Move Session code to namespaces

2025-10-09 18:18:19 +00:00 · 2020-07-22 11:15:58 -07:00 · 2020-07-22 11:15:58 -07:00 · e3ee1860b8
commit e3ee1860b8
parent 4e9a5e9d98
21 changed files with 89 additions and 65 deletions
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -57,7 +57,7 @@ void ConnectionTimer::Dispatch(double t, bool is_expire)
 uint64_t Connection::total_connections = 0;
 uint64_t Connection::current_connections = 0;

-Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t,
+Connection::Connection(zeek::NetSessions* s, const zeek::detail::ConnIDKey& k, double t,
                       const ConnID* id, uint32_t flow, const zeek::Packet* pkt,
                       const zeek::EncapsulationStack* arg_encap)
 	{
--- a/src/Conn.h
+++ b/src/Conn.h
@ -23,7 +23,7 @@

 class Connection;
 class ConnectionTimer;
-class NetSessions;
+ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek);
 class LoginConn;
 ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek);

@ -65,7 +65,7 @@ static inline int addr_port_canon_lt(const zeek::IPAddr& addr1, uint32_t p1,

 class Connection final : public zeek::Obj {
 public:
-	Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
+	Connection(zeek::NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
 	           uint32_t flow, const zeek::Packet* pkt, const zeek::EncapsulationStack* arg_encap);
 	~Connection() override;

@ -343,7 +343,7 @@ protected:
 	void StatusUpdateTimer(double t);
 	void RemoveConnectionTimer(double t);

-	NetSessions* sessions;
+	zeek::NetSessions* sessions;
 	zeek::detail::ConnIDKey key;
 	bool key_valid;

--- a/src/Frag.cc
+++ b/src/Frag.cc
@ -26,9 +26,9 @@ void FragTimer::Dispatch(double t, bool /* is_expire */)
 		zeek::reporter->InternalWarning("fragment timer dispatched w/o reassembler");
 	}

-FragReassembler::FragReassembler(NetSessions* arg_s,
-			const zeek::IP_Hdr* ip, const u_char* pkt,
-			const FragReassemblerKey& k, double t)
+FragReassembler::FragReassembler(zeek::NetSessions* arg_s,
+                                 const zeek::IP_Hdr* ip, const u_char* pkt,
+                                 const FragReassemblerKey& k, double t)
 	: Reassembler(0, REASSEM_FRAG)
 	{
 	s = arg_s;
@ -320,7 +320,7 @@ void FragReassembler::Expire(double t)
 	expire_timer->ClearReassembler();
 	expire_timer = nullptr;	// timer manager will delete it

-	sessions->Remove(this);
+	zeek::sessions->Remove(this);
 	}

 void FragReassembler::DeleteTimer()
--- a/src/Frag.h
+++ b/src/Frag.h
@ -11,7 +11,7 @@

 #include <sys/types.h> // for u_char

-class NetSessions;
+ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);

 class FragReassembler;
@ -23,7 +23,7 @@ using FragReassemblerKey = std::tuple<zeek::IPAddr, zeek::IPAddr, bro_uint_t>;

 class FragReassembler : public Reassembler {
 public:
-	FragReassembler(NetSessions* s, const zeek::IP_Hdr* ip, const u_char* pkt,
+	FragReassembler(zeek::NetSessions* s, const zeek::IP_Hdr* ip, const u_char* pkt,
 	                const FragReassemblerKey& k, double t);
 	~FragReassembler() override;

@ -43,7 +43,7 @@ protected:

 	u_char* proto_hdr;
 	zeek::IP_Hdr* reassembled_pkt;
-	NetSessions* s;
+	zeek::NetSessions* s;
 	uint64_t frag_size;	// size of fully reassembled fragment
 	FragReassemblerKey key;
 	uint16_t next_proto; // first IPv6 fragment header's next proto field
--- a/src/Net.cc
+++ b/src/Net.cc
@ -200,7 +200,7 @@ void net_init(const std::optional<std::string>& interface,

 	zeek::detail::init_ip_addr_anonymizers();

