Convert some redef-able constants to runtime options

scripts/base/frameworks/netcontrol/catch-and-release.bro

@@ -142,7 +142,7 @@ export {
 
 	## If true, catch and release warns if packets of an IP address are still seen after it
 	## should have been blocked.
-	const catch_release_warn_blocked_ip_encountered = F &redef;
+	option catch_release_warn_blocked_ip_encountered = F;
 
 	## Time intervals for which subsequent drops of the same IP take
 	## effect.

scripts/base/frameworks/notice/main.bro

@@ -201,14 +201,14 @@ export {
 	## Address that emails will be from.
 	##
 	## Note that this is overridden by the BroControl MailFrom option.
-	const mail_from           = "Big Brother <bro@localhost>" &redef;
+	option mail_from           = "Big Brother <bro@localhost>";
 	## Reply-to address used in outbound email.
-	const reply_to            = "" &redef;
+	option reply_to            = "";
 	## Text string prefixed to the subject of all emails sent out.
 	##
 	## Note that this is overridden by the BroControl MailSubjectPrefix
 	## option.
-	const mail_subject_prefix = "[Bro]" &redef;
+	option mail_subject_prefix = "[Bro]";
 	## The maximum amount of time a plugin can delay email from being sent.
 	const max_email_delay     = 15secs &redef;
 

scripts/base/protocols/dhcp/main.bro

@@ -77,7 +77,7 @@ export {
 	## The maximum amount of time that a transation ID will be watched
 	## for to try and tie messages together into a single DHCP
 	## transaction narrative.
-	const DHCP::max_txid_watch_time = 30secs &redef;
+	option DHCP::max_txid_watch_time = 30secs;
 
 	## This event is used internally to distribute data around clusters
 	## since DHCP doesn't follow the normal "connection" model used by

scripts/base/protocols/ftp/main.bro

@@ -17,13 +17,13 @@ export {
 	redef enum Log::ID += { LOG };
 
 	## List of commands that should have their command/response pairs logged.
-	const logged_commands = {
+	option logged_commands = {
 		"APPE", "DELE", "RETR", "STOR", "STOU", "ACCT", "PORT", "PASV", "EPRT",
 		"EPSV"
-	} &redef;
+	};
 
 	## User IDs that can be considered "anonymous".
-	const guest_ids = { "anonymous", "ftp", "ftpuser", "guest" } &redef;
+	option guest_ids = { "anonymous", "ftp", "ftpuser", "guest" };
 
 	## This record is to hold a parsed FTP reply code.  For example, for the
 	## 201 status code, the digits would be parsed as: x->2, y->0, z->1.

scripts/base/protocols/http/main.bro

@@ -109,7 +109,7 @@ export {
 	## A list of HTTP methods. Other methods will generate a weird. Note
 	## that the HTTP analyzer will only accept methods consisting solely
 	## of letters ``[A-Za-z]``.
-	const http_methods: set[string] = {
+	option http_methods: set[string] = {
 		"GET", "POST", "HEAD", "OPTIONS",
 		"PUT", "DELETE", "TRACE", "CONNECT",
 		# HTTP methods for distributed authoring:
@@ -117,7 +117,7 @@ export {
 		"COPY", "MOVE", "LOCK", "UNLOCK",
 		"POLL", "REPORT", "SUBSCRIBE", "BMOVE",
 		"SEARCH"
-	} &redef;
+	};
 
 	## Event that can be handled to access the HTTP record as it is sent on
 	## to the logging framework.

scripts/base/protocols/krb/main.bro

@@ -48,7 +48,7 @@ export {
 	};
 
 	## The server response error texts which are *not* logged.
-	const ignored_errors: set[string] = {
+	option ignored_errors: set[string] = {
 		# This will significantly increase the noisiness of the log.
 		# However, one attack is to iterate over principals, looking
 		# for ones that don't require preauth, and then performn
@@ -58,7 +58,7 @@ export {
 		# This is a more specific version of NEEDED_PREAUTH that's used
 		# by Windows AD Kerberos.
 		"Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
-	} &redef;
+	};
 
