8.1.
 // XXX using [[deprecated]] for the whole struct leads to hard errors on FreeBSD/MacOS.
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 struct ConnTuple {
 #pragma GCC diagnostic pop
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr src_addr;
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr dst_addr;
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t src_port = 0;
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t dst_port = 0;
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint16_t proto = UNKNOWN_IP_PROTO;
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] bool is_one_way =
        false; // if true, don't canonicalize order
 };
 static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, const IPAddr& addr2, uint32_t p2) {
    return addr1 < addr2 || (addr1 == addr2 && p1 < p2);
 }
@ -76,9 +61,6 @@ class Connection final : public session::Session {
 public:
    Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const Packet* pkt);
    [[deprecated("Remove in v8.1. Switch to ConnKey factories and the new zeek::ConnKey tree.")]]
    Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt);
    ~Connection() override;
    /**
@ -213,10 +195,6 @@ public:
    static void InitPostScript();
 private:
    // Common initialization for the constructors. This can move back into the
    // (sole) constructor when we remove the deprecated one in 8.1.
    void Init(uint32_t flow, const Packet* pkt);
    friend class session::detail::Timer;
    IPAddr orig_addr;
--- a/src/Desc.h
+++ b/src/Desc.h
@ -144,10 +144,6 @@ public:
        return byte_vec(t);
    }
    [[deprecated("Remove in v8.1. Use Size() that returns size_t instead.")]]
    int Len() const {
        return static_cast<int>(offset);
    }
    size_t Size() const { return offset; }
    void Clear();
--- a/src/Event.cc
+++ b/src/Event.cc
@ -41,16 +41,6 @@ RecordValPtr detail::MetadataEntry::BuildVal() const {
    return rv;
 }
 Event::Event(const EventHandlerPtr& arg_handler, zeek::Args arg_args, util::detail::SourceID arg_src,
             analyzer::ID arg_aid, Obj* arg_obj, double arg_ts)
    : handler(arg_handler),
      args(std::move(arg_args)),
      meta(detail::MakeEventMetadataVector(arg_ts)),
      src(arg_src),
      aid(arg_aid),
      obj(zeek::NewRef{}, arg_obj),
      next_event(nullptr) {}
 Event::Event(detail::EventMetadataVectorPtr arg_meta, const EventHandlerPtr& arg_handler, zeek::Args arg_args,
             util::detail::SourceID arg_src, analyzer::ID arg_aid, Obj* arg_obj)
    : handler(arg_handler),
@ -58,8 +48,7 @@ Event::Event(detail::EventMetadataVectorPtr arg_meta, const EventHandlerPtr& arg
      meta(std::move(arg_meta)),
      src(arg_src),
      aid(arg_aid),
-      obj(zeek::NewRef{}, arg_obj),
+      obj(zeek::NewRef{}, arg_obj) {}
      next_event(nullptr) {}
 zeek::VectorValPtr Event::MetadataValues(const EnumValPtr& id) const {
    static const auto& any_vec_t = zeek::id::find_type<zeek::VectorType>("any_vec");
@ -135,14 +124,8 @@ void Event::Dispatch(bool no_remote) {
        reporter->BeginErrorHandler();
    try {
-#pragma GCC diagnostic push
+        handler->Call(&args);
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    } catch ( InterpreterException& e ) {
        // Replace in v8.1 with handler->Call(&args).
        handler->Call(&args, no_remote, Time());
 #pragma GCC diagnostic pop
    }
    catch ( InterpreterException& e ) {
        // Already reported.
    }
@ -161,15 +144,12 @@ EventMgr::~EventMgr() {
    }
 }
-void EventMgr::Enqueue(const EventHandlerPtr& h, Args vl, util::detail::SourceID src, analyzer::ID aid, Obj* obj,
+void EventMgr::Enqueue(const EventHandlerPtr& h, Args vl, util::detail::SourceID src, analyzer::ID aid, Obj* obj) {
                       DeprecatedTimestamp deprecated_ts) {
    detail::EventMetadataVectorPtr meta;
    double ts = double(deprecated_ts);
    // If this is a local event and EventMetadata::add_network_timestamp is
    // enabled, automatically set the network timestamp for this event to the
-    // current network time when it is < 0 (default of deprecated_ts is -1.0).
+    // current network time.
    //
    // See the other Enqueue() implementation for the local vs broker/remote
    // motivation of want_network_timestamp.
@ -178,19 +158,8 @@ void EventMgr::Enqueue(const EventHandlerPtr& h, Args vl, util::detail::SourceID
        ((src == util::detail::SOURCE_LOCAL) ||
         (src == util::detail::SOURCE_BROKER && BifConst::EventMetadata::add_missing_remote_network_timestamp));
-    if ( want_network_timestamp ) {
+    if ( want_network_timestamp )
-        if ( ts < 0.0 )
+        meta = detail::MakeEventMetadataVector(run_state::network_time);
            ts = run_state::network_time;
        // In v8.1 when the deprecated_ts parameters is gone: Just use run_state::network_time directly here.
        meta = detail::MakeEventMetadataVector(ts);
    }
    else if ( ts >= 0.0 ) {
        // EventMetadata::add_network_timestamp is false, but EventMgr::Enqueue()
        // with an explicit (non-negative) timestamp is used. That's a deprecated
        // API, but we continue to support it until v8.1.
        meta = detail::MakeEventMetadataVector(ts);
    }
    QueueEvent(new Event(std::move(meta), h, std::move(vl), src, aid, obj));
 }
@ -261,14 +230,6 @@ void EventMgr::QueueEvent(Event* event) {
    ++event_mgr.num_events_queued;
 }
 void EventMgr::Dispatch(Event* event, bool no_remote) {
    Event* old_current = current;
    current = event;
    event->Dispatch(no_remote);
    current = old_current;
    Unref(event);
 }
 void EventMgr::Dispatch(const EventHandlerPtr& h, zeek::Args vl) {
    detail::EventMetadataVectorPtr meta;
@ -284,11 +245,11 @@ void EventMgr::Dispatch(const EventHandlerPtr& h, zeek::Args vl) {
    if ( done )
        return;
-#pragma GCC diagnostic push
+    Event* old_current = current;
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    current = ev;
-    // TODO: Open-code the old Dispatch() implementation here in v8.1.
+    ev->Dispatch();
-    Dispatch(ev);
+    current = old_current;
-#pragma GCC diagnostic pop
+    Unref(ev);
 }
 void EventMgr::Drain() {
--- a/src/Event.h
+++ b/src/Event.h
@ -55,10 +55,6 @@ constexpr double NO_TIMESTAMP = -1.0;
 class Event final : public Obj {
 public:
    [[deprecated("Remove in v8.1: Do not instantiate raw events. Use EventMgr::Dispatch() or EventMgr::Enqueue().")]]
    Event(const EventHandlerPtr& handler, zeek::Args args, util::detail::SourceID src = util::detail::SOURCE_LOCAL,
          analyzer::ID aid = 0, Obj* obj = nullptr, double ts = run_state::network_time);
    void SetNext(Event* n) { next_event = n; }
    Event* NextEvent() const { return next_event; }
@ -99,12 +95,10 @@ private:
    util::detail::SourceID src;
    analyzer::ID aid;
    zeek::IntrusivePtr<Obj> obj;
-    Event* next_event;
+    Event* next_event = nullptr;
 };
 class EventMgr final : public Obj, public iosource::IOSource {
    class DeprecatedTimestamp;
 public:
    ~EventMgr() override;
@ -123,7 +117,7 @@ public:
     * (defaults to current network time - deprecated).
     */
    void Enqueue(const EventHandlerPtr& h, zeek::Args vl, util::detail::SourceID src = util::detail::SOURCE_LOCAL,
-                 analyzer::ID aid = 0, Obj* obj = nullptr, DeprecatedTimestamp ts = {});
+                 analyzer::ID aid = 0, Obj* obj = nullptr);
    /**
     * A version of Enqueue() taking a variable number of arguments.
@ -147,9 +141,6 @@ public:
    void Enqueue(detail::EventMetadataVectorPtr meta, const EventHandlerPtr& h, zeek::Args vl,
                 util::detail::SourceID src = util::detail::SOURCE_LOCAL, analyzer::ID aid = 0, Obj* obj = nullptr);
    [[deprecated("Remove in v8.1: Use Dispatch(handler, args) instead.")]]
    void Dispatch(Event* event, bool no_remote = false);
    // Dispatch an event with the given handler and arguments immediately.
    //
    // While the event is technically not queued, HookQueueEvent() is
@ -196,24 +187,6 @@ public:
    uint64_t num_events_dispatched = 0;
 private:
    /**
     * Helper class to produce a compile time warning if Enqueue() is called with an explicit timestamp.
     *
     * Remove in v8.1.
     */
    class DeprecatedTimestamp {
    public:
        DeprecatedTimestamp() : d(-1.0) {}
        [[deprecated("Use overload EventMgr::Enqueue(EventMetadataVectorPtr meta, ...) to pass timestamp metadata")]]
        /*implicit*/ DeprecatedTimestamp(double d)
            : d(d) {}
        explicit operator double() const { return d; }
    private:
        double d;
    };
    void QueueEvent(Event* event);
    Event* current = nullptr;
--- a/src/EventHandler.cc
+++ b/src/EventHandler.cc
@ -22,9 +22,7 @@ EventHandler::EventHandler(std::string arg_name) {
    generate_always = false;
 }
-EventHandler::operator bool() const {
+EventHandler::operator bool() const { return enabled && ((local && local->HasEnabledBodies()) || generate_always); }
    return enabled && ((local && local->HasEnabledBodies()) || generate_always || ! auto_publish.empty());
 }
 const FuncTypePtr& EventHandler::GetType(bool check_export) {
    if ( type )
@ -44,7 +42,7 @@ const FuncTypePtr& EventHandler::GetType(bool check_export) {
 void EventHandler::SetFunc(FuncPtr f) { local = std::move(f); }
-void EventHandler::Call(Args* vl, bool no_remote, double ts) {
+void EventHandler::Call(Args* vl) {
    if ( ! call_count ) {
        static auto eh_invocations_family =
            telemetry_mgr->CounterFamily("zeek", "event-handler-invocations", {"name"},
@ -58,40 +56,6 @@ void EventHandler::Call(Args* vl, bool no_remote, double ts) {
    if ( new_event )
        NewEvent(vl);
    if ( ! no_remote ) {
        if ( ! auto_publish.empty() ) {
            // Send event in form [name, xs...] where xs represent the arguments.