-	sessions = new NetSessions();
+	zeek::sessions = new zeek::NetSessions();

 	if ( do_watchdog )
 		{
@ -258,7 +258,7 @@ void net_packet_dispatch(double t, const zeek::Packet* pkt, iosource::PktSrc* sr
 			}
 		}

-	sessions->NextPacket(t, pkt);
+	zeek::sessions->NextPacket(t, pkt);
 	zeek::event_mgr.Drain();

 	if ( sp )
@ -383,13 +383,13 @@ void net_finish(int drain_events)

 	if ( drain_events )
 		{
-		if ( sessions )
-			sessions->Drain();
+		if ( zeek::sessions )
+			zeek::sessions->Drain();

 		zeek::event_mgr.Drain();

-		if ( sessions )
-			sessions->Done();
+		if ( zeek::sessions )
+			zeek::sessions->Done();
 		}

 #ifdef DEBUG
@ -406,7 +406,7 @@ void net_delete()
 	{
 	set_processing_status("TERMINATING", "net_delete");

-	delete sessions;
+	delete zeek::sessions;

 	for ( int i = 0; i < zeek::detail::NUM_ADDR_ANONYMIZATION_METHODS; ++i )
 		delete zeek::detail::ip_anonymizer[i];
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -41,7 +41,11 @@ enum NetBIOS_Service {
 	NETBIOS_SERVICE_DCE_RPC,
 };

-NetSessions* sessions;
+zeek::NetSessions* zeek::sessions;
+zeek::NetSessions*& sessions = zeek::sessions;
+
+namespace zeek {
+namespace detail {

 void IPTunnelTimer::Dispatch(double t, bool is_expire)
 	{
@ -63,10 +67,12 @@ void IPTunnelTimer::Dispatch(double t, bool is_expire)
 		zeek::detail::timer_mgr->Add(new IPTunnelTimer(t, tunnel_idx));
 	}

+} // namespace detail
+
 NetSessions::NetSessions()
 	{
 	if ( stp_correlate_pair )
-		stp_manager = new analyzer::stepping_stone::SteppingStoneManager();
+		stp_manager = new ::analyzer::stepping_stone::SteppingStoneManager();
 	else
 		stp_manager = nullptr;

@ -90,7 +96,7 @@ NetSessions::NetSessions()
 		pkt_profiler = nullptr;

 	if ( arp_request || arp_reply || bad_arp )
-		arp_analyzer = new analyzer::arp::ARP_Analyzer();
+		arp_analyzer = new ::analyzer::arp::ARP_Analyzer();
 	else
 		arp_analyzer = nullptr;

@ -317,7 +323,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
 			}
 		}

-	FragReassemblerTracker frt(this, f);
+	detail::FragReassemblerTracker frt(this, f);

 	len -= ip_hdr_len;	// remove IP header
 	caplen -= ip_hdr_len;
@ -397,7 +403,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
 		const struct icmp* icmpp = (const struct icmp *) data;

 		id.src_port = icmpp->icmp_type;
-		id.dst_port = analyzer::icmp::ICMP4_counterpart(icmpp->icmp_type,
+		id.dst_port = ::analyzer::icmp::ICMP4_counterpart(icmpp->icmp_type,
 								icmpp->icmp_code,
 								id.is_one_way);

@ -413,7 +419,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
 		const struct icmp* icmpp = (const struct icmp *) data;

 		id.src_port = icmpp->icmp_type;
-		id.dst_port = analyzer::icmp::ICMP6_counterpart(icmpp->icmp_type,
+		id.dst_port = ::analyzer::icmp::ICMP6_counterpart(icmpp->icmp_type,
 								icmpp->icmp_code,
 								id.is_one_way);

