Merge remote-tracking branch 'origin/topic/dnthayer/ticket1963'

* origin/topic/dnthayer/ticket1963:
  Add a missing initializer to a runtime option
  Convert more redef-able constants to runtime options

scripts/base/frameworks/dpd/main.bro

@@ -28,11 +28,11 @@ export {
 	};
 
 	## Analyzers which you don't want to throw 
-	const ignore_violations: set[Analyzer::Tag] = set() &redef;
+	option ignore_violations: set[Analyzer::Tag] = set();
 
 	## Ignore violations which go this many bytes into the connection.
 	## Set to 0 to never ignore protocol violations.
-	const ignore_violations_after = 10 * 1024 &redef;
+	option ignore_violations_after = 10 * 1024;
 }
 
 redef record connection += {

scripts/base/frameworks/files/main.bro

@@ -130,7 +130,7 @@ export {
 	const analyze_by_mime_type_automatically = T &redef;
 
 	## The default setting for file reassembly.
-	const enable_reassembler = T &redef;
+	option enable_reassembler = T;
 
 	## The default per-file reassembly buffer size.
 	const reassembly_buffer_size = 524288 &redef;

scripts/base/frameworks/notice/actions/add-geodata.bro

@@ -26,7 +26,7 @@ export {
 	
 	## Notice types which should have the "remote" location looked up.
 	## If GeoIP support is not built in, this does nothing.
-	const lookup_location_types: set[Notice::Type] = {} &redef;
+	option lookup_location_types: set[Notice::Type] = {};
 }
 
 hook policy(n: Notice::Info) &priority=10

scripts/base/frameworks/notice/actions/page.bro

@@ -14,7 +14,7 @@ export {
 	
 	## Email address to send notices with the :bro:enum:`Notice::ACTION_PAGE`
 	## action.
-	const mail_page_dest = "" &redef;
+	option mail_page_dest = "";
 }
 
 hook notice(n: Notice::Info) &priority=-5

scripts/base/frameworks/notice/main.bro

@@ -173,13 +173,13 @@ export {
 	};
 
 	## Ignored notice types.
-	const ignored_types: set[Notice::Type] = {} &redef;
+	option ignored_types: set[Notice::Type] = {};
 	## Emailed notice types.
-	const emailed_types: set[Notice::Type] = {} &redef;
+	option emailed_types: set[Notice::Type] = {};
 	## Alarmed notice types.
-	const alarmed_types: set[Notice::Type] = {} &redef;
+	option alarmed_types: set[Notice::Type] = {};
 	## Types that should be suppressed for the default suppression interval.
-	const not_suppressed_types: set[Notice::Type] = {} &redef;
+	option not_suppressed_types: set[Notice::Type] = {};
 	## This table can be used as a shorthand way to modify suppression
 	## intervals for entire notice types.
 	const type_suppression_intervals: table[Notice::Type] of interval = {} &redef;
@@ -190,7 +190,7 @@ export {
 	## Local system sendmail program.
 	##
 	## Note that this is overridden by the BroControl SendMail option.
-	const sendmail            = "/usr/sbin/sendmail" &redef;
+	option sendmail            = "/usr/sbin/sendmail";
 	## Email address to send notices with the
 	## :bro:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs
 	## on rotation with :bro:enum:`Notice::ACTION_ALARM`.

scripts/base/frameworks/notice/weird.bro

@@ -255,14 +255,14 @@ export {
 
 	## To completely ignore a specific weird for a host, add the host
 	## and weird name into this set.
-	const ignore_hosts: set[addr, string] &redef;
+	option ignore_hosts: set[addr, string] = {};
 
 	## Don't ignore repeats for weirds in this set.  For example,
 	## it's handy keeping track of clustered checksum errors.
-	const weird_do_not_ignore_repeats = {
+	option weird_do_not_ignore_repeats = {
 		"bad_IP_checksum", "bad_TCP_checksum", "bad_UDP_checksum",
 		"bad_ICMP_checksum",
-	} &redef;
+	};
 
 	## This table is used to track identifier and name pairs that should be
 	## temporarily ignored because the problem has already been reported.

scripts/base/frameworks/signatures/main.bro

@@ -104,7 +104,7 @@ export {
 	} &redef &default = SIG_ALARM;
 
 	## Signature IDs that should always be ignored.
-	const ignored_ids = /NO_DEFAULT_MATCHES/ &redef;
+	option ignored_ids = /NO_DEFAULT_MATCHES/;
 	