            BrokerListBuilder xs;
            xs.Reserve(vl->size());
            bool valid_args = true;
            for ( const auto& v : *vl ) {
                if ( ! xs.Add(v) ) {
                    valid_args = false;
                    auto_publish.clear();
                    reporter->Error("failed auto-remote event '%s', disabled", Name());
                    break;
                }
            }
            if ( valid_args ) {
                auto ev_args = std::move(xs).Build();
                for ( auto it = auto_publish.begin();; ) {
                    const auto& topic = *it;
                    ++it;
                    if ( it != auto_publish.end() )
                        broker_mgr->PublishEvent(topic, Name(), ev_args, ts);
                    else {
                        broker_mgr->PublishEvent(topic, Name(), std::move(ev_args), ts);
                        break;
                    }
                }
            }
        }
    }
    if ( local )
        // No try/catch here; we pass exceptions upstream.
        local->Invoke(vl);
--- a/src/EventHandler.h
+++ b/src/EventHandler.h
@ -35,28 +35,8 @@ public:
    void SetFunc(FuncPtr f);
    [[deprecated("Remove in v8.1, use explicit Publish().")]]
    void AutoPublish(std::string topic) {
        auto_publish.insert(std::move(topic));
    }
    [[deprecated("Remove in v8.1.")]]
    void AutoUnpublish(const std::string& topic) {
        auto_publish.erase(topic);
    }
    [[deprecated(
        "Remove in v8.1. The no_remote and ts parameters are AutoPublish() specific and won't have an effect "
        "in the future. Use Call(args)")]]
    void Call(zeek::Args* vl, bool no_remote = false, double ts = run_state::network_time);
    // Call the function associated with this handler.
-    void Call(zeek::Args* vl) {
+    void Call(zeek::Args* vl);
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
        Call(vl, false, run_state::network_time);
 #pragma GCC diagnostic pop
    }
    // Returns true if there is at least one local or remote handler.
    explicit operator bool() const;
@ -89,8 +69,6 @@ private:
    // Initialize this lazy, so we don't expose metrics for 0 values.
    std::shared_ptr<zeek::telemetry::Counter> call_count;
    std::unordered_set<std::string> auto_publish;
 };
 // Encapsulates a ptr to an event handler to overload the boolean operator.
--- a/src/Func.h
+++ b/src/Func.h
@ -129,11 +129,6 @@ public:
    Kind GetKind() const { return kind; }
    [[deprecated("Remove with v8.1 - use GetName() instead")]]
    const char* Name() const {
        return name.c_str();
    }
    const std::string& GetName() const { return name; }
    void SetName(const std::string& arg_name) { name = arg_name; }
--- a/src/IPAddr.cc
+++ b/src/IPAddr.cc
@ -16,127 +16,6 @@ namespace zeek {
 const IPAddr IPAddr::v4_unspecified = IPAddr(in4_addr{});
 const IPAddr IPAddr::v6_unspecified = IPAddr();
 namespace detail {
 ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto,
                 bool one_way) {
    Init(src, dst, src_port, dst_port, proto, one_way);
 }
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 ConnKey::ConnKey(const ConnTuple& id) {
    Init(id.src_addr, id.dst_addr, id.src_port, id.dst_port, id.proto, id.is_one_way);
 }
 ConnKey& ConnKey::operator=(const ConnKey& rhs) {
    if ( this == &rhs )
        return *this;
    // Because of padding in the object, this needs to memset to clear out
    // the extra memory used by padding. Otherwise, the session key stuff
    // doesn't work quite right. The static_cast is to silence a
    // -Wnontrival-memcall warning from clang++ 17 and later.
    memset(static_cast<void*>(this), 0, sizeof(ConnKey));
    memcpy(&ip1, &rhs.ip1, sizeof(in6_addr));
    memcpy(&ip2, &rhs.ip2, sizeof(in6_addr));
    port1 = rhs.port1;
    port2 = rhs.port2;
    transport = rhs.transport;
    return *this;
 }
 #pragma GCC diagnostic pop
 ConnKey::ConnKey(Val* v) {
    const auto& vt = v->GetType();
    if ( ! IsRecord(vt->Tag()) ) {
        transport = INVALID_CONN_KEY_IP_PROTO;
        return;
    }
    RecordType* vr = vt->AsRecordType();
    auto vl = v->As<RecordVal*>();
    // indices into record's value list
    int orig_h;
    int orig_p;
    int resp_h;
    int resp_p;
    int proto;
    if ( vr == id::conn_id ) {
        orig_h = 0;
        orig_p = 1;
        resp_h = 2;
        resp_p = 3;
        proto = 4;
    }
    else {
        // While it's not a conn_id, it may have equivalent fields.
        orig_h = vr->FieldOffset("orig_h");
        resp_h = vr->FieldOffset("resp_h");
        orig_p = vr->FieldOffset("orig_p");
        resp_p = vr->FieldOffset("resp_p");
        proto = vr->FieldOffset("proto");
        if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 || proto < 0 ) {
            transport = INVALID_CONN_KEY_IP_PROTO;
            return;
        }
        // TODO we ought to check that the fields have the right
        // types, too.
    }
    if ( ! vl->HasField(orig_h) || ! vl->HasField(resp_h) || ! vl->HasField(orig_p) || ! vl->HasField(resp_p) ) {
        transport = INVALID_CONN_KEY_IP_PROTO;
        return;
    }
    const IPAddr& orig_addr = vl->GetFieldAs<AddrVal>(orig_h);
    const IPAddr& resp_addr = vl->GetFieldAs<AddrVal>(resp_h);
    const auto& orig_portv = vl->GetFieldAs<PortVal>(orig_p);
    const auto& resp_portv = vl->GetFieldAs<PortVal>(resp_p);
    const auto& protov = vl->GetField<CountVal>(proto);
    Init(orig_addr, resp_addr, htons((unsigned short)orig_portv->Port()), htons((unsigned short)resp_portv->Port()),
         protov->AsCount(), false);
 }
 void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto,
                   bool one_way) {
    // Because of padding in the object, this needs to memset to clear out
    // the extra memory used by padding. Otherwise, the session key stuff
    // doesn't work quite right. The static_cast is to silence a
    // -Wnontrival-memcall warning from clang++ 17 and later.
    memset(static_cast<void*>(this), 0, sizeof(ConnKey));
    // Lookup up connection based on canonical ordering, which is
    // the smaller of <src addr, src port> and <dst addr, dst port>
    // followed by the other.
    if ( one_way || addr_port_canon_lt(src, src_port, dst, dst_port) ) {
        ip1 = src.in6;
        ip2 = dst.in6;
        port1 = src_port;
        port2 = dst_port;
    }
    else {
        ip1 = dst.in6;
        ip2 = src.in6;
        port1 = dst_port;
        port2 = src_port;
    }
    transport = proto;
 }
 } // namespace detail
 IPAddr::IPAddr(const String& s) { Init(s.CheckString()); }
 std::unique_ptr<detail::HashKey> IPAddr::MakeHashKey() const {
--- a/src/IPAddr.h
+++ b/src/IPAddr.h
@ -25,41 +25,6 @@ constexpr uint16_t INVALID_CONN_KEY_IP_PROTO = 65534;
 class HashKey;
 // Deprecated: Remove the whole class in v8.1. Switch usage to the conntuple factories and the new zeek::ConnKey tree.
 class ConnKey {
 public:
    in6_addr ip1;
    in6_addr ip2;
    uint16_t port1 = 0;
    uint16_t port2 = 0;
    uint16_t transport = INVALID_CONN_KEY_IP_PROTO;
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const IPAddr& src, const IPAddr& dst,
                                                                               uint16_t src_port, uint16_t dst_port,
                                                                               uint16_t proto, bool one_way);
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnTuple& conn);
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnKey& rhs) { *this = rhs; }
    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(Val* v);
    // FIXME: This is getting reworked as part of the connection tuple changes. Suppress
    // the clang-tidy warning for the time being.
    // NOLINTBEGIN(bugprone-suspicious-memory-comparison)
    bool operator<(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) < 0; }
    bool operator<=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) <= 0; }
    bool operator==(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) == 0; }
    bool operator!=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) != 0; }
    bool operator>=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) >= 0; }
    bool operator>(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) > 0; }
    // NOLINTEND(bugprone-suspicious-memory-comparison)
    ConnKey& operator=(const ConnKey& rhs);
    bool Valid() const { return transport <= 0xFF; };
 private:
    void Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto, bool one_way);
 };
 } // namespace detail
 /**
@ -406,7 +371,6 @@ public:
    static const IPAddr v6_unspecified;
 private:
    friend class detail::ConnKey;
    friend class IPPrefix;
    /**
--- a/src/RunState.h
+++ b/src/RunState.h
@ -67,8 +67,6 @@ extern void suspend_processing();
 extern void continue_processing();
 bool is_processing_suspended();
 [[deprecated("Remove with v8.1. Use run_state::current_pseudo directly if needed.")]]
 extern double current_packet_timestamp();
 extern double current_packet_wallclock();
 // Whether we're reading live traffic.
--- a/src/Span.h
+++ b/src/Span.h
@ -1,12 +0,0 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 #pragma once
 #include <span>
 namespace zeek {
 template<class T>
 using Span [[deprecated("Remove in v8.1: Use std::span instead")]] = std::span<T>;
 } // namespace zeek
--- a/src/ZeekArgs.h
+++ b/src/ZeekArgs.h
@ -19,17 +19,6 @@ using RecordTypePtr = IntrusivePtr<RecordType>;
 using Args = std::vector<ValPtr>;
 /**
 * Converts a legacy-style argument list for use in modern Zeek function
 * calling or event queueing APIs.
 * @param vl  the argument list to convert, the returned value takes ownership
 * of a reference to each element in the list
 * @return  the converted argument list
 *
 */
 [[deprecated("Remove in v8.1. Convert users to produce zeek::Args directly.")]]
 Args val_list_to_args(const ValPList& vl);
 /**
 * Creates a vector of "call_argument" meta data describing the arguments to
 * function/event invocation.