@ -627,7 +633,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
 			EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr(),
 			                     tunnel_type);
 			ip_tunnels[tunnel_idx] = TunnelActivity(ec, network_time);
-			zeek::detail::timer_mgr->Add(new IPTunnelTimer(network_time, tunnel_idx));
+	        zeek::detail::timer_mgr->Add(new detail::IPTunnelTimer(network_time, tunnel_idx));
 			}
 		else
 			it->second.second = network_time;
@ -1005,10 +1011,10 @@ void NetSessions::Remove(Connection* c)

 		if ( c->ConnTransport() == TRANSPORT_TCP )
 			{
-			auto ta = static_cast<analyzer::tcp::TCP_Analyzer*>(c->GetRootAnalyzer());
+			auto ta = static_cast<::analyzer::tcp::TCP_Analyzer*>(c->GetRootAnalyzer());
 			assert(ta->IsAnalyzer("TCP"));
-			analyzer::tcp::TCP_Endpoint* to = ta->Orig();
-			analyzer::tcp::TCP_Endpoint* tr = ta->Resp();
+			::analyzer::tcp::TCP_Endpoint* to = ta->Orig();
+			::analyzer::tcp::TCP_Endpoint* tr = ta->Resp();

 			tcp_stats.StateLeft(to->state, tr->state);
 			}
@ -1420,3 +1426,5 @@ void NetSessions::InsertConnection(ConnectionMap* m, const zeek::detail::ConnIDK
 		default: break;
 		}
 	}
+
+} // namespace zeek
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -25,6 +25,10 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Discarder, zeek::detail);
 namespace analyzer { namespace stepping_stone { class SteppingStoneManager; } }
 namespace analyzer { namespace arp { class ARP_Analyzer; } }

+namespace zeek {
+
+namespace detail { class IPTunnelTimer; }
+
 struct SessionStats {
 	size_t num_TCP_conns;
 	size_t max_TCP_conns;
@ -89,7 +93,7 @@ public:
 		return packet_filter;
 		}

-	analyzer::stepping_stone::SteppingStoneManager* GetSTPManager()	{ return stp_manager; }
+	::analyzer::stepping_stone::SteppingStoneManager* GetSTPManager()	{ return stp_manager; }

 	unsigned int CurrentConnections()
 		{
@ -166,7 +170,7 @@ public:
 	unsigned int ConnectionMemoryUsage();
 	unsigned int ConnectionMemoryUsageConnVals();
 	unsigned int MemoryAllocation();
-	analyzer::tcp::TCPStateStats tcp_stats;	// keeps statistics on TCP states
+	::analyzer::tcp::TCPStateStats tcp_stats;	// keeps statistics on TCP states

 protected:
 	friend class ConnCompressor;
@ -229,9 +233,9 @@ protected:
 	using IPTunnelMap = std::map<IPPair, TunnelActivity>;
 	IPTunnelMap ip_tunnels;

-	analyzer::arp::ARP_Analyzer* arp_analyzer;
+	::analyzer::arp::ARP_Analyzer* arp_analyzer;

-	analyzer::stepping_stone::SteppingStoneManager* stp_manager;
+	::analyzer::stepping_stone::SteppingStoneManager* stp_manager;
 	zeek::detail::Discarder* discarder;
 	zeek::detail::PacketFilter* packet_filter;
 	uint64_t num_packets_processed;
@ -239,6 +243,7 @@ protected:
 	bool dump_this_packet;	// if true, current packet should be recorded
 };

+namespace detail {

 class IPTunnelTimer final : public zeek::detail::Timer {
 public:
@ -269,5 +274,16 @@ private:
 	FragReassembler* frag_reassembler;
 };