 	## Generate a notice if, for a pair [orig, signature], the number of
 	## different responders has reached one of the thresholds.
@@ -120,7 +120,7 @@ export {
 	
 	## The interval between when :bro:enum:`Signatures::Signature_Summary`
 	## notices are generated.
-	const summary_interval = 1 day &redef;
+	option summary_interval = 1 day;
 
 	## This event can be handled to access/alter data about to be logged
 	## to the signature logging stream.

scripts/base/frameworks/software/main.bro

@@ -68,7 +68,7 @@ export {
 	
 	## Hosts whose software should be detected and tracked.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
-	const asset_tracking = LOCAL_HOSTS &redef;
+	option asset_tracking = LOCAL_HOSTS;
 
 	## Other scripts should call this function when they detect software.
 	##

scripts/base/protocols/conn/contents.bro

@@ -18,7 +18,7 @@ module Conn;
 export {
 	## The prefix given to files containing extracted connections as they
 	## are opened on disk.
-	const extraction_prefix = "contents" &redef;
+	option extraction_prefix = "contents";
 	
 	## If this variable is set to ``T``, then all contents of all
 	## connections will be extracted.

scripts/base/protocols/conn/inactivity.bro

@@ -6,15 +6,15 @@ module Conn;
 export {
 	## Define inactivity timeouts by the service detected being used over
 	## the connection.
-	const analyzer_inactivity_timeouts: table[Analyzer::Tag] of interval = {
+	option analyzer_inactivity_timeouts: table[Analyzer::Tag] of interval = {
 		# For interactive services, allow longer periods of inactivity.
 		[[Analyzer::ANALYZER_SSH, Analyzer::ANALYZER_FTP]] = 1 hrs,
-	} &redef;
+	};
 	
 	## Define inactivity timeouts based on common protocol ports.
-	const port_inactivity_timeouts: table[port] of interval = {
+	option port_inactivity_timeouts: table[port] of interval = {
 		[[21/tcp, 22/tcp, 23/tcp, 513/tcp]] = 1 hrs,
-	} &redef;
+	};
 	
 }
 	

scripts/base/protocols/dce-rpc/main.bro

@@ -28,11 +28,11 @@ export {
 
 	## These are DCE-RPC operations that are ignored, typically due to
 	## the operations being noisy and low value on most networks.
-	const ignored_operations: table[string] of set[string] = {
+	option ignored_operations: table[string] of set[string] = {
 		["winreg"] = set("BaseRegCloseKey", "BaseRegGetVersion", "BaseRegOpenKey", "BaseRegQueryValue", "BaseRegDeleteKeyEx", "OpenLocalMachine", "BaseRegEnumKey", "OpenClassesRoot"),
 		["spoolss"] = set("RpcSplOpenPrinter", "RpcClosePrinter"),
 		["wkssvc"] = set("NetrWkstaGetInfo"),
-	} &redef;
+	};
 
 	type State: record {
 		uuid       : string &optional;

scripts/base/protocols/dns/main.bro

@@ -118,12 +118,12 @@ export {
 	## is reached (this shouldn't happen unless either the DNS server/resolver
 	## is broken, Bro is not seeing all the DNS traffic, or an AXFR query
 	## response is ongoing).
-	const max_pending_msgs = 50 &redef;
+	option max_pending_msgs = 50;
 
 	## Give up trying to match pending DNS queries or replies across all
 	## query/transaction IDs once there is at least one unmatched query or
 	## reply across this number of different query IDs.
-	const max_pending_query_ids = 50 &redef;
+	option max_pending_query_ids = 50;
 
 	## A record type which tracks the status of DNS queries for a given
 	## :bro:type:`connection`.

scripts/base/protocols/ftp/utils-commands.bro

@@ -18,7 +18,7 @@ export {
 	type PendingCmds: table[count] of CmdArg;
 	
 	## Possible response codes for a wide variety of FTP commands.
-	const cmd_reply_code: set[string, count] = {
+	option cmd_reply_code: set[string, count] = {
 		# According to RFC 959
 		["<init>", [120, 220, 421]],
 		["USER", [230, 331, 332, 421, 530, 500, 501]],
@@ -72,7 +72,7 @@ export {
 		["<init>", 0],    # unexpected command-reply pair
 		["<missing>", 0], # unexpected command-reply pair
 		["QUIT", 0],      # unexpected command-reply pair
-	} &redef;
+	};
 }
 
 function add_pending_cmd(pc: PendingCmds, cmd: string, arg: string): CmdArg

scripts/base/protocols/http/main.bro

@@ -96,7 +96,7 @@ export {
 	};
 