--- a/src/ZeekString.cc
+++ b/src/ZeekString.cc
@ -322,46 +322,6 @@ String::Vec* String::Split(const String::IdxVec& indices) const {
    return result;
 }
 VectorVal* String::VecToPolicy(Vec* vec) {
    auto result = make_intrusive<VectorVal>(id::string_vec);
    for ( unsigned int i = 0; i < vec->size(); ++i ) {
        String* string = (*vec)[i];
        auto val = make_intrusive<StringVal>(string->Len(), (const char*)string->Bytes());
        result->Assign(i, std::move(val));
    }
    return result.release();
 }
 String::Vec* String::VecFromPolicy(VectorVal* vec) {
    Vec* result = new Vec();
    for ( unsigned int i = 0; i < vec->Size(); ++i ) {
        auto v = vec->StringAt(i);
        if ( ! v )
            continue;
        String* string = new String(*v);
        result->push_back(string);
    }
    return result;
 }
 char* String::VecToString(const Vec* vec) {
    std::string result("[");
    for ( const auto* str : *vec ) {
        result += str->CheckString();
        result += ",";
    }
    result += "]";
    return strdup(result.c_str());
 }
 bool StringLenCmp::operator()(String* const& bst1, String* const& bst2) {
    return _increasing ? (bst1->Len() < bst2->Len()) : (bst1->Len() > bst2->Len());
 }
@ -587,15 +547,8 @@ TEST_CASE("searching/modification") {
    CHECK_EQ(s, *s3);
    delete s3;
-#pragma GCC diagnostic push
+    for ( auto& spl : *splits )
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+        delete spl;
    char* temp = zeek::String::VecToString(splits);
 #pragma GCC diagnostic pop
    CHECK_EQ(std::string(temp), "[this, is, a, test,]");
    free(temp);
    for ( auto* entry : *splits )
        delete entry;
    delete splits;
 }
--- a/src/ZeekString.h
+++ b/src/ZeekString.h
@ -166,14 +166,6 @@ public:
    //
    Vec* Split(const IdxVec& indices) const;
    // Helper functions for vectors:
    [[deprecated("Remove in v8.1. The ZeekString vector methods are unused.")]]
    static VectorVal* VecToPolicy(Vec* vec);
    [[deprecated("Remove in v8.1. The ZeekString vector methods are unused.")]]
    static Vec* VecFromPolicy(VectorVal* vec);
    [[deprecated("Remove in v8.1. The ZeekString vector methods are unused.")]]
    static char* VecToString(const Vec* vec);
 protected:
    void Reset();
--- a/src/analyzer/Analyzer.h
+++ b/src/analyzer/Analyzer.h
@ -903,15 +903,3 @@ constexpr int CONTENTS_RESP = 2;
 constexpr int CONTENTS_BOTH = 3;
 } // namespace zeek::analyzer
 [[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_NONE =
    zeek::analyzer::CONTENTS_NONE;
 [[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_ORIG =
    zeek::analyzer::CONTENTS_ORIG;
 [[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_RESP =
    zeek::analyzer::CONTENTS_RESP;
 [[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_BOTH =
    zeek::analyzer::CONTENTS_BOTH;
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -1352,6 +1352,8 @@ bool DNS_Interpreter::ParseRR_BINDS(detail::DNS_MsgInfo* msg, const u_char*& dat
                                   msg->BuildBINDS_Val(&binds));
    }
    delete completeflag;
    return true;
 }
@ -1912,9 +1914,8 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds) {
    r->Assign(2, binds->algorithm);
    r->Assign(3, binds->key_id);
    r->Assign(4, binds->removal_flag);
-    r->Assign(5, binds->complete_flag); // Remove in v8.1: Move field 7 here. Drop String* usage.
+    r->Assign(5, binds->complete_flag->Len() > 0 ? binds->complete_flag->Bytes()[0] : 0);
    r->Assign(6, is_query);
    r->Assign(7, binds->complete_flag->Len() > 0 ? binds->complete_flag->Bytes()[0] : 0);
    return r;
 }
--- a/src/analyzer/protocol/tcp/ContentLine.h
+++ b/src/analyzer/protocol/tcp/ContentLine.h
@ -122,9 +122,3 @@ protected:
 };
 } // namespace zeek::analyzer::tcp
 // These were previously #defined, so they have to be outside of the namespace.
 [[deprecated("Remove in v8.1, use the version in the zeek:::analyzer::tcp namespace")]] constexpr int CR_as_EOL =
    zeek::analyzer::tcp::CR_as_EOL;
 [[deprecated("Remove in v8.1, use the version in the zeek:::analyzer::tcp namespace")]] constexpr int LF_as_EOL =
    zeek::analyzer::tcp::LF_as_EOL;
--- a/src/analyzer/protocol/tcp/TCP_Endpoint.h
+++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h
@ -260,41 +260,3 @@ enum EndianTypes : uint8_t {
 } // namespace analyzer::tcp
 } // namespace zeek
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_SYN_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_SYN_PKT;
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_FIN_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_FIN_PKT;
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_RST_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_RST_PKT;
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_FIN_RST_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_FIN_RST_PKT;
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_DATA_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_DATA_PKT;
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_ACK_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_ACK_PKT;
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_MULTI_FLAG_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_MULTI_FLAG_PKT;
 [[deprecated(
    "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_CORRUPT_PKT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_CORRUPT_PKT;
 [[deprecated("Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_RXMIT =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_RXMIT;
 [[deprecated("Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_WIN0 =
    zeek::analyzer::tcp::TCP_Endpoint::HIST_WIN0;
--- a/src/broker/Manager.cc
+++ b/src/broker/Manager.cc
@ -826,8 +826,6 @@ std::vector<broker::peer_info> Manager::Peers() const {
    return bstate->endpoint.peers();
 }
 std::string Manager::NodeID() const { return to_string(bstate->endpoint.node_id()); }
 bool Manager::DoPublishEvent(const std::string& topic, cluster::Event& event) {
    bool do_publish = PLUGIN_HOOK_WITH_RESULT(HOOK_PUBLISH_EVENT, HookPublishEvent(*this, topic, event), true);
    if ( ! do_publish )
@ -1107,72 +1105,6 @@ void Manager::Error(const char* format, ...) {
        reporter->Error("%s", msg);
 }
 bool Manager::AutoPublishEvent(string topic, Val* event) {
    if ( event->GetType()->Tag() != TYPE_FUNC ) {
        Error("Broker::auto_publish must operate on an event");
        return false;
    }
    auto event_val = event->AsFunc();
    if ( event_val->Flavor() != FUNC_FLAVOR_EVENT ) {
        Error("Broker::auto_publish must operate on an event");
        return false;
    }
    auto handler = event_registry->Lookup(event_val->GetName());
    if ( ! handler ) {
        Error("Broker::auto_publish failed to lookup event '%s'", event_val->GetName().c_str());
        return false;
    }
    DBG_LOG(DBG_BROKER, "Enabling auto-publishing of event %s to topic %s", handler->Name(), topic.c_str());
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
    handler->AutoPublish(std::move(topic));
 #pragma GCC diagnostic pop
    return true;
 }
 bool Manager::AutoUnpublishEvent(const string& topic, Val* event) {
    if ( event->GetType()->Tag() != TYPE_FUNC ) {
        Error("Broker::auto_event_stop must operate on an event");
        return false;
    }
    auto event_val = event->AsFunc();
    if ( event_val->Flavor() != FUNC_FLAVOR_EVENT ) {
        Error("Broker::auto_event_stop must operate on an event");
        return false;
    }
    auto handler = event_registry->Lookup(event_val->GetName());
    if ( ! handler ) {
        Error("Broker::auto_event_stop failed to lookup event '%s'", event_val->GetName().c_str());
        return false;
    }
    DBG_LOG(DBG_BROKER, "Disabling auto-publishing of event %s to topic %s", handler->Name(), topic.c_str());
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
    handler->AutoUnpublish(topic);
 #pragma GCC diagnostic pop
    return true;
 }
 RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) {
    // Deprecated MakeEvent() version using ValPList - requires extra copy.
    zeek::Args cargs;
    cargs.reserve(args->size());
    for ( auto* a : *args )
        cargs.emplace_back(zeek::NewRef{}, a);
    return MakeEvent(ArgsSpan{cargs}, frame)->Ref()->AsRecordVal();
 }
 zeek::RecordValPtr Manager::MakeEvent(ArgsSpan args, zeek::detail::Frame* frame) {
    scoped_reporter_location srl{frame};
    auto rval = zeek::make_intrusive<RecordVal>(BifType::Record::Broker::Event);
--- a/src/broker/Manager.h
+++ b/src/broker/Manager.h
@ -175,11 +175,6 @@ public:
     */
    std::vector<broker::peer_info> Peers() const;
    /**
     * @return a unique identifier for this broker endpoint.
     */
    [[deprecated("Remove in v8.1: Use Backend::NodeId() instead.")]] std::string NodeID() const;
    /**
     * Send an identifier's value to interested peers.
     * @param topic a topic string associated with the message.
@ -252,38 +247,6 @@ public:
    bool PublishLogWrite(EnumVal* stream, EnumVal* writer, const std::string& path,
                         const logging::detail::LogRecord& rec);
    /**
     * Automatically send an event to any interested peers whenever it is
     * locally dispatched (e.g. using "event my_event(...);" in a script).
     * @param topic a topic string associated with the event message.
     * Peers advertise interest by registering a subscription to some prefix
     * of this topic name.
     * @param event a Zeek event value.
     * @return true if automatic event sending is now enabled.
     */
    [[deprecated("Remove in v8.1, use explicit Publish().")]]
    bool AutoPublishEvent(std::string topic, Val* event);
    /**
     * Stop automatically sending an event to peers upon local dispatch.
     * @param topic a topic originally given to zeek::Broker::Manager::AutoPublish().
     * @param event an event originally given to zeek::Broker::Manager::AutoPublish().
     * @return true if automatic events will no occur for the topic/event pair.
     */
    [[deprecated("Remove in v8.1.")]]
    bool AutoUnpublishEvent(const std::string& topic, Val* event);
    /**
     * Create an `Event` record value from an event and its arguments.
     * @param args the event and its arguments.  The event is always the first
     * elements in the list.
     * @param frame the calling frame, used to report location info upon error
     * @return an `Event` record value.  If an invalid event or arguments
     * were supplied the optional "name" field will not be set.
     */
    [[deprecated("Remove in v8.1: Use the ArgsSpan version instead")]] RecordVal* MakeEvent(ValPList* args,
                                                                                            zeek::detail::Frame* frame);
    using ArgsSpan = std::span<const ValPtr>;
    /**
--- a/src/broker/messaging.bif
+++ b/src/broker/messaging.bif
@ -146,26 +146,6 @@ function Broker::__publish_id%(topic: string, id: string%): bool
 	return zeek::val_mgr->Bool(rval);
 	%}
 function Broker::__auto_publish%(topic: string, ev: any%): bool
 	%{
 	zeek::Broker::Manager::ScriptScopeGuard ssg;
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 	auto rval = zeek::broker_mgr->AutoPublishEvent(topic->CheckString(), ev);
 #pragma GCC diagnostic pop
 	return zeek::val_mgr->Bool(rval);
 	%}
 function Broker::__auto_unpublish%(topic: string, ev: any%): bool
 	%{
 	zeek::Broker::Manager::ScriptScopeGuard ssg;
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 	auto rval = zeek::broker_mgr->AutoUnpublishEvent(topic->CheckString(), ev);
 #pragma GCC diagnostic pop
 	return zeek::val_mgr->Bool(rval);
 	%}
 function Broker::__subscribe%(topic_prefix: string%): bool
 	%{
 	zeek::Broker::Manager::ScriptScopeGuard ssg;
--- a/src/cluster/Backend.cc
+++ b/src/cluster/Backend.cc
@ -277,11 +277,6 @@ void ThreadedBackend::DoTerminate() {
    }
 }
 void ThreadedBackend::QueueForProcessing(QueueMessage&& qmessages) {
    if ( onloop )
        onloop->QueueForProcessing(std::move(qmessages));
 }
 void ThreadedBackend::Process(QueueMessage&& msg) {
    // sonarlint wants to use std::visit. not sure...
    if ( auto* emsg = std::get_if<EventMessage>(&msg) ) {
--- a/src/cluster/Backend.h
+++ b/src/cluster/Backend.h
@ -568,17 +568,6 @@ protected:
    ThreadedBackend(std::string_view name, std::unique_ptr<EventSerializer> es, std::unique_ptr<LogSerializer> ls,
                    std::unique_ptr<detail::EventHandlingStrategy> ehs);
    /**
     * To be used by implementations to enqueue messages for processing on the IO loop.