+} // namespace detail
+
 // Manager for the currently active sessions.
 extern NetSessions* sessions;
+
+} // namespace zeek
+
+using SessionStats [[deprecated("Remove in v4.1. Use zeek::SessionStats.")]] = zeek::SessionStats;
+using NetSessions [[deprecated("Remove in v4.1. Use zeek::NetSessions.")]] = zeek::NetSessions;
+using IPTunnelTimer [[deprecated("Remove in v4.1. Use zeek::detail::IPTunnelTimer.")]] = zeek::detail::IPTunnelTimer;
+using FragReassemblerTracker [[deprecated("Remove in v4.1. Use zeek::detail::FragReassemblerTracker.")]] = zeek::detail::FragReassemblerTracker;
+
+extern zeek::NetSessions*& sessions [[deprecated("Remove in v4.1. Use zeek:sessions.")]];
--- a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac
+++ b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac
@ -57,7 +57,7 @@ flow AYIYA_Flow
 			}

 		zeek::IP_Hdr* inner = 0;
-		int result = sessions->ParseIPPacket(${pdu.packet}.length(),
+		int result = zeek::sessions->ParseIPPacket(${pdu.packet}.length(),
 		     ${pdu.packet}.data(), ${pdu.next_header}, inner);

 		if ( result == 0 )
@ -86,7 +86,7 @@ flow AYIYA_Flow

 		zeek::EncapsulatingConn ec(c, BifEnum::Tunnel::AYIYA);

-		sessions->DoNextInnerPacket(network_time(), 0, inner, e, ec);
+		zeek::sessions->DoNextInnerPacket(network_time(), 0, inner, e, ec);

 		return true;
 		%}
--- a/src/analyzer/protocol/conn-size/functions.bif
+++ b/src/analyzer/protocol/conn-size/functions.bif
@ -5,7 +5,7 @@

 static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
 	{
-	Connection* c = sessions->FindConnection(cid);
+	Connection* c = zeek::sessions->FindConnection(cid);
 	if ( ! c )
 		return nullptr;

--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -1857,7 +1857,7 @@ void DNS_Analyzer::ExpireTimer(double t)
 	if ( t - Conn()->LastTime() >= dns_session_timeout - 1.0 || terminating )
 		{
 		Event(connection_timeout);
-		sessions->Remove(Conn());
+		zeek::sessions->Remove(Conn());
 		}
 	else
 		ADD_ANALYZER_TIMER(&DNS_Analyzer::ExpireTimer,
--- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
+++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
@ -730,7 +730,7 @@ flow GTPv1_Flow(is_orig: bool)
 			}

 		zeek::IP_Hdr* inner = nullptr;
-		int result = sessions->ParseIPPacket(${pdu.packet}.length(),
+		int result = zeek::sessions->ParseIPPacket(${pdu.packet}.length(),
 		     ${pdu.packet}.data(), ip->ip_v == 6 ? IPPROTO_IPV6 : IPPROTO_IPV4,
 		     inner);

@ -764,7 +764,7 @@ flow GTPv1_Flow(is_orig: bool)

 		zeek::EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1);

-		sessions->DoNextInnerPacket(network_time(), 0, inner, e, ec);
+		zeek::sessions->DoNextInnerPacket(network_time(), 0, inner, e, ec);

 		return true;
 		%}
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -531,7 +531,7 @@ void NetbiosSSN_Analyzer::ExpireTimer(double t)
 		     netbios_ssn_session_timeout - 1.0 )
 		{
 		Event(connection_timeout);
-		sessions->Remove(Conn());
+		zeek::sessions->Remove(Conn());
 		}
 	else
 		ADD_ANALYZER_TIMER(&NetbiosSSN_Analyzer::ExpireTimer,
--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -764,5 +764,5 @@ void RPC_Analyzer::Done()
 void RPC_Analyzer::ExpireTimer(double /* t */)
 	{
 	Event(connection_timeout);
-	sessions->Remove(Conn());
+	zeek::sessions->Remove(Conn());
 	}
--- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc
+++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc
@ -155,7 +155,7 @@ void SteppingStoneEndpoint::CreateEndpEvent(bool is_orig)
 SteppingStone_Analyzer::SteppingStone_Analyzer(Connection* c)
 : tcp::TCP_ApplicationAnalyzer("STEPPINGSTONE", c)
 	{
-	stp_manager = sessions->GetSTPManager();
+	stp_manager = zeek::sessions->GetSTPManager();

 	orig_endp = resp_endp = nullptr;
 	orig_stream_pos = resp_stream_pos = 1;
--- a/src/analyzer/protocol/stepping-stone/SteppingStone.h
+++ b/src/analyzer/protocol/stepping-stone/SteppingStone.h
@ -5,7 +5,7 @@
 #include "Queue.h"
 #include "analyzer/protocol/tcp/TCP.h"