 	## Event that can be handled to access the KRB record as it is sent on
 	## to the logging framework.

scripts/base/protocols/sip/main.bro

@@ -80,9 +80,9 @@ export {
 	## A list of SIP methods. Other methods will generate a weird. Note
 	## that the SIP analyzer will only accept methods consisting solely
 	## of letters ``[A-Za-z]``.
-	const sip_methods: set[string] = {
+	option sip_methods: set[string] = {
 		"REGISTER", "INVITE", "ACK", "CANCEL", "BYE", "OPTIONS", "NOTIFY", "SUBSCRIBE"
-	} &redef;
+	};
 
 	## Event that can be handled to access the SIP record as it is sent on
 	## to the logging framework.

scripts/policy/frameworks/dpd/packet-segment-logging.bro

@@ -16,7 +16,7 @@ export {
 	};
 
 	## Size of the packet segment to display in the DPD log.
-	const packet_segment_size: int = 255 &redef;
+	option packet_segment_size: int = 255;
 }
 
 

scripts/policy/frameworks/files/detect-MHR.bro

@@ -32,7 +32,7 @@ export {
 	## A/V engines.  Team Cymru returns a percentage to indicate how
 	## many A/V engines flagged the sample as malicious. This threshold
 	## allows you to require a minimum detection rate.
-	const notice_threshold = 10 &redef;
+	option notice_threshold = 10;
 }
 
 function do_mhr_lookup(hash: string, fi: Notice::FileInfo)

scripts/policy/frameworks/software/version-changes.bro

@@ -19,7 +19,7 @@ export {
 	## Some software is more interesting when the version changes and this
 	## is a set of all software that should raise a notice when a different
 	## version is seen on a host.
-	const interesting_version_changes: set[string] = { } &redef;
+	option interesting_version_changes: set[string] = {};
 }
 
 event Software::version_change(old: Software::Info, new: Software::Info)

scripts/policy/misc/capture-loss.bro

@@ -44,7 +44,7 @@ export {
 	## when the :bro:enum:`CaptureLoss::Too_Much_Loss` notice should be
 	## generated. The value is expressed as a double between 0 and 1 with 1
 	## being 100%.
-	const too_much_loss: double = 0.1 &redef;
+	option too_much_loss: double = 0.1;
 }
 
 event CaptureLoss::take_measurement(last_ts: time, last_acks: count, last_gaps: count)

scripts/policy/misc/dump-events.bro

@@ -7,7 +7,7 @@ module DumpEvents;
 
 export {
 	## If true, include event arguments in output.
-	const include_args = T &redef;
+	option include_args = T;
 
 	## Only include events matching the given pattern into output. By default, the
 	## pattern matches all events.

scripts/policy/misc/stats.bro

@@ -8,7 +8,7 @@ export {
 	redef enum Log::ID += { LOG };
 
 	## How often stats are reported.
-	const report_interval = 5min &redef;
+	option report_interval = 5min;
 
 	type Info: record {
 		## Timestamp for the measurement.

scripts/policy/protocols/http/header-names.bro

@@ -18,10 +18,10 @@ export {
 	};
 	
 	## A boolean value to determine if client header names are to be logged.
-	const log_client_header_names = T &redef;
+	option log_client_header_names = T;
 	
 	## A boolean value to determine if server header names are to be logged.
-	const log_server_header_names = F &redef;
+	option log_server_header_names = F;
 }
 
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3

scripts/policy/protocols/smb/main.bro

@@ -32,19 +32,19 @@ export {
 	};
 
 	## The file actions which are logged.
-	const logged_file_actions: set[Action] = {
+	option logged_file_actions: set[Action] = {
 		FILE_OPEN,
 		FILE_RENAME,
 		FILE_DELETE,
 
 		PRINT_OPEN,
 		PRINT_CLOSE,
-	} &redef;
+	};
 
 	## The server response statuses which are *not* logged.
-	const ignored_command_statuses: set[string] = {
+	option ignored_command_statuses: set[string] = {
 		"MORE_PROCESSING_REQUIRED",
-	} &redef;
+	};
 	