     *
     * It's safe to call this method from any thread before ThreadedBackend's
     * DoTerminate() implementation is invoked.
     *
     * @param messages Messages to be enqueued.
     */
    [[deprecated("Remove in v8.1: Use OnLoop() and QueueForProcessing() directly.")]]
    void QueueForProcessing(QueueMessage&& messages);
    /**
     * The default DoInit() implementation of ThreadedBackend
     * registers itself as a counting IO source to keep the IO
--- a/src/event.bif
+++ b/src/event.bif
@ -898,7 +898,6 @@ event Pcap::file_done%(path: string%);
 ##
 ## .. zeek:see:: UnknownProtocol::first_bytes_count
 event unknown_protocol%(analyzer_name: string, protocol: count, first_bytes: string, analyzer_history: string_vec%);
 event unknown_protocol%(analyzer_name: string, protocol: count, first_bytes: string%) &deprecated="Remove in v8.1. Use the version that includes analyzer_history.";
 ## An event for handling packets that reached the end of processing without
 ## being marked as processed. Note that this event may lead to unpredictable
--- a/src/fuzzers/dns-fuzzer.cc
+++ b/src/fuzzers/dns-fuzzer.cc
@ -8,8 +8,9 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "zeek/fuzzers/FuzzBuffer.h"
+#include "zeek/conn_key/Manager.h"
 #include "zeek/fuzzers/fuzzer-setup.h"
 #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h"
 #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
 #include "zeek/session/Manager.h"
@ -19,16 +20,13 @@ static zeek::Connection* add_connection() {
    static constexpr double network_time_start = 1439471031;
    zeek::run_state::detail::update_network_time(network_time_start);
    zeek::ConnKeyPtr ck = zeek::conn_key_mgr->GetFactory().NewConnKey();
    zeek::IPBasedConnKeyPtr key = zeek::IPBasedConnKeyPtr(static_cast<zeek::IPBasedConnKey*>(ck.release()));
    key->InitTuple(zeek::IPAddr("1.2.3.4"), htons(23132), zeek::IPAddr("5.6.7.8"), htons(80), TRANSPORT_TCP, false);
    zeek::Packet p;
-    zeek::ConnTuple conn_id;
+    zeek::Connection* conn = new zeek::Connection(std::move(key), network_time_start, 1, &p);
    conn_id.src_addr = zeek::IPAddr("1.2.3.4");
    conn_id.dst_addr = zeek::IPAddr("5.6.7.8");
    conn_id.src_port = htons(23132);
    conn_id.dst_port = htons(80);
    conn_id.is_one_way = false;
    conn_id.proto = TRANSPORT_TCP;
    zeek::detail::ConnKey key(conn_id);
    zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p);
    conn->SetTransport(TRANSPORT_TCP);
    zeek::session_mgr->Insert(conn);
    return conn;
--- a/src/fuzzers/websocket-fuzzer.cc
+++ b/src/fuzzers/websocket-fuzzer.cc
@ -10,8 +10,10 @@
 #include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/analyzer/protocol/websocket/WebSocket.h"
 #include "zeek/conn_key/Manager.h"
 #include "zeek/fuzzers/FuzzBuffer.h"
 #include "zeek/fuzzers/fuzzer-setup.h"
 #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h"
 #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
 #include "zeek/session/Manager.h"
@ -21,16 +23,12 @@ static zeek::Connection* add_connection() {
    static constexpr double network_time_start = 1439471031;
    zeek::run_state::detail::update_network_time(network_time_start);
    zeek::ConnKeyPtr ck = zeek::conn_key_mgr->GetFactory().NewConnKey();
    zeek::IPBasedConnKeyPtr key = zeek::IPBasedConnKeyPtr(static_cast<zeek::IPBasedConnKey*>(ck.release()));
    key->InitTuple(zeek::IPAddr("1.2.3.4"), htons(23132), zeek::IPAddr("5.6.7.8"), htons(80), TRANSPORT_TCP, false);
    zeek::Packet p;
-    zeek::ConnTuple conn_id;
+    zeek::Connection* conn = new zeek::Connection(std::move(key), network_time_start, 1, &p);
    conn_id.src_addr = zeek::IPAddr("1.2.3.4");
    conn_id.dst_addr = zeek::IPAddr("5.6.7.8");
    conn_id.src_port = htons(23132);
    conn_id.dst_port = htons(80);
    conn_id.is_one_way = false;
    conn_id.proto = TRANSPORT_TCP;
    zeek::detail::ConnKey key(conn_id);
    zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p);
    conn->SetTransport(TRANSPORT_TCP);
    zeek::session_mgr->Insert(conn);
    return conn;
--- a/src/logging/WriterFrontend.cc
+++ b/src/logging/WriterFrontend.cc
@ -106,9 +106,6 @@ WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVa
    remote = arg_remote;
    info = new WriterBackend::WriterInfo(arg_info);
    num_fields = 0;
    fields = nullptr;
    const char* w = arg_writer->GetType()->AsEnumType()->Lookup(arg_writer->InternalInt());
    name = util::copy_string(util::fmt("%s/%s", arg_info.path, w));
@ -124,11 +121,6 @@ WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVa
 }
 WriterFrontend::~WriterFrontend() {
    for ( auto i = 0; i < num_fields; ++i )
        delete fields[i];
    delete[] fields;
    delete info;
    delete[] name;
 }
@ -154,27 +146,25 @@ void WriterFrontend::Init(int arg_num_fields, const Field* const* arg_fields) {
    if ( initialized )
        reporter->InternalError("writer initialize twice");
    num_fields = arg_num_fields;
    fields = arg_fields;
    initialized = true;
-    if ( backend ) {
+    header.fields.reserve(arg_num_fields);
-        auto fs = new Field*[num_fields];
+    for ( int i = 0; i < arg_num_fields; i++ )
-
+        header.fields.emplace_back(*arg_fields[i]);
        for ( auto i = 0; i < num_fields; ++i )
            fs[i] = new Field(*fields[i]);
        backend->SendIn(new InitMessage(backend, arg_num_fields, fs));
    }
    if ( remote ) {
        broker_mgr->PublishLogCreate(header.stream_id.get(), header.writer_id.get(), *info, arg_num_fields, arg_fields);
    }
-    header.fields.reserve(arg_num_fields);
+    if ( backend )
-    for ( int i = 0; i < arg_num_fields; i++ )
+        // InitMessage takes ownership of the pointer passed in here and deletes it and
-        header.fields.emplace_back(*arg_fields[i]);
+        // the fields when done processing the message.
        backend->SendIn(new InitMessage(backend, arg_num_fields, arg_fields));
    else {
        for ( int i = 0; i < arg_num_fields; i++ )
            delete arg_fields[i];
        delete[] arg_fields;
    }
 }
 void WriterFrontend::Write(detail::LogRecord&& arg_vals) {
@ -183,9 +173,9 @@ void WriterFrontend::Write(detail::LogRecord&& arg_vals) {
    if ( disabled )
        return;
-    if ( vals.size() != static_cast<size_t>(num_fields) ) {
+    if ( vals.size() != header.fields.size() ) {
-        reporter->Warning("WriterFrontend %s expected %d fields in write, got %zu. Skipping line.", name, num_fields,
+        reporter->Warning("WriterFrontend %s expected %zu fields in write, got %zu. Skipping line.", name,
-                          vals.size());
+                          header.fields.size(), vals.size());
        return;
    }
@ -238,7 +228,7 @@ void WriterFrontend::FlushWriteBuffer() {
        zeek::cluster::backend->PublishLogWrites(header, std::span{records});
    if ( backend )
-        backend->SendIn(new WriteMessage(backend, num_fields, std::move(records)));
+        backend->SendIn(new WriteMessage(backend, header.fields.size(), std::move(records)));
 }
 void WriterFrontend::SetBuf(bool enabled) {
--- a/src/logging/WriterFrontend.h
+++ b/src/logging/WriterFrontend.h
@ -226,14 +226,6 @@ public:
     */
    const WriterBackend::WriterInfo& Info() const { return *info; }
    /**
     * Returns the number of log fields as passed into the constructor.
     */
    [[deprecated("Remove in v8.1: Use GetFields() instead")]]
    int NumFields() const {
        return num_fields;
    }
    /**
     * Returns a descriptive name for the writer, including the type of
     * the backend and the path used.
@ -247,14 +239,6 @@ public:
     */
    const std::string& GetFilterName() const { return info->filter_name; }
    /**
     * Returns the log fields as passed into the constructor.
     */
    [[deprecated("Remove in v8.1: Use GetFields() instead")]]
    const threading::Field* const* Fields() const {
        return fields;
    }
    /**
     * Returns the log fields once Init() was called on the frontend.
     */
@ -270,10 +254,8 @@ protected:
    bool local;             // True if logging locally.
    bool remote;            // True if logging remotely.
-    const char* name;                      // Descriptive name of the
+    const char* name;                // Descriptive name of the writer.
-    WriterBackend::WriterInfo* info;       // The writer information.
+    WriterBackend::WriterInfo* info; // The writer information.
    int num_fields;                        // Remove in v8.1.
    const threading::Field* const* fields; // Remove in v8.1.
    detail::LogWriteHeader header;    // Collected information about the WriterFrontend.
    detail::WriteBuffer write_buffer; // Buffer for bulk writes.
--- a/src/packet_analysis/Manager.h
+++ b/src/packet_analysis/Manager.h
@ -171,11 +171,6 @@ public:
        return pkt_filter;
    }
    [[deprecated("Remove in v8.1: Use PacketsUnprocessed() instead.")]]
    uint64_t GetUnprocessedCount() const {
        return PacketsUnprocessed();
    }
    /**
     * Returns the total number of packets received that weren't considered
     * processed by some analyzer.