-class NetSessions;
+ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek);

 namespace analyzer::stepping_stone {

--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@ -1277,7 +1277,7 @@ void TCP_Analyzer::FlipRoles()
 	{
 	Analyzer::FlipRoles();

-	sessions->tcp_stats.FlipState(orig->state, resp->state);
+	zeek::sessions->tcp_stats.FlipState(orig->state, resp->state);
 	TCP_Endpoint* tmp_ep = resp;
 	resp = orig;
 	orig = tmp_ep;
@ -1485,7 +1485,7 @@ void TCP_Analyzer::AttemptTimer(double /* t */)
 		is_active = 0;

 		// All done with this connection.
-		sessions->Remove(Conn());
+		zeek::sessions->Remove(Conn());
 		}
 	}

@ -1505,7 +1505,7 @@ void TCP_Analyzer::PartialCloseTimer(double /* t */)
 			return;

 		Event(connection_partial_close);
-		sessions->Remove(Conn());
+		zeek::sessions->Remove(Conn());
 		}
 	}

@ -1535,7 +1535,7 @@ void TCP_Analyzer::ExpireTimer(double t)
 				// the session remove and Unref() us here.
 				Event(connection_timeout);
 				is_active = 0;
-				sessions->Remove(Conn());
+				zeek::sessions->Remove(Conn());
 				return;
 				}
 			}
@ -1550,7 +1550,7 @@ void TCP_Analyzer::ExpireTimer(double t)
 				// before setting up an attempt timer,
 				// so we need to clean it up here.
 				Event(connection_timeout);
-				sessions->Remove(Conn());
+				zeek::sessions->Remove(Conn());
 				return;
 				}
 			}
@ -1571,12 +1571,12 @@ void TCP_Analyzer::ResetTimer(double /* t */)
 	if ( ! BothClosed() )
 		ConnectionReset();

-	sessions->Remove(Conn());
+	zeek::sessions->Remove(Conn());
 	}

 void TCP_Analyzer::DeleteTimer(double /* t */)
 	{
-	sessions->Remove(Conn());
+	zeek::sessions->Remove(Conn());
 	}

 void TCP_Analyzer::ConnDeleteTimer(double t)
@ -1694,7 +1694,7 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer,
 		// Note, even if tcp_close_delay is zero, we can't
 		// simply do:
 		//
-		//	sessions->Remove(this);
+		//	zeek::sessions->Remove(this);
 		//
 		// here, because that would cause the object to be
 		// deleted out from under us.
--- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc
+++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc
@ -72,7 +72,7 @@ void TCP_Endpoint::SetPeer(TCP_Endpoint* p)
 	peer = p;
 	if ( IsOrig() )
 		// Only one Endpoint adds the initial state to the counter.
-		sessions->tcp_stats.StateEntered(state, peer->state);
+		zeek::sessions->tcp_stats.StateEntered(state, peer->state);
 	}

 bool TCP_Endpoint::HadGap() const
@ -156,11 +156,11 @@ void TCP_Endpoint::SetState(EndpointState new_state)
 		prev_state = state;
 		state = new_state;
 		if ( IsOrig() )
-			sessions->tcp_stats.ChangeState(prev_state, state,
-						peer->state, peer->state);
+			zeek::sessions->tcp_stats.ChangeState(prev_state, state,
+			                                      peer->state, peer->state);
 		else
-			sessions->tcp_stats.ChangeState(peer->state, peer->state,
-						prev_state, state);
+			zeek::sessions->tcp_stats.ChangeState(peer->state, peer->state,
+			                                      prev_state, state);
 		}
 	}