 	## This record is for the smb_files.log
 	type FileInfo: record {
@@ -159,7 +159,7 @@ export {
 
 	## Optionally write out the SMB commands log.  This is 
 	## primarily useful for debugging so is disabled by default.
-	const write_cmd_log = F &redef;
+	option write_cmd_log = F;
 
 	## Everything below here is used internally in the SMB scripts.
 

scripts/policy/protocols/smtp/detect-suspicious-orig.bro

@@ -11,8 +11,8 @@ export {
 	## Places where it's suspicious for mail to originate from represented
 	## as all-capital, two character country codes (e.g., US).  It requires 
 	## libGeoIP support built in.
-	const suspicious_origination_countries: set[string] = {} &redef;
-	const suspicious_origination_networks: set[subnet] = {} &redef;
+	option suspicious_origination_countries: set[string] = {};
+	option suspicious_origination_networks: set[subnet] = {};
 
 }
 

scripts/policy/protocols/smtp/entities-excerpt.bro

@@ -14,7 +14,7 @@ export {
 	## This is the default value for how much of the entity body should be
 	## included for all MIME entities.  The lesser of this value and
 	## :bro:see:`default_file_bof_buffer_size` will be used.
-	const default_entity_excerpt_len = 0 &redef;
+	option default_entity_excerpt_len = 0;
 }
 
 event file_new(f: fa_file) &priority=5

scripts/policy/protocols/ssh/geo-data.bro

@@ -21,7 +21,7 @@ export {
 
 	## The set of countries for which you'd like to generate notices upon
 	## successful login.
-	const watched_countries: set[string] = {"RO"} &redef;
+	option watched_countries: set[string] = {"RO"};
 }
 
 function get_location(c: connection): geo_location

scripts/policy/protocols/ssl/expiring-certs.bro

@@ -27,11 +27,11 @@ export {
 	## notices will be suppressed by the notice framework for 1 day after 
 	## a particular certificate has had a notice generated.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
-	const notify_certs_expiration = LOCAL_HOSTS &redef;
+	option notify_certs_expiration = LOCAL_HOSTS;
 	
 	## The time before a certificate is going to expire that you would like
 	## to start receiving :bro:enum:`SSL::Certificate_Expires_Soon` notices.
-	const notify_when_cert_expiring_in = 30days &redef;
+	option notify_when_cert_expiring_in = 30days;
 }
 
 event ssl_established(c: connection) &priority=3

scripts/policy/protocols/ssl/weak-keys.bro

@@ -21,24 +21,24 @@ export {
 	## keys/ciphers/protocol_versions.  By default, these notices will be suppressed
 	## by the notice framework for 1 day after a particular host has had a notice
 	## generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
-	const notify_weak_keys = LOCAL_HOSTS &redef;
+	option notify_weak_keys = LOCAL_HOSTS;
 
 	## The minimal key length in bits that is considered to be safe. Any shorter
 	## (non-EC) key lengths will trigger a notice.
-	const notify_minimal_key_length = 2048 &redef;
+	option notify_minimal_key_length = 2048;
 
 	## Warn if the DH key length is smaller than the certificate key length. This is
 	## potentially unsafe because it gives a wrong impression of safety due to the
 	## certificate key length. However, it is very common and cannot be avoided in some
 	## settings (e.g. with old jave clients).
-	const notify_dh_length_shorter_cert_length = T &redef;
+	option notify_dh_length_shorter_cert_length = T;
 
 	## Warn if a server negotiates a SSL session with a protocol version smaller than
 	## the specified version. By default, the minimal version is TLSv10 because SSLv2
 	## and v3 have serious security issued.
 	## See https://tools.ietf.org/html/draft-thomson-sslv3-diediedie-00
 	## To disable, set to SSLv20
-	const tls_minimum_version = TLSv10 &redef;
+	option tls_minimum_version = TLSv10;
 
 	## Warn if a server negotiates an unsafe cipher suite. By default, we only warn when
 	## encountering old export cipher suites, or RC4 (see RFC7465).