--- a/src/packet_analysis/protocol/ip/IP.h
+++ b/src/packet_analysis/protocol/ip/IP.h
@ -31,13 +31,9 @@ private:
 enum class ParseResult : int8_t {
    CAPLEN_TOO_SMALL = -1,
    CaplenTooSmall [[deprecated("Remove in v8.1, use ParseResult::CAPLEN_TOO_SMALL.")]] = CAPLEN_TOO_SMALL,
    BAD_PROTOCOL = -2,
    BadProtocol [[deprecated("Remove in v8.1, use ParseResult::BAD_PROTOCOL.")]] = BAD_PROTOCOL,
    OK = 0,
    Ok [[deprecated("Remove in v8.1, use ParseResult::OK.")]] = OK,
    CAPLEN_TOO_LARGE = 1,
    CaplenTooLarge [[deprecated("Remove in v8.1, use ParseResult::CAPLEN_TOO_LARGE.")]] = CAPLEN_TOO_LARGE,
 };
 /**
--- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
+++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
@ -36,17 +36,8 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
        key = IPBasedConnKeyPtr(static_cast<IPBasedConnKey*>(ck.release()));
    }
-    // Deprecated: remove ConnTuple use in 8.1 and only use InitConnKey().
+    if ( ! InitConnKey(len, data, pkt, *key) )
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
    ConnTuple tuple;
    if ( BuildConnTuple(len, data, pkt, tuple) ) {
        key->InitTuple(tuple.src_addr, tuple.src_port, tuple.dst_addr, tuple.dst_port, pkt->proto);
 #pragma GCC diagnostic pop
    }
    else if ( ! InitConnKey(len, data, pkt, *key) ) {
        return false;
    }
    key->Init(*pkt);
--- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
+++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
@ -109,18 +109,7 @@ protected:
     * @return True if initialization succeeded, false otherwise (e.g. because
     * there wasn't enough data available).
     */
-    virtual bool InitConnKey(size_t len, const uint8_t* data, Packet* packet, IPBasedConnKey& key) {
+    virtual bool InitConnKey(size_t len, const uint8_t* data, Packet* packet, IPBasedConnKey& key) = 0;
        // Given deprecation of BuildConnTuple below, make this pure virtual in 8.1.
        return false;
    }
    /**
     * Parse the header from the packet into a ConnTuple object.
     */
    [[deprecated("Remove in v8.1. Switch to InitConnKey() and key-only initialization.")]]
    virtual bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) {
        return false;
    }
    /**
     * Continues process of packet after the connection has been inserted into the
--- a/src/plugin/Manager.cc
+++ b/src/plugin/Manager.cc
@ -10,6 +10,7 @@
 #include <sys/stat.h>
 #include <cerrno>
 #include <cstdlib>
 #include <filesystem>
 #include <fstream>
 #include <optional>
 #include <ranges>
--- a/src/scan.l
+++ b/src/scan.l
@ -663,14 +663,9 @@ F	RET_CONST(zeek::val_mgr->False()->Ref())
 ({H}".")+{HTLD} {
 	zeek::TableValPtr result;
-	std::string msg = zeek::util::fmt("Remove in v8.1: DNS lookup of host literal '%s' is deprecated. "
+	std::string msg = zeek::util::fmt("DNS lookup of host literal '%s' is not supported. "
 	                                  "Replace with blocking_lookup_hostname().", yytext);
-	zeek::reporter->Deprecation(msg.c_str());
+    zeek::reporter->Error("%s", msg.c_str());
 	if ( ! zeek::detail::parse_only )
 		result = zeek::detail::dns_mgr->LookupHost(yytext);
 	else
 		result = zeek::detail::dns_mgr->empty_addr_set();
 	RET_CONST(result.release());
 }
 \"([^\\\r\\\n\"]|{ESCSEQ})*\"	{
--- a/src/session/Manager.h
+++ b/src/session/Manager.h
@ -58,9 +58,6 @@ public:
    Manager();
    ~Manager();
    [[deprecated("Remove in v8.1 - no functionality. Use Drain() and Clear().")]]
    void Done() {};
    // Looks up the connection referred to by the given Val,
    // which should be a conn_id record.  Returns nil if there's
    // no such connection or the Val is ill-formed.
--- a/src/util.h
+++ b/src/util.h
@ -21,7 +21,7 @@
 #include <cstdio>
 #include <cstdlib>
 #include <cstring>
-#include <filesystem> // Remove in v8.1.
+#include <limits>
 #include <string>
 #include <string_view>
 #include <vector>
@ -100,10 +100,6 @@ constexpr int UID_POOL_CUSTOM_SCRIPT = 10; // First available custom script leve
 namespace zeek {
 // This alias is deprecated and should be removed in v8.1. There isn't a way to mark
 // it so the compiler will flag it.
 namespace filesystem = std::filesystem;
 class ODesc;
 class RecordVal;
--- a/src/zeek.bif
+++ b/src/zeek.bif
@ -2046,24 +2046,6 @@ function bare_mode%(%): bool
 	return zeek::val_mgr->Bool(zeek::run_state::detail::bare_mode);
 	%}
 ## Converts a record type name to a vector of strings, where each element is
 ## the name of a record field. Nested records are flattened.
 ##
 ## rt: The name of the record type.
 ##
 ## Returns: A string vector with the field names of *rt*.
 function record_type_to_vector%(rt: string%): string_vec &deprecated="Remove in v8.1: Consider using the ordered table from record_fields"
 	%{
 	auto result = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
 	zeek::RecordType* type = zeek::id::find_type(rt->CheckString())->AsRecordType();
 	for ( int i = 0; i < type->NumFields(); ++i )
 		result->Assign(i+1, zeek::make_intrusive<zeek::StringVal>(type->FieldName(i)));
 	return std::move(result);
 	%}
 ## Returns the type name of an arbitrary Zeek variable.
 ##
 ## t: An arbitrary object.
--- a/testing/btest/Baseline.zam/cluster.websocket.listen-idempotent/.stderr
+++ b/testing/btest/Baseline.zam/cluster.websocket.listen-idempotent/.stderr
@ -1,5 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-error in <...>/main.zeek, line 691: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_x))
+error in <...>/main.zeek, line 689: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_x))
-error in <...>/main.zeek, line 691: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_wss_port))
+error in <...>/main.zeek, line 689: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_wss_port))
-error in <...>/main.zeek, line 691: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_qs))
+error in <...>/main.zeek, line 689: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_qs))
 received termination signal
--- a/testing/btest/Baseline.zam/cluster.websocket.one-ipv6-deprecated/..manager..stderr
+++ b/testing/btest/Baseline.zam/cluster.websocket.one-ipv6-deprecated/..manager..stderr
@ -1,4 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in ../manager.zeek, line 12: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. ((coerce [$listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))] to Cluster::WebSocketServerOptions))
 warning in <no location>: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. (Cluster::WebSocketServerOptions($listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))))
 received termination signal
--- a/testing/btest/Baseline.zam/cluster.websocket.tls-usage-error/.stderr
+++ b/testing/btest/Baseline.zam/cluster.websocket.tls-usage-error/.stderr
@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-error in <...>/main.zeek, line 691: Invalid tls_options: No key_file field (Cluster::__listen_websocket(Cluster::options.0))
+error in <...>/main.zeek, line 689: Invalid tls_options: No key_file field (Cluster::__listen_websocket(Cluster::options.0))
-error in <...>/main.zeek, line 691: Invalid tls_options: No cert_file field (Cluster::__listen_websocket(Cluster::options.3))
+error in <...>/main.zeek, line 689: Invalid tls_options: No cert_file field (Cluster::__listen_websocket(Cluster::options.3))
--- a/testing/btest/Baseline/bifs.record_type_to_vector/out
+++ b/testing/btest/Baseline/bifs.record_type_to_vector/out
@ -1,2 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 [, ct, str1]
--- a/testing/btest/Baseline/broker.event-group-interaction/recv.recv.out
+++ b/testing/btest/Baseline/broker.event-group-interaction/recv.recv.out
@ -1,7 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 receiver added peer: endpoint=127.0.0.1 msg=handshake successful
 receiver got ping: my-message, 1
 receiver got ping: my-message, 2
 receiver got ping: my-message, 3
 receiver got ping: my-message, 4
 receiver got ping: my-message, 5
--- a/testing/btest/Baseline/broker.event-group-interaction/send.send.out
+++ b/testing/btest/Baseline/broker.event-group-interaction/send.send.out
@ -1,7 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 sender added peer: endpoint=127.0.0.1 msg=handshake successful
 sender got pong: my-message, 1
 sender got pong: my-message, 2
 sender got pong: my-message, 3
 sender got pong: my-message, 4
 sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer
--- a/testing/btest/Baseline/broker.remote_event_auto/recv.recv.out
+++ b/testing/btest/Baseline/broker.remote_event_auto/recv.recv.out
@ -1,7 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 receiver added peer: endpoint=127.0.0.1 msg=handshake successful
 receiver got ping: my-message, 1
 receiver got ping: my-message, 2
 receiver got ping: my-message, 3
 receiver got ping: my-message, 4
 receiver got ping: my-message, 5
--- a/testing/btest/Baseline/broker.remote_event_auto/send.send.out
+++ b/testing/btest/Baseline/broker.remote_event_auto/send.send.out
@ -1,7 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 sender added peer: endpoint=127.0.0.1 msg=handshake successful
 sender got pong: my-message, 1
 sender got pong: my-message, 2
 sender got pong: my-message, 3
 sender got pong: my-message, 4
 sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer
--- a/testing/btest/Baseline/broker.remote_event_auto_ts/recv.recv.out
+++ b/testing/btest/Baseline/broker.remote_event_auto_ts/recv.recv.out
@ -1,11 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 receiver added peer: endpoint=127.0.0.1 msg=handshake successful
 receiver got ping: my-message-a intended for 1989-12-12-22:00:00 stamped to 1989-12-12-22:00:00 (is_remote = T)
 receiver got ping: my-message-b intended for 1989-12-12-22:15:00 stamped to 1989-12-12-22:15:00 (is_remote = T)
 receiver got ping: my-message-c intended for 1989-12-12-22:30:00 stamped to 1989-12-12-22:30:00 (is_remote = T)
 receiver got ping: my-message-a intended for 1989-12-12-23:00:00 stamped to 1989-12-12-23:00:00 (is_remote = T)
 receiver got ping: my-message-b intended for 1989-12-12-23:15:00 stamped to 1989-12-12-23:15:00 (is_remote = T)
 receiver got ping: my-message-c intended for 1989-12-12-23:30:00 stamped to 1989-12-12-23:30:00 (is_remote = T)
 receiver got ping: my-message-a intended for 1989-12-13-00:00:00 stamped to 1989-12-13-00:00:00 (is_remote = T)
 receiver got ping: my-message-b intended for 1989-12-13-00:15:00 stamped to 1989-12-13-00:15:00 (is_remote = T)
 receiver got ping: my-message-c intended for 1989-12-13-00:30:00 stamped to 1989-12-13-00:30:00 (is_remote = T)
--- a/testing/btest/Baseline/broker.remote_event_auto_ts/send.send.out
+++ b/testing/btest/Baseline/broker.remote_event_auto_ts/send.send.out
@ -1,13 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 sender added peer: endpoint=127.0.0.1 msg=handshake successful
 >> Run 1 (1989-12-12-22:00:00)
 >> Run 2 (1989-12-12-23:00:00)
 >> Run 3 (1989-12-13-00:00:00)
 >> Run 4 (1989-12-13-01:00:00)
 >> Run 5 (1989-12-13-02:00:00)
 >> Run 6 (1989-12-13-03:00:00)
 >> Run 7 (1989-12-13-04:00:00)
 >> Run 8 (1989-12-13-05:00:00)
 >> Run 9 (1989-12-13-06:00:00)
 >> Run 10 (1989-12-13-07:00:00)
 sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer
--- a/testing/btest/Baseline/broker.web-socket-events-metadata/client.output
+++ b/testing/btest/Baseline/broker.web-socket-events-metadata/client.output
@ -1,4 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ping args ['my-message', 1] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:14.000'}]}]
 ping args ['my-message', 2] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:24.000'}]}]
 ping args ['my-message', 3] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:34.000'}]}]
--- a/testing/btest/Baseline/broker.web-socket-events-metadata/server.output
+++ b/testing/btest/Baseline/broker.web-socket-events-metadata/server.output
@ -1,6 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 sender added peer: endpoint=127.0.0.1 msg=handshake successful
 sender got pong: my-message, 1 network_time=1681819994.0 current_event_time=1681819995.0
 sender got pong: my-message, 2 network_time=1681820004.0 current_event_time=1681819996.0
 sender got pong: my-message, 3 network_time=1681820014.0 current_event_time=1681819997.0
 sender lost peer: endpoint=127.0.0.1 msg=lost connection to client
--- a/testing/btest/Baseline/broker.web-socket-events/client.output
+++ b/testing/btest/Baseline/broker.web-socket-events/client.output
@ -1,4 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ping ['my-message', 1]
 ping ['my-message', 2]
 ping ['my-message', 3]
--- a/testing/btest/Baseline/broker.web-socket-events/server.output