--- a/src/analyzer/protocol/tcp/functions.bif
+++ b/src/analyzer/protocol/tcp/functions.bif
@ -18,7 +18,7 @@
 ## .. zeek:see:: get_resp_seq
 function get_orig_seq%(cid: conn_id%): count
 	%{
-	Connection* c = sessions->FindConnection(cid);
+	Connection* c = zeek::sessions->FindConnection(cid);
 	if ( ! c )
 		return zeek::val_mgr->Count(0);

@ -47,7 +47,7 @@ function get_orig_seq%(cid: conn_id%): count
 ## .. zeek:see:: get_orig_seq
 function get_resp_seq%(cid: conn_id%): count
 	%{
-	Connection* c = sessions->FindConnection(cid);
+	Connection* c = zeek::sessions->FindConnection(cid);
 	if ( ! c )
 		return zeek::val_mgr->Count(0);

@ -97,7 +97,7 @@ function get_resp_seq%(cid: conn_id%): count
 ## .. zeek:see:: get_contents_file set_record_packets contents_file_write_failure
 function set_contents_file%(cid: conn_id, direction: count, f: file%): bool
 	%{
-	Connection* c = sessions->FindConnection(cid);
+	Connection* c = zeek::sessions->FindConnection(cid);
 	if ( ! c )
 		return zeek::val_mgr->False();

@ -120,7 +120,7 @@ function set_contents_file%(cid: conn_id, direction: count, f: file%): bool
 ## .. zeek:see:: set_contents_file set_record_packets contents_file_write_failure
 function get_contents_file%(cid: conn_id, direction: count%): file
 	%{
-	Connection* c = sessions->FindConnection(cid);
+	Connection* c = zeek::sessions->FindConnection(cid);

 	if ( c )
 		{
--- a/src/analyzer/protocol/teredo/Teredo.cc
+++ b/src/analyzer/protocol/teredo/Teredo.cc
@ -161,7 +161,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		}

 	zeek::IP_Hdr* inner = nullptr;
-	int rslt = sessions->ParseIPPacket(len, te.InnerIP(), IPPROTO_IPV6, inner);
+	int rslt = zeek::sessions->ParseIPPacket(len, te.InnerIP(), IPPROTO_IPV6, inner);

 	if ( rslt > 0 )
 		{
@ -228,5 +228,5 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,

 	zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::TEREDO);

-	sessions->DoNextInnerPacket(network_time, nullptr, inner, e, ec);
+	zeek::sessions->DoNextInnerPacket(network_time, nullptr, inner, e, ec);
 	}
--- a/src/analyzer/protocol/vxlan/VXLAN.cc
+++ b/src/analyzer/protocol/vxlan/VXLAN.cc
@ -81,10 +81,10 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,

 	switch ( pkt.l3_proto ) {
 		case zeek::L3_IPV4:
-			res = sessions->ParseIPPacket(len, data, IPPROTO_IPV4, inner);
+			res = zeek::sessions->ParseIPPacket(len, data, IPPROTO_IPV4, inner);
 			break;
 		case zeek::L3_IPV6:
-			res = sessions->ParseIPPacket(len, data, IPPROTO_IPV6, inner);
+			res = zeek::sessions->ParseIPPacket(len, data, IPPROTO_IPV6, inner);
 			break;
 		default:
 			return;
@ -105,5 +105,5 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		                     inner->ToPktHdrVal(), zeek::val_mgr->Count(vni));

 	zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN);
-	sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec);
+	zeek::sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec);
 	}
--- a/src/iosource/PktSrc.cc
+++ b/src/iosource/PktSrc.cc
@ -153,7 +153,7 @@ void PktSrc::Info(const std::string& msg)

 void PktSrc::Weird(const std::string& msg, const zeek::Packet* p)
 	{
-	sessions->Weird(msg.c_str(), p, nullptr);
+	zeek::sessions->Weird(msg.c_str(), p, nullptr);
 	}

 void PktSrc::InternalError(const std::string& msg)