Convert some redef-able constants to runtime options

scripts/policy/protocols/http/header-names.bro

@@ -18,10 +18,10 @@ export {
 	};
 	
 	## A boolean value to determine if client header names are to be logged.
-	const log_client_header_names = T &redef;
+	option log_client_header_names = T;
 	
 	## A boolean value to determine if server header names are to be logged.
-	const log_server_header_names = F &redef;
+	option log_server_header_names = F;
 }
 
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3

scripts/policy/protocols/smb/main.bro

@@ -32,19 +32,19 @@ export {
 	};
 
 	## The file actions which are logged.
-	const logged_file_actions: set[Action] = {
+	option logged_file_actions: set[Action] = {
 		FILE_OPEN,
 		FILE_RENAME,
 		FILE_DELETE,
 
 		PRINT_OPEN,
 		PRINT_CLOSE,
-	} &redef;
+	};
 
 	## The server response statuses which are *not* logged.
-	const ignored_command_statuses: set[string] = {
+	option ignored_command_statuses: set[string] = {
 		"MORE_PROCESSING_REQUIRED",
-	} &redef;
+	};
 	
 	## This record is for the smb_files.log
 	type FileInfo: record {
@@ -159,7 +159,7 @@ export {
 
 	## Optionally write out the SMB commands log.  This is 
 	## primarily useful for debugging so is disabled by default.
-	const write_cmd_log = F &redef;
+	option write_cmd_log = F;
 
 	## Everything below here is used internally in the SMB scripts.
 

scripts/policy/protocols/smtp/detect-suspicious-orig.bro

@@ -11,8 +11,8 @@ export {
 	## Places where it's suspicious for mail to originate from represented
 	## as all-capital, two character country codes (e.g., US).  It requires 
 	## libGeoIP support built in.
-	const suspicious_origination_countries: set[string] = {} &redef;
-	const suspicious_origination_networks: set[subnet] = {} &redef;
+	option suspicious_origination_countries: set[string] = {};
+	option suspicious_origination_networks: set[subnet] = {};
 
 }
 

scripts/policy/protocols/smtp/entities-excerpt.bro

@@ -14,7 +14,7 @@ export {
 	## This is the default value for how much of the entity body should be
 	## included for all MIME entities.  The lesser of this value and
 	## :bro:see:`default_file_bof_buffer_size` will be used.
-	const default_entity_excerpt_len = 0 &redef;
+	option default_entity_excerpt_len = 0;
 }
 
 event file_new(f: fa_file) &priority=5

scripts/policy/protocols/ssh/geo-data.bro

@@ -21,7 +21,7 @@ export {
 
 	## The set of countries for which you'd like to generate notices upon
 	## successful login.
-	const watched_countries: set[string] = {"RO"} &redef;
+	option watched_countries: set[string] = {"RO"};
 }
 
 function get_location(c: connection): geo_location

scripts/policy/protocols/ssl/expiring-certs.bro

@@ -27,11 +27,11 @@ export {
 	## notices will be suppressed by the notice framework for 1 day after 
 	## a particular certificate has had a notice generated.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
-	const notify_certs_expiration = LOCAL_HOSTS &redef;
+	option notify_certs_expiration = LOCAL_HOSTS;
 	
 	## The time before a certificate is going to expire that you would like
 	## to start receiving :bro:enum:`SSL::Certificate_Expires_Soon` notices.
-	const notify_when_cert_expiring_in = 30days &redef;
+	option notify_when_cert_expiring_in = 30days;
 }
 
 event ssl_established(c: connection) &priority=3

scripts/policy/protocols/ssl/weak-keys.bro

@@ -21,24 +21,24 @@ export {
 	## keys/ciphers/protocol_versions.  By default, these notices will be suppressed
 	## by the notice framework for 1 day after a particular host has had a notice
 	## generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
-	const notify_weak_keys = LOCAL_HOSTS &redef;
+	option notify_weak_keys = LOCAL_HOSTS;
 
 	## The minimal key length in bits that is considered to be safe. Any shorter
 	## (non-EC) key lengths will trigger a notice.
-	const notify_minimal_key_length = 2048 &redef;
+	option notify_minimal_key_length = 2048;
 
 	## Warn if the DH key length is smaller than the certificate key length. This is
 	## potentially unsafe because it gives a wrong impression of safety due to the
 	## certificate key length. However, it is very common and cannot be avoided in some
 	## settings (e.g. with old jave clients).
-	const notify_dh_length_shorter_cert_length = T &redef;
+	option notify_dh_length_shorter_cert_length = T;
 
 	## Warn if a server negotiates a SSL session with a protocol version smaller than
 	## the specified version. By default, the minimal version is TLSv10 because SSLv2
 	## and v3 have serious security issued.
 	## See https://tools.ietf.org/html/draft-thomson-sslv3-diediedie-00
 	## To disable, set to SSLv20
-	const tls_minimum_version = TLSv10 &redef;
+	option tls_minimum_version = TLSv10;
 
 	## Warn if a server negotiates an unsafe cipher suite. By default, we only warn when
 	## encountering old export cipher suites, or RC4 (see RFC7465).