+++ b/testing/btest/Baseline/broker.web-socket-events/server.output
@ -1,6 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 sender added peer: endpoint=127.0.0.1 msg=handshake successful
 sender got pong: my-message, 1
 sender got pong: my-message, 2
 sender got pong: my-message, 3
 sender lost peer: endpoint=127.0.0.1 msg=lost connection to client
--- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client..stderr
+++ b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client..stderr
@ -1 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client.out
+++ b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client.out
@ -1,12 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 Connected
 Sending ping 0
 topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 1}]
 Sending ping 1
 topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 2}]
 Sending ping 2
 topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 3}]
 Sending ping 3
 topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 4}]
 Sending ping 4
 topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 5}]
--- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager..stderr
+++ b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager..stderr
@ -1,3 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in ../manager.zeek, line 12: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. ((coerce [$listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))] to Cluster::WebSocketServerOptions))
 received termination signal
--- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager.out
+++ b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager.out
@ -1,8 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 Cluster::websocket_client_added, [/test/pings, /zeek/wstest/ws1/]
 got ping: ping 0, 0
 got ping: ping 1, 1
 got ping: ping 2, 2
 got ping: ping 3, 3
 got ping: ping 4, 4
 Cluster::websocket_client_lost
--- a/testing/btest/Baseline/core.dns-init/.stderr
+++ b/testing/btest/Baseline/core.dns-init/.stderr
@ -1,2 +1 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in <...>/dns-init.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname().
--- a/testing/btest/Baseline/core.fake_dns/err
+++ b/testing/btest/Baseline/core.fake_dns/err
@ -1,5 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in <...>/fake_dns.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname().
 warning in <...>/fake_dns.zeek, line 9: Remove in v8.1: DNS lookup of host literal 'bing.com' is deprecated. Replace with blocking_lookup_hostname().
 warning in <...>/fake_dns.zeek, line 10: Remove in v8.1: DNS lookup of host literal 'yahoo.com' is deprecated. Replace with blocking_lookup_hostname().
 received termination signal
--- a/testing/btest/Baseline/core.hostname-literal-resolve/err
+++ b/testing/btest/Baseline/core.hostname-literal-resolve/err
@ -1,2 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname().
--- a/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only
+++ b/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only
@ -1,2 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname().
--- a/testing/btest/Baseline/core.hostname-literal-resolve/out
+++ b/testing/btest/Baseline/core.hostname-literal-resolve/out
@ -1,4 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 dns.example.com, {
 9fb0:8c56:531e:72ee:ca2b:4c97:da18:3a6
 }
--- a/testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only
+++ b/testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only
@ -1 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/Baseline/coverage.bare-mode-errors/errors
+++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors
@ -1,5 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ### NOTE: This file has been sorted with diff-sort.
 warning in <...>/detect-protocols.zeek, line 1: deprecated script loaded from command line arguments ("frameworks<...>/detect-protocols.zeek moved to frameworks<...>/detect-protocols.zeek. Please switch to frameworks<...>/detect-protocols.zeek. Remove in 8.1")
 warning in <...>/detect-sqli.zeek, line 16: deprecated script loaded from command line arguments "Remove in v8.1: Switch to the improved detect-sql-injection script"
 warning in <...>/packet-segment-logging.zeek, line 1: deprecated script loaded from command line arguments ("Please switch to frameworks<...>/packet-segment-logging, which logs to analyzer.log. Remove in 8.1")
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@ -10,7 +10,6 @@ dce_rpc
 dhcp
 dnp3
 dns
 dpd
 files
 ftp
 http
--- a/testing/btest/Baseline/language.optional-and-default-field/.stderr
+++ b/testing/btest/Baseline/language.optional-and-default-field/.stderr
@ -1,6 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in <...>/optional-and-default-field.zeek, line 10: Remove in v8.1: Using &default and &optional together results in &default behavior
 warning in <...>/optional-and-default-field.zeek, line 11: Remove in v8.1: Using &default and &optional together results in &default behavior
 warning in <...>/optional-and-default-field.zeek, line 12: Remove in v8.1: Using &default and &optional together results in &default behavior
 warning in <...>/optional-and-default-field.zeek, line 13: Remove in v8.1: Using &default and &optional together results in &default behavior
 warning in <...>/optional-and-default-field.zeek, line 14: Remove in v8.1: Using &default and &optional together results in &default behavior
--- a/testing/btest/Baseline/language.optional-and-default-field/.stdout
+++ b/testing/btest/Baseline/language.optional-and-default-field/.stdout
@ -1,2 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 [c=5, i=-5, v=[], r0=[], r1=[]]
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -102,7 +102,6 @@
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
@ -1045,7 +1044,6 @@
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
@ -1987,7 +1985,6 @@
 0.000000 | HookCallFunction Option::set_change_handler(Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
--- a/testing/btest/Baseline/scripts.base.protocols.dns.binds/output
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.binds/output
@ -1,17 +1,17 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=32018, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=32018, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=2196, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=2196, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=12994, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=12994, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=23868, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=23868, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=37611, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=37611, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=9551, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=9551, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=48254, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=48254, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=33130, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=33130, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=15141, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=15141, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=41675, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=41675, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=63711, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=63711, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=65395, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=65395, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=31400, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=31400, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=60289, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=60289, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=31000, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=31000, removal_flag=0, complete_flag=1, is_query=0]
-BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=40187, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
+BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=40187, removal_flag=0, complete_flag=1, is_query=0]
--- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-invalid-reply-code.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-invalid-reply-code.log
@ -1,11 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
 XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	51354	127.0.0.1	21	tcp	FTP	non-numeric reply code [99 PASV invalid]
 #close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-missing-space-after-reply-code.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-missing-space-after-reply-code.log
@ -1,11 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
 XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	51346	127.0.0.1	21	tcp	FTP	invalid reply line [230_no_space]
 #close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-gtp9_unknown_or_too_short_payload.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-gtp9_unknown_or_too_short_payload.log
@ -1,11 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
 XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	173.86.159.28	2152	213.72.147.186	2152	udp	GTPV1	Truncated GTPv1
 #close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-http-11-request-then-cruft.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-http-11-request-then-cruft.log
@ -1,11 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
 XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.12.5	51792	192.0.78.212	80	tcp	HTTP	not a http request line
 #close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ntlm-empty-av-sequence.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ntlm-empty-av-sequence.log
@ -1,11 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
 XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.0.173	1068	192.168.0.2	4997	tcp	NTLM	NTLM AV Pair loop underflow
 #close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Baseline/scripts.policy.frameworks.dpd.packet-segment-logging/dpd.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.dpd.packet-segment-logging/dpd.log
@ -1,11 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason	packet_segment
 #types	time	string	addr	port	addr	port	enum	string	string	string
 XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	2001:470:1f05:17a6:d69a:20ff:fefd:6b88	24316	2001:6a8:a40::21	21	tcp	FTP	non-numeric reply code [SSH-2.0-mod_sftp/0.9.7]	\xd4\x9a \xfdk\x88\x00\x80\xc8\xb9\xc2\x06\x86\xdd`\x00\x00\x00\x00t\x067 \x01\x06\xa8\x0a@\x00\x00\x00\x00\x00\x00\x00\x00\x00! \x01\x04p\x1f\x05\x17\xa6\xd6\x9a \xff\xfe\xfdk\x88\x00\x15^\xfc\x1f]\xed\x1b\xa9\x9f`\xf1P\x18\x00\x09~n\x00\x00SSH-2.0-mod_sftp/0.9.7\x0d\x0a\x00\x00\x00D\x08\x01\x00\x00\x00\x0c\x00\x00\x00)Maximum connections for host/user reached\x00\x00\x00\x05en-USI\xf8\xb9C\xae\xcf`\xc4
 #close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/http.log.cut
+++ b/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/http.log.cut
@ -1,5 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 uid	method	host	uri	tags
 ClEkJM2Vm5giqnMf4h	GET	192.168.111.154	/dvwa/vulnerabilities/sqli/?id=1'+OR+'1'='1&Submit=Submit	HTTP::URI_SQLI
 C4J4Th3PJpwUYZZ6gc	GET	192.168.111.154	/dvwa/vulnerabilities/sqli/?id=1'+UNION+SELECT+NULL,+version()+#&Submit=Submit	HTTP::URI_SQLI
 CtPZjS20MLrsMUOJi2	GET	192.168.111.154	/dvwa/vulnerabilities/sqli/?id=2'+OR+'2'='2&Submit=Submit	HTTP::URI_SQLI
--- a/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/output
+++ b/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/output
@ -1,4 +0,0 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ClEkJM2Vm5giqnMf4h, [orig_h=192.168.111.148, orig_p=53796/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a}
 C4J4Th3PJpwUYZZ6gc, [orig_h=192.168.111.148, orig_p=57524/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a}
 CtPZjS20MLrsMUOJi2, [orig_h=192.168.111.148, orig_p=40112/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a}
--- a/testing/btest/bifs/record_type_to_vector.zeek
+++ b/testing/btest/bifs/record_type_to_vector.zeek
@ -1,13 +0,0 @@
 #
 # @TEST-EXEC: zeek -b %INPUT >out
 # @TEST-EXEC: btest-diff out
 type myrecord: record {
  ct: count;
  str1: string;
 };
 event zeek_init()
 	{
 	print record_type_to_vector("myrecord");
 	}
--- a/testing/btest/broker/event-group-interaction.zeek
+++ b/testing/btest/broker/event-group-interaction.zeek
@ -1,119 +0,0 @@
 # @TEST-DOC: Disabling an unrelated event group caused auto-publish to break because the remote event had no bodies and got disabled. This is a regression test it's not being done again.