 	## A list of HTTP headers typically used to indicate proxied requests.
-	const proxy_headers: set[string] = {
+	option proxy_headers: set[string] = {
 		"FORWARDED",
 		"X-FORWARDED-FOR",
 		"X-FORWARDED-FROM",
@@ -104,7 +104,7 @@ export {
 		"VIA",
 		"XROXY-CONNECTION",
 		"PROXY-CONNECTION",
-	} &redef;
+	};
 
 	## A list of HTTP methods. Other methods will generate a weird. Note
 	## that the HTTP analyzer will only accept methods consisting solely

scripts/base/protocols/ntlm/main.bro

@@ -33,7 +33,7 @@ export {
 	};
 
 	## DOS and NT status codes that indicate authentication failure.
-	const auth_failure_statuses: set[count] = {
+	option auth_failure_statuses: set[count] = {
 		0x052e0001, # logonfailure
 		0x08c00002, # badClient
 		0x08c10002, # badLogonTime
@@ -46,7 +46,7 @@ export {
 		0xC0000070, # INVALID_WORKSTATION
 		0xC0000071, # PASSWORD_EXPIRED
 		0xC0000072, # ACCOUNT_DISABLED
-	} &redef;
+	};
 }
 
 redef DPD::ignore_violations += { Analyzer::ANALYZER_NTLM };
@@ -129,4 +129,4 @@ event connection_state_remove(c: connection) &priority=-5
 		{
 		Log::write(NTLM::LOG, c$ntlm);
 		}
-	}
+	}

scripts/base/protocols/rdp/main.bro

@@ -58,11 +58,11 @@ export {
 
 	## If true, detach the RDP analyzer from the connection to prevent
 	## continuing to process encrypted traffic.
-	const disable_analyzer_after_detection = F &redef;
+	option disable_analyzer_after_detection = F;
 
 	## The amount of time to monitor an RDP session from when it is first 
 	## identified. When this interval is reached, the session is logged.
-	const rdp_check_interval = 10secs &redef;
+	option rdp_check_interval = 10secs;
 
 	## Event that can be handled to access the rdp record as it is sent on
 	## to the logging framework.

scripts/base/protocols/smtp/main.bro

@@ -76,7 +76,7 @@ export {
 	##    LOCAL_HOSTS - only capture the path until the external host is discovered.
 	##    ALL_HOSTS - always capture the entire path.
 	##    NO_HOSTS - never capture the path.
-	const mail_path_capture = ALL_HOSTS &redef;
+	option mail_path_capture = ALL_HOSTS;
 
 	## Create an extremely shortened representation of a log line.
 	global describe: function(rec: Info): string;

scripts/base/protocols/ssh/main.bro

@@ -50,12 +50,12 @@ export {
 
 	## The set of compression algorithms. We can't accurately determine
 	## authentication success or failure when compression is enabled.
-	const compression_algorithms = set("zlib", "zlib@openssh.com") &redef;
+	option compression_algorithms = set("zlib", "zlib@openssh.com");
 
 	## If true, after detection detach the SSH analyzer from the connection
 	## to prevent continuing to process encrypted traffic. Helps with performance
 	## (especially with large file transfers).
-	const disable_analyzer_after_detection = T &redef;
+	option disable_analyzer_after_detection = T;
 
 	## Event that can be handled to access the SSH record as it is sent on
 	## to the logging framework.

scripts/base/protocols/ssl/main.bro

@@ -91,12 +91,12 @@ export {
 	## The Certificate Transparency log bundle. By default, the ct-list.bro
 	## script sets this to the current list of known logs. Entries
 	## are indexed by (binary) log-id.
-	const ct_logs: table[string] of CTInfo = {} &redef;
+	option ct_logs: table[string] of CTInfo = {};
 
 	## If true, detach the SSL analyzer from the connection to prevent
 	## continuing to process encrypted traffic. Helps with performance
 	## (especially with large file transfers).
-	const disable_analyzer_after_detection = T &redef;
+	option disable_analyzer_after_detection = T;
 
 	## Delays an SSL record for a specific token: the record will not be
 	## logged as long as the token exists or until 15 seconds elapses.