 #
 # Remove in v8.1 when auto_publish() is removed.
 #
 # @TEST-GROUP: broker
 #
 # @TEST-PORT: BROKER_PORT
 #
 # @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
 # @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out"
 #
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
 # @TEST-START-FILE send.zeek
 global event_count = 0;
 global ping: event(msg: string, c: count);
 event zeek_init()
 	{
 	Broker::subscribe("zeek/event/my_topic");
 	Broker::auto_publish("zeek/event/my_topic", ping);
 	Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
 	}
 function send_event()
 	{
 	event ping("my-message", ++event_count);
 	}
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
 	send_event();
 	}
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
 	terminate();
 	}
 event pong(msg: string, n: count) &is_used
 	{
 	print fmt("sender got pong: %s, %s", msg, n);
 	send_event();
 	}
 module TestDumpEvents;
 event pong(msg: string, n: count) &is_used
 	{
 	print fmt("ERROR: This should not be visible: %s, %s", msg, n);
 	}
 event zeek_init()
 	{
 	disable_module_events("TestDumpEvents");
 	}
 # @TEST-END-FILE
 # @TEST-START-FILE recv.zeek
 redef exit_only_after_terminate = T;
 const events_to_recv = 5;
 global pong: event(msg: string, c: count);
 event zeek_init()
 	{
 	Broker::subscribe("zeek/event/my_topic");
 	Broker::auto_publish("zeek/event/my_topic", pong);
 	Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
 	}
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print fmt("receiver added peer: endpoint=%s msg=%s",
 	endpoint$network$address, msg);
 	}
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print fmt("receiver lost peer: endpoint=%s msg=%s",
 	endpoint$network$address, msg);
 	}
 event ping(msg: string, n: count) &is_used
 	{
 	print fmt("receiver got ping: %s, %s", msg, n);
 	if ( n == events_to_recv )
 		{
 		terminate();
 		return;
 		}
 	event pong(msg, n);
 	}
 module TestDumpEvents;
 event ping(msg: string, n: count) &is_used
 	{
 	print fmt("ERROR: This should not be visible: %s, %s", msg, n);
 	}
 event zeek_init()
 	{
 	disable_module_events("TestDumpEvents");
 	}
 # @TEST-END-FILE
--- a/testing/btest/broker/remote_event_auto.zeek
+++ b/testing/btest/broker/remote_event_auto.zeek
@ -1,98 +0,0 @@
 # Remove in v8.1 when auto_publish() is gone.
 #
 # @TEST-GROUP: broker
 #
 # @TEST-PORT: BROKER_PORT
 #
 # @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
 # @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out"
 #
 # @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
 # @TEST-START-FILE send.zeek
 redef exit_only_after_terminate = T;
 global event_count = 0;
 global ping: event(msg: string, c: count);
 event zeek_init()
    {
    Broker::subscribe("zeek/event/my_topic");
    Broker::auto_publish("zeek/event/my_topic", ping);
    Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
    }
 function send_event()
    {
    event ping("my-message", ++event_count);
    }
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
    {
    print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
    send_event();
    }
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
    {
    print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
    terminate();
    }
 event pong(msg: string, n: count)
    {
    print fmt("sender got pong: %s, %s", msg, n);
    send_event();
    }
 # @TEST-END-FILE
 # @TEST-START-FILE recv.zeek
 redef exit_only_after_terminate = T;
 const events_to_recv = 5;
 global handler: event(msg: string, c: count);
 global auto_handler: event(msg: string, c: count);
 global pong: event(msg: string, c: count);
 event zeek_init()
        {
        Broker::subscribe("zeek/event/my_topic");
        Broker::auto_publish("zeek/event/my_topic", pong);
        Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
        }
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
        {
        print fmt("receiver added peer: endpoint=%s msg=%s",
        endpoint$network$address, msg);
        }
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
        {
        print fmt("receiver lost peer: endpoint=%s msg=%s",
        endpoint$network$address, msg);
        }
 event ping(msg: string, n: count)
        {
        print fmt("receiver got ping: %s, %s", msg, n);
        if ( n == events_to_recv )
                {
                terminate();
                return;
                }
 	event pong(msg, n);
        }
 # @TEST-END-FILE
--- a/testing/btest/broker/remote_event_auto_ts.zeek
+++ b/testing/btest/broker/remote_event_auto_ts.zeek
@ -1,89 +0,0 @@
 # Remove in v8.1 when auto_publish() is gone.
 #
 # Not compatible with -O C++ testing since includes two distinct scripts.
 # @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1"
 #
 # @TEST-GROUP: broker
 #
 # @TEST-PORT: BROKER_PORT
 #
 # @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
 # @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/ticks-dns-1hr.pcap ../send.zeek >send.out"
 #
 # @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
 # @TEST-START-FILE send.zeek
 redef exit_only_after_terminate = T;
 redef EventMetadata::add_network_timestamp = T;
 global runs = 0;
 global ping: event(msg: string, intended_ts: time);
 event zeek_init()
 	{
 	suspend_processing();
 	Broker::subscribe("zeek/event/my_topic");
 	Broker::auto_publish("zeek/event/my_topic", ping);
 	Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
 	}
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print fmt("sender added peer: endpoint=%s msg=%s",
 		endpoint$network$address, msg);
 	continue_processing();
 	}
 event new_connection(c: connection)
 	{
 	print fmt(">> Run %s (%D)", ++runs, network_time());
 	event ping("my-message-a", network_time());
 	schedule 30 mins { ping("my-message-c", network_time() + 30 mins) };
 	schedule 15 mins { ping("my-message-b", network_time() + 15 mins) };
 	}
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print fmt("sender lost peer: endpoint=%s msg=%s",
 	endpoint$network$address, msg);
 	terminate();
 	}
 # @TEST-END-FILE
 # @TEST-START-FILE recv.zeek
 redef exit_only_after_terminate = T;
 redef EventMetadata::add_network_timestamp = T;
 global msg_count = 0;
 event zeek_init()
 	{
 	Broker::subscribe("zeek/event/my_topic");
 	Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
 	}
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print fmt("receiver added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
 	}
 event ping(msg: string, intended_ts: time) &is_used
 	{
 	if ( ++msg_count >= 10 )
 		{
 		terminate();
 		return;
 		}
 	print fmt("receiver got ping: %s intended for %D stamped to %D (is_remote = %s)",
 		msg, intended_ts, current_event_time(), is_remote_event());
 	}
 # @TEST-END-FILE
--- a/testing/btest/broker/web-socket-events-metadata.zeek
+++ b/testing/btest/broker/web-socket-events-metadata.zeek
@ -1,153 +0,0 @@
 # @TEST-GROUP: broker
 #
 # This test requires the websockets module, available via
 # "pip install websockets".
 # @TEST-REQUIRES: python3 -c 'import websockets'
 #
 # @TEST-PORT: BROKER_PORT
 #
 # @TEST-EXEC: btest-bg-run server "zeek -b %INPUT >output"
 # @TEST-EXEC: btest-bg-run client "python3 ../client.py >output"
 #
 # @TEST-EXEC: btest-bg-wait 5
 # @TEST-EXEC: btest-diff client/output
 # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff server/output
 redef allow_network_time_forward = F;
 redef exit_only_after_terminate = T;
 redef Broker::disable_ssl = T;
 redef EventMetadata::add_network_timestamp = T;
 global event_count = 0;
 global ping: event(msg: string, c: count);
 event zeek_init()
    {
    # Tue 18 Apr 2023 12:13:14 PM UTC
    set_network_time(double_to_time(1681819994.0));
    Broker::subscribe("/zeek/event/my_topic");
    Broker::listen_websocket("127.0.0.1", to_port(getenv("BROKER_PORT")));
    }
 event send_event()
    {
    ++event_count;
    local e = Broker::make_event(ping, "my-message", event_count);
    Broker::publish("/zeek/event/my_topic", e);
    }
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
    {
    print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
    event send_event();
    }
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
    {
    print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
    terminate();
    }
 event pong(msg: string, n: count) &is_used
    {
    print fmt("sender got pong: %s, %s network_time=%s current_event_time=%s",
              msg, n, network_time(), current_event_time());
    set_network_time(network_time() + 10sec);
    # pong is a remote event and a Broker::publish() would take
    # current_event_time() as the network time for Broker::publish(),
    # prevent this by queuing a new send_event().
    event send_event();
    }
 # @TEST-START-FILE client.py
 import asyncio, datetime, websockets, os, time, json, sys
 ws_port = os.environ['BROKER_PORT'].split('/')[0]
 ws_url = 'ws://localhost:%s/v1/messages/json' % ws_port
 topic = '"/zeek/event/my_topic"'
 def broker_value(type, val):
    return {
            '@data-type': type,
            'data': val
            }
 async def do_run():
    # Try up to 30 times.
    connected  = False
    for i in range(30):
        try:
            ws = await websockets.connect(ws_url)
            connected  = True
            # send filter and wait for ack
            await ws.send('[%s]' % topic)
            ack_json = await ws.recv()
            ack = json.loads(ack_json)
            if not 'type' in ack or ack['type'] != 'ack':
                print('*** unexpected ACK from server:')
                print(ack_json)
                sys.exit()
        except Exception as e:
            if not connected:
                print('failed to connect to %s, try again (%s)' % (ws_url, e), file=sys.stderr)
                await asyncio.sleep(1)
                continue
            else:
                print('exception: %s' % e, file=sys.stderr)
                sys.exit()
        for round in range(3):
            # wait for ping
            msg = await ws.recv()
            msg = json.loads(msg)
            if not 'type' in msg or msg['type'] != 'data-message':
                print("unexpected type", msg)
                continue
            ping = msg['data'][2]['data']
            if len(ping) < 3:
                print("no metadata on event")
                continue
            name = ping[0]['data']
            args = [x['data'] for x in ping[1]['data']]
            metadata = ping[2]['data']
            print(name, "args", args, "metadata", metadata)
            # send pong
            dt = datetime.datetime.utcfromtimestamp(1681819994 + args[1])
            ts_str = dt.isoformat('T', 'milliseconds')
            pong = [
                broker_value('string', 'pong'),
                broker_value('vector', [
                    broker_value('string', args[0]),
                    broker_value('count', args[1]),
                ]),
                broker_value('vector', [
                    broker_value('vector', [
                        broker_value('count', 1),  # network_timestamp
                        broker_value('timestamp', ts_str),
                    ]),
                ]),
           ]
            ev = [broker_value('count', 1), broker_value('count', 1), broker_value('vector', pong)]
            msg = {
                'type': 'data-message',
                'topic': '/zeek/event/my_topic',
                '@data-type': 'vector', 'data': ev
            }
            msg = json.dumps(msg)
            await ws.send(msg)
        await ws.close()
        sys.exit()
 loop = asyncio.get_event_loop()
 loop.run_until_complete(do_run())
 # @TEST-END-FILE
--- a/testing/btest/broker/web-socket-events.zeek
+++ b/testing/btest/broker/web-socket-events.zeek
@ -1,128 +0,0 @@
 # @TEST-GROUP: broker
 #
 # This test requires the websockets module, available via
 # "pip install websockets".
 # @TEST-REQUIRES: python3 -c 'import websockets'
 #
 # @TEST-PORT: BROKER_PORT
 #
 # @TEST-EXEC: btest-bg-run server "zeek -b %INPUT >output"
 # @TEST-EXEC: btest-bg-run client "python3 ../client.py >output"
 #
 # @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff client/output
 # @TEST-EXEC: btest-diff server/output
 redef exit_only_after_terminate = T;
 redef Broker::disable_ssl = T;
 global event_count = 0;
 global ping: event(msg: string, c: count);
 event zeek_init()
    {
    Broker::subscribe("/zeek/event/my_topic");
    Broker::listen_websocket("127.0.0.1", to_port(getenv("BROKER_PORT")));
    }
 function send_event()
    {
    ++event_count;
    local e = Broker::make_event(ping, "my-message", event_count);
    Broker::publish("/zeek/event/my_topic", e);
    }
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
    {
    print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
    send_event();
    }
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
    {
    print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
    terminate();
    }
 event pong(msg: string, n: count) &is_used
    {
    print fmt("sender got pong: %s, %s", msg, n);
    send_event();
    }
 # @TEST-START-FILE client.py
 import asyncio, websockets, os, time, json, sys
 ws_port = os.environ['BROKER_PORT'].split('/')[0]
 ws_url = 'ws://localhost:%s/v1/messages/json' % ws_port
 topic = '"/zeek/event/my_topic"'
 def broker_value(type, val):
    return {
            '@data-type': type,
            'data': val
            }
 async def do_run():
    # Try up to 30 times.
    connected  = False
    for i in range(30):
        try:
            ws = await websockets.connect(ws_url)
            connected  = True
            # send filter and wait for ack
            await ws.send('[%s]' % topic)
            ack_json = await ws.recv()
            ack = json.loads(ack_json)
            if not 'type' in ack or ack['type'] != 'ack':
                print('*** unexpected ACK from server:')
                print(ack_json)
                sys.exit()
        except Exception as e:
            if not connected:
                print('failed to connect to %s, try again (%s)' % (ws_url, e), file=sys.stderr)
                await asyncio.sleep(1)
                continue
            else:
                print('exception: %s' % e, file=sys.stderr)
                sys.exit()
        for round in range(3):
            # wait for ping
            msg = await ws.recv()
            msg = json.loads(msg)
            if not 'type' in msg or msg['type'] != 'data-message':
                continue
            ping = msg['data'][2]['data']
            name = ping[0]['data']
            args = [x['data'] for x in ping[1]['data']]
            print(name, args)
            # send pong
            pong = [broker_value('string', 'pong'),
                    broker_value('vector', [
                    broker_value('string', args[0]),
                    broker_value('count', args[1])
                    ])]
            ev = [broker_value('count', 1), broker_value('count', 1), broker_value('vector', pong)]
            msg = {
                'type': 'data-message',
                'topic': '/zeek/event/my_topic',
                '@data-type': 'vector', 'data': ev
            }
            msg = json.dumps(msg)
            await ws.send(msg)
        await ws.close()
        sys.exit()
 loop = asyncio.get_event_loop()
 loop.run_until_complete(do_run())
 # @TEST-END-FILE
--- a/testing/btest/cluster/websocket/one-ipv6-deprecated.zeek
+++ b/testing/btest/cluster/websocket/one-ipv6-deprecated.zeek
@ -1,85 +0,0 @@
 # @TEST-DOC: Use listen_host to listen on an IPv6 address, otherwise same as one-ipv6.zeek
 #
 # @TEST-REQUIRES: have-zeromq
 # @TEST-REQUIRES: python3 -c 'import websockets.sync'
 # @TEST-REQUIRES: can-listen-tcp 6 ::1
 #
 # @TEST-GROUP: cluster-zeromq
 #
 # @TEST-PORT: XPUB_PORT
 # @TEST-PORT: XSUB_PORT
 # @TEST-PORT: LOG_PULL_PORT
 # @TEST-PORT: WEBSOCKET_PORT
 #
 # @TEST-EXEC: cp $FILES/zeromq/cluster-layout-simple.zeek cluster-layout.zeek
 # @TEST-EXEC: cp $FILES/zeromq/test-bootstrap.zeek zeromq-test-bootstrap.zeek
 # @TEST-EXEC: cp $FILES/ws/wstest.py .
 #
 # @TEST-EXEC: zeek -b --parse-only manager.zeek
 # @TEST-EXEC: python3 -m py_compile client.py
 #
 # @TEST-EXEC: btest-bg-run manager "ZEEKPATH=$ZEEKPATH:.. && CLUSTER_NODE=manager zeek -b ../manager.zeek >out"
 # @TEST-EXEC: btest-bg-run client "python3 ../client.py >out"
 #
 # @TEST-EXEC: btest-bg-wait 30
 # @TEST-EXEC: btest-diff ./manager/out
 # @TEST-EXEC: btest-diff ./manager/.stderr
 # @TEST-EXEC: btest-diff ./client/out
 # @TEST-EXEC: btest-diff ./client/.stderr
 # @TEST-START-FILE manager.zeek
@load ./zeromq-test-bootstrap
 redef exit_only_after_terminate = T;
 global ping_count = 0;
 global ping: event(msg: string, c: count) &is_used;
 global pong: event(msg: string, c: count) &is_used;
 event zeek_init()
 	{
 	Cluster::subscribe("/test/pings/");
 	Cluster::listen_websocket([$listen_host="::1", $listen_port=to_port(getenv("WEBSOCKET_PORT"))]);
 	}
 event ping(msg: string, n: count) &is_used
 	{
 	++ping_count;
 	print fmt("got ping: %s, %s", msg, n);
 	local e = Cluster::make_event(pong, "my-message", ping_count);
 	Cluster::publish("/test/pings", e);
 	}
 event Cluster::websocket_client_added(info: Cluster::EndpointInfo, subscriptions: string_vec)
 	{
 	print "Cluster::websocket_client_added", subscriptions;
 	}
 event Cluster::websocket_client_lost(info: Cluster::EndpointInfo, code: count, reason: string)
 	{
 	print "Cluster::websocket_client_lost";
 	terminate();
 	}
 # @TEST-END-FILE
 # @TEST-START-FILE client.py
 # @TEST-START-FILE client.py
 import wstest
 def run(ws_url):
    with wstest.connect("ws1", ws_url) as tc:
        print("Connected")
        tc.hello_v1(["/test/pings"])
        for i in range(5):
            print("Sending ping", i)
            tc.send_json(wstest.build_event_v1("/test/pings/", "ping", [f"ping {i}", i]))
            pong = tc.recv_json()
            assert pong["@data-type"] == "vector"
            ev = pong["data"][2]["data"]
            print("topic", pong["topic"], "event name", ev[0]["data"], "args", ev[1]["data"])
 if __name__ == "__main__":
    wstest.main(run, wstest.WS6_URL_V1)
 # @TEST-END-FILE
--- a/testing/btest/core/dns-init.zeek
+++ b/testing/btest/core/dns-init.zeek
@ -1,11 +1,11 @@
-# We once had a bug where DNS lookups at init time lead to an immediate crash. 
+# We once had a bug where DNS lookups at init time lead to an immediate crash.
 #
 # @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
 # @TEST-EXEC: btest-diff .stdout
 const foo: set[addr] = {
-     google.com
+     blocking_lookup_hostname("google.com")
 };
 print foo;
--- a/testing/btest/core/fake_dns.zeek
+++ b/testing/btest/core/fake_dns.zeek
@ -5,9 +5,9 @@
 redef exit_only_after_terminate = T;
 global addrs: set[addr] = {
-	google.com,
+	blocking_lookup_hostname("google.com"),
-	bing.com,
+	blocking_lookup_hostname("bing.com"),
-	yahoo.com
+	blocking_lookup_hostname("yahoo.com")
 };
 global c: count = 0;
--- a/Show more
+++ b/Show more
		`@ -1,3 +0,0 @@`
			`@deprecated("frameworks/dpd/detect-protocols.zeek moved to frameworks/analyzer/detect-protocols.zeek. Please switch to frameworks/analyzer/detect-protocols.zeek. Remove in 8.1")`

			`@load frameworks/analyzer/detect-protocols.zeek`
		`@ -1,2 +0,0 @@`
			`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`
			`[, ct, str1]`
		`@ -1 +0,0 @@`
			`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`
`@ -1,2 +1 @@`
	`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`	`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`
	`warning in <...>/dns-init.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname().`
		`@ -1,2 +0,0 @@`
			`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`
			`warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname().`
		`@ -1,2 +0,0 @@`
			`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`
			`[c=5, i=-5, v=[], r0=[], r1=[